123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363153641536515366153671536815369153701537115372153731537415375153761537715378153791538015381153821538315384153851538615387153881538915390153911539215393153941539515396153971539815399154001540115402154031540415405154061540715408154091541015411154121541315414154151541615417154181541915420154211542215423154241542515426154271542815429154301543115432154331543415435154361543715438154391544015441154421544315444154451544615447154481544915450154511545215453154541545515456154571545815459154601546115462154631546415465154661546715468154691547015471154721547315474154751547615477154781547915480154811548215483154841548515486154871548815489154901549115492154931549415495154961549715498154991550015501155021550315504155051550615507155081550915510155111551215513155141551515516155171551815519155201552115522155231552415525155261552715528155291553015531155321553315534155351553615537155381553915540155411554215543155441554515546155471554815549155501555115552155531555415555155561555715558155591556015561155621556315564155651556615567155681556915570155711557215573155741557515576155771557815579155801558115582155831558415585155861558715588155891559015591155921559315594155951559615597155981559915600156011560215603156041560515606156071560815609156101561115612156131561415615156161561715618156191562015621156221562315624156251562615627156281562915630156311563215633156341563515636156371563815639156401564115642156431564415645156461564715648156491565015651156521565315654156551565615657156581565915660156611566215663156641566515666156671566815669156701567115672156731567415675156761567715678156791568015681156821568315684156851568615687156881568915690156911569215693156941569515696156971569815699157001570115702157031570415705157061570715708157091571015711157121571315714157151571615717157181571915720157211572215723157241572515726157271572815729157301573115732157331573415735157361573715738157391574015741157421574315744157451574615747157481574915750157511575215753157541575515756157571575815759157601576115762157631576415765157661576715768157691577015771157721577315774157751577615777157781577915780157811578215783157841578515786157871578815789157901579115792157931579415795157961579715798157991580015801158021580315804158051580615807158081580915810158111581215813158141581515816158171581815819158201582115822158231582415825158261582715828158291583015831158321583315834158351583615837158381583915840158411584215843158441584515846158471584815849158501585115852158531585415855158561585715858158591586015861158621586315864158651586615867158681586915870158711587215873158741587515876158771587815879158801588115882158831588415885158861588715888158891589015891158921589315894158951589615897158981589915900159011590215903159041590515906159071590815909159101591115912159131591415915159161591715918159191592015921159221592315924159251592615927159281592915930159311593215933159341593515936159371593815939159401594115942159431594415945159461594715948159491595015951159521595315954159551595615957159581595915960159611596215963159641596515966159671596815969159701597115972159731597415975159761597715978159791598015981159821598315984159851598615987159881598915990159911599215993159941599515996159971599815999160001600116002160031600416005160061600716008160091601016011160121601316014160151601616017160181601916020160211602216023160241602516026160271602816029160301603116032160331603416035160361603716038160391604016041160421604316044160451604616047160481604916050160511605216053160541605516056160571605816059160601606116062160631606416065160661606716068160691607016071160721607316074160751607616077160781607916080160811608216083160841608516086160871608816089160901609116092160931609416095160961609716098160991610016101161021610316104161051610616107161081610916110161111611216113161141611516116161171611816119161201612116122161231612416125161261612716128161291613016131161321613316134161351613616137161381613916140161411614216143161441614516146161471614816149161501615116152161531615416155161561615716158161591616016161161621616316164161651616616167161681616916170161711617216173161741617516176161771617816179161801618116182161831618416185161861618716188161891619016191161921619316194161951619616197161981619916200162011620216203162041620516206162071620816209162101621116212162131621416215162161621716218162191622016221162221622316224162251622616227162281622916230162311623216233162341623516236162371623816239162401624116242162431624416245162461624716248162491625016251162521625316254162551625616257162581625916260162611626216263162641626516266162671626816269162701627116272162731627416275162761627716278162791628016281162821628316284162851628616287162881628916290162911629216293162941629516296162971629816299163001630116302163031630416305163061630716308163091631016311163121631316314163151631616317163181631916320163211632216323163241632516326163271632816329163301633116332163331633416335163361633716338163391634016341163421634316344163451634616347163481634916350163511635216353163541635516356163571635816359163601636116362163631636416365163661636716368163691637016371163721637316374163751637616377163781637916380163811638216383163841638516386163871638816389163901639116392163931639416395163961639716398163991640016401164021640316404164051640616407164081640916410164111641216413164141641516416164171641816419164201642116422164231642416425164261642716428164291643016431164321643316434164351643616437164381643916440164411644216443164441644516446164471644816449164501645116452164531645416455164561645716458164591646016461164621646316464164651646616467164681646916470164711647216473164741647516476164771647816479164801648116482164831648416485164861648716488164891649016491164921649316494164951649616497164981649916500165011650216503165041650516506165071650816509165101651116512165131651416515165161651716518165191652016521165221652316524165251652616527165281652916530165311653216533165341653516536165371653816539165401654116542165431654416545165461654716548165491655016551165521655316554165551655616557165581655916560165611656216563165641656516566165671656816569165701657116572165731657416575165761657716578165791658016581165821658316584165851658616587165881658916590165911659216593165941659516596165971659816599166001660116602166031660416605166061660716608166091661016611166121661316614166151661616617166181661916620166211662216623166241662516626166271662816629166301663116632166331663416635166361663716638166391664016641166421664316644166451664616647166481664916650166511665216653166541665516656166571665816659166601666116662166631666416665166661666716668166691667016671166721667316674166751667616677166781667916680166811668216683166841668516686166871668816689166901669116692166931669416695166961669716698166991670016701167021670316704167051670616707167081670916710167111671216713167141671516716167171671816719167201672116722167231672416725167261672716728167291673016731167321673316734167351673616737167381673916740167411674216743167441674516746167471674816749167501675116752167531675416755167561675716758167591676016761167621676316764167651676616767167681676916770167711677216773167741677516776167771677816779167801678116782167831678416785167861678716788167891679016791167921679316794167951679616797167981679916800168011680216803168041680516806168071680816809168101681116812168131681416815168161681716818168191682016821168221682316824168251682616827168281682916830168311683216833168341683516836168371683816839168401684116842168431684416845168461684716848168491685016851168521685316854168551685616857168581685916860168611686216863168641686516866168671686816869168701687116872168731687416875168761687716878168791688016881168821688316884168851688616887168881688916890168911689216893168941689516896168971689816899169001690116902169031690416905169061690716908169091691016911169121691316914169151691616917169181691916920169211692216923169241692516926169271692816929169301693116932169331693416935169361693716938169391694016941169421694316944169451694616947169481694916950169511695216953169541695516956169571695816959169601696116962169631696416965169661696716968169691697016971169721697316974169751697616977169781697916980169811698216983169841698516986169871698816989169901699116992169931699416995169961699716998169991700017001170021700317004170051700617007170081700917010170111701217013170141701517016170171701817019170201702117022170231702417025170261702717028170291703017031170321703317034170351703617037170381703917040170411704217043170441704517046170471704817049170501705117052170531705417055170561705717058170591706017061170621706317064170651706617067170681706917070170711707217073170741707517076170771707817079170801708117082170831708417085170861708717088170891709017091170921709317094170951709617097170981709917100171011710217103171041710517106171071710817109171101711117112171131711417115171161711717118171191712017121171221712317124171251712617127171281712917130171311713217133171341713517136171371713817139171401714117142171431714417145171461714717148171491715017151171521715317154171551715617157171581715917160171611716217163171641716517166171671716817169171701717117172171731717417175171761717717178171791718017181171821718317184171851718617187171881718917190171911719217193171941719517196171971719817199172001720117202172031720417205172061720717208172091721017211172121721317214172151721617217172181721917220172211722217223172241722517226172271722817229172301723117232172331723417235172361723717238172391724017241172421724317244172451724617247172481724917250172511725217253172541725517256172571725817259172601726117262172631726417265172661726717268172691727017271172721727317274172751727617277172781727917280172811728217283172841728517286172871728817289172901729117292172931729417295172961729717298172991730017301173021730317304173051730617307173081730917310173111731217313173141731517316173171731817319173201732117322173231732417325173261732717328173291733017331173321733317334173351733617337173381733917340173411734217343173441734517346173471734817349173501735117352173531735417355173561735717358173591736017361173621736317364173651736617367173681736917370173711737217373173741737517376173771737817379173801738117382173831738417385173861738717388173891739017391173921739317394173951739617397173981739917400174011740217403174041740517406174071740817409174101741117412174131741417415174161741717418174191742017421174221742317424174251742617427174281742917430174311743217433174341743517436174371743817439174401744117442174431744417445174461744717448174491745017451174521745317454174551745617457174581745917460174611746217463174641746517466174671746817469174701747117472174731747417475174761747717478174791748017481174821748317484174851748617487174881748917490174911749217493174941749517496174971749817499175001750117502175031750417505175061750717508175091751017511175121751317514175151751617517175181751917520175211752217523175241752517526175271752817529175301753117532175331753417535175361753717538175391754017541175421754317544175451754617547175481754917550175511755217553175541755517556175571755817559175601756117562175631756417565175661756717568175691757017571175721757317574175751757617577175781757917580175811758217583175841758517586175871758817589175901759117592175931759417595175961759717598175991760017601176021760317604176051760617607176081760917610176111761217613176141761517616176171761817619176201762117622176231762417625176261762717628176291763017631176321763317634176351763617637176381763917640176411764217643176441764517646176471764817649176501765117652176531765417655176561765717658176591766017661176621766317664176651766617667176681766917670176711767217673176741767517676176771767817679176801768117682176831768417685176861768717688176891769017691176921769317694176951769617697176981769917700177011770217703177041770517706177071770817709177101771117712177131771417715177161771717718177191772017721177221772317724177251772617727177281772917730177311773217733177341773517736177371773817739177401774117742177431774417745177461774717748177491775017751177521775317754177551775617757177581775917760177611776217763177641776517766177671776817769177701777117772177731777417775177761777717778177791778017781177821778317784177851778617787177881778917790177911779217793177941779517796177971779817799178001780117802178031780417805178061780717808178091781017811178121781317814178151781617817178181781917820178211782217823178241782517826178271782817829178301783117832178331783417835178361783717838178391784017841178421784317844178451784617847178481784917850178511785217853178541785517856178571785817859178601786117862178631786417865178661786717868178691787017871178721787317874178751787617877178781787917880178811788217883178841788517886178871788817889178901789117892178931789417895178961789717898178991790017901179021790317904179051790617907179081790917910179111791217913179141791517916179171791817919179201792117922179231792417925179261792717928179291793017931179321793317934179351793617937179381793917940179411794217943179441794517946179471794817949179501795117952179531795417955179561795717958179591796017961179621796317964179651796617967179681796917970179711797217973179741797517976179771797817979179801798117982179831798417985179861798717988179891799017991179921799317994179951799617997179981799918000180011800218003180041800518006180071800818009180101801118012180131801418015180161801718018180191802018021180221802318024180251802618027180281802918030180311803218033180341803518036180371803818039180401804118042180431804418045180461804718048180491805018051180521805318054180551805618057180581805918060180611806218063180641806518066180671806818069180701807118072180731807418075180761807718078180791808018081180821808318084180851808618087180881808918090180911809218093180941809518096180971809818099181001810118102181031810418105181061810718108181091811018111181121811318114181151811618117181181811918120181211812218123181241812518126181271812818129181301813118132181331813418135181361813718138181391814018141181421814318144181451814618147181481814918150181511815218153181541815518156181571815818159181601816118162181631816418165181661816718168181691817018171181721817318174181751817618177181781817918180181811818218183181841818518186181871818818189181901819118192181931819418195181961819718198181991820018201182021820318204182051820618207182081820918210182111821218213182141821518216182171821818219182201822118222182231822418225182261822718228182291823018231182321823318234182351823618237182381823918240182411824218243182441824518246182471824818249182501825118252182531825418255182561825718258182591826018261182621826318264182651826618267182681826918270182711827218273182741827518276182771827818279182801828118282182831828418285182861828718288182891829018291182921829318294182951829618297182981829918300183011830218303183041830518306183071830818309183101831118312183131831418315183161831718318183191832018321183221832318324183251832618327183281832918330183311833218333183341833518336183371833818339183401834118342183431834418345183461834718348183491835018351183521835318354183551835618357183581835918360183611836218363183641836518366183671836818369183701837118372183731837418375183761837718378183791838018381183821838318384183851838618387183881838918390183911839218393183941839518396183971839818399184001840118402184031840418405184061840718408184091841018411184121841318414184151841618417184181841918420184211842218423184241842518426184271842818429184301843118432184331843418435184361843718438184391844018441184421844318444184451844618447184481844918450184511845218453184541845518456184571845818459184601846118462184631846418465184661846718468184691847018471184721847318474184751847618477184781847918480184811848218483184841848518486184871848818489184901849118492184931849418495184961849718498184991850018501185021850318504185051850618507185081850918510185111851218513185141851518516185171851818519185201852118522185231852418525185261852718528185291853018531185321853318534185351853618537185381853918540185411854218543185441854518546185471854818549185501855118552185531855418555185561855718558185591856018561185621856318564185651856618567185681856918570185711857218573185741857518576185771857818579185801858118582185831858418585185861858718588185891859018591185921859318594185951859618597185981859918600186011860218603186041860518606186071860818609186101861118612186131861418615186161861718618186191862018621186221862318624186251862618627186281862918630186311863218633186341863518636186371863818639186401864118642186431864418645186461864718648186491865018651186521865318654186551865618657186581865918660186611866218663186641866518666186671866818669186701867118672186731867418675186761867718678186791868018681186821868318684186851868618687186881868918690186911869218693186941869518696186971869818699187001870118702187031870418705187061870718708187091871018711187121871318714187151871618717187181871918720187211872218723187241872518726187271872818729187301873118732187331873418735187361873718738187391874018741187421874318744187451874618747187481874918750187511875218753187541875518756187571875818759187601876118762187631876418765187661876718768187691877018771187721877318774187751877618777187781877918780187811878218783187841878518786187871878818789187901879118792187931879418795187961879718798187991880018801188021880318804188051880618807188081880918810188111881218813188141881518816188171881818819188201882118822188231882418825188261882718828188291883018831188321883318834188351883618837188381883918840188411884218843188441884518846188471884818849188501885118852188531885418855188561885718858188591886018861188621886318864188651886618867188681886918870188711887218873188741887518876188771887818879188801888118882188831888418885188861888718888188891889018891188921889318894188951889618897188981889918900189011890218903189041890518906189071890818909189101891118912189131891418915189161891718918189191892018921189221892318924189251892618927189281892918930189311893218933189341893518936189371893818939189401894118942189431894418945189461894718948189491895018951189521895318954189551895618957189581895918960189611896218963189641896518966189671896818969189701897118972189731897418975189761897718978189791898018981189821898318984189851898618987189881898918990189911899218993189941899518996189971899818999190001900119002190031900419005190061900719008190091901019011190121901319014190151901619017190181901919020190211902219023190241902519026190271902819029190301903119032190331903419035190361903719038190391904019041190421904319044190451904619047190481904919050190511905219053190541905519056190571905819059190601906119062190631906419065190661906719068190691907019071190721907319074190751907619077190781907919080190811908219083190841908519086190871908819089190901909119092190931909419095190961909719098190991910019101191021910319104191051910619107191081910919110191111911219113191141911519116191171911819119191201912119122191231912419125191261912719128191291913019131191321913319134191351913619137191381913919140191411914219143191441914519146191471914819149191501915119152191531915419155191561915719158191591916019161191621916319164191651916619167191681916919170191711917219173191741917519176191771917819179191801918119182191831918419185191861918719188191891919019191191921919319194191951919619197191981919919200192011920219203192041920519206192071920819209192101921119212192131921419215192161921719218192191922019221192221922319224192251922619227192281922919230192311923219233192341923519236192371923819239192401924119242192431924419245192461924719248192491925019251192521925319254192551925619257192581925919260192611926219263192641926519266192671926819269192701927119272192731927419275192761927719278192791928019281192821928319284192851928619287192881928919290192911929219293192941929519296192971929819299193001930119302193031930419305193061930719308193091931019311193121931319314193151931619317193181931919320193211932219323193241932519326193271932819329193301933119332193331933419335193361933719338193391934019341193421934319344193451934619347193481934919350193511935219353193541935519356193571935819359193601936119362193631936419365193661936719368193691937019371193721937319374193751937619377193781937919380193811938219383193841938519386193871938819389193901939119392193931939419395193961939719398193991940019401194021940319404194051940619407194081940919410194111941219413194141941519416194171941819419194201942119422194231942419425194261942719428194291943019431194321943319434194351943619437194381943919440194411944219443194441944519446194471944819449194501945119452194531945419455194561945719458194591946019461194621946319464194651946619467194681946919470194711947219473194741947519476194771947819479194801948119482194831948419485194861948719488194891949019491194921949319494194951949619497194981949919500195011950219503195041950519506195071950819509195101951119512195131951419515195161951719518195191952019521195221952319524195251952619527195281952919530195311953219533195341953519536195371953819539195401954119542195431954419545195461954719548195491955019551195521955319554195551955619557195581955919560195611956219563195641956519566195671956819569195701957119572195731957419575195761957719578195791958019581195821958319584195851958619587195881958919590195911959219593195941959519596195971959819599196001960119602196031960419605196061960719608196091961019611196121961319614196151961619617196181961919620196211962219623196241962519626196271962819629196301963119632196331963419635196361963719638196391964019641196421964319644196451964619647196481964919650196511965219653196541965519656196571965819659196601966119662196631966419665196661966719668196691967019671196721967319674196751967619677196781967919680196811968219683196841968519686196871968819689196901969119692196931969419695196961969719698196991970019701197021970319704197051970619707197081970919710197111971219713197141971519716197171971819719197201972119722197231972419725197261972719728197291973019731197321973319734197351973619737197381973919740197411974219743197441974519746197471974819749197501975119752197531975419755197561975719758197591976019761197621976319764197651976619767197681976919770197711977219773197741977519776197771977819779197801978119782197831978419785197861978719788197891979019791197921979319794197951979619797197981979919800198011980219803198041980519806198071980819809198101981119812198131981419815198161981719818198191982019821198221982319824198251982619827198281982919830198311983219833198341983519836198371983819839198401984119842198431984419845198461984719848198491985019851198521985319854198551985619857198581985919860198611986219863198641986519866198671986819869198701987119872198731987419875198761987719878198791988019881198821988319884198851988619887198881988919890198911989219893198941989519896198971989819899199001990119902199031990419905199061990719908199091991019911199121991319914199151991619917199181991919920199211992219923199241992519926199271992819929199301993119932199331993419935199361993719938199391994019941199421994319944199451994619947199481994919950199511995219953199541995519956199571995819959199601996119962199631996419965199661996719968199691997019971199721997319974199751997619977199781997919980199811998219983199841998519986199871998819989199901999119992199931999419995199961999719998199992000020001200022000320004200052000620007200082000920010200112001220013200142001520016200172001820019200202002120022200232002420025200262002720028200292003020031200322003320034200352003620037200382003920040200412004220043200442004520046200472004820049200502005120052200532005420055200562005720058200592006020061200622006320064200652006620067200682006920070200712007220073200742007520076200772007820079200802008120082200832008420085200862008720088200892009020091200922009320094200952009620097200982009920100201012010220103201042010520106201072010820109201102011120112201132011420115201162011720118201192012020121201222012320124201252012620127201282012920130201312013220133201342013520136201372013820139201402014120142201432014420145201462014720148201492015020151201522015320154201552015620157201582015920160201612016220163201642016520166201672016820169201702017120172201732017420175201762017720178201792018020181201822018320184201852018620187201882018920190201912019220193201942019520196201972019820199202002020120202202032020420205202062020720208202092021020211202122021320214202152021620217202182021920220202212022220223202242022520226202272022820229202302023120232202332023420235202362023720238202392024020241202422024320244202452024620247202482024920250202512025220253202542025520256202572025820259202602026120262202632026420265202662026720268202692027020271202722027320274202752027620277202782027920280202812028220283202842028520286202872028820289202902029120292202932029420295202962029720298202992030020301203022030320304203052030620307203082030920310203112031220313203142031520316203172031820319203202032120322203232032420325203262032720328203292033020331203322033320334203352033620337203382033920340203412034220343203442034520346203472034820349203502035120352203532035420355203562035720358203592036020361203622036320364203652036620367203682036920370203712037220373203742037520376203772037820379203802038120382203832038420385203862038720388203892039020391203922039320394203952039620397203982039920400204012040220403204042040520406204072040820409204102041120412204132041420415204162041720418204192042020421204222042320424204252042620427204282042920430204312043220433204342043520436204372043820439204402044120442204432044420445204462044720448204492045020451204522045320454204552045620457204582045920460204612046220463204642046520466204672046820469204702047120472204732047420475204762047720478204792048020481204822048320484204852048620487204882048920490204912049220493204942049520496204972049820499205002050120502205032050420505205062050720508205092051020511205122051320514205152051620517205182051920520205212052220523205242052520526205272052820529205302053120532205332053420535205362053720538205392054020541205422054320544205452054620547205482054920550205512055220553205542055520556205572055820559205602056120562205632056420565205662056720568205692057020571205722057320574205752057620577205782057920580205812058220583205842058520586205872058820589205902059120592205932059420595205962059720598205992060020601206022060320604206052060620607206082060920610206112061220613206142061520616206172061820619206202062120622206232062420625206262062720628206292063020631206322063320634206352063620637206382063920640206412064220643206442064520646206472064820649206502065120652206532065420655206562065720658206592066020661206622066320664206652066620667206682066920670206712067220673206742067520676206772067820679206802068120682206832068420685206862068720688206892069020691206922069320694206952069620697206982069920700207012070220703207042070520706207072070820709207102071120712207132071420715207162071720718207192072020721207222072320724207252072620727207282072920730207312073220733207342073520736207372073820739207402074120742207432074420745207462074720748207492075020751207522075320754207552075620757207582075920760207612076220763207642076520766207672076820769207702077120772207732077420775207762077720778207792078020781207822078320784207852078620787207882078920790207912079220793207942079520796207972079820799208002080120802208032080420805208062080720808208092081020811208122081320814208152081620817208182081920820208212082220823208242082520826208272082820829208302083120832208332083420835208362083720838208392084020841208422084320844208452084620847208482084920850208512085220853208542085520856208572085820859208602086120862208632086420865208662086720868208692087020871208722087320874208752087620877208782087920880208812088220883208842088520886208872088820889208902089120892208932089420895208962089720898208992090020901209022090320904209052090620907209082090920910209112091220913209142091520916209172091820919209202092120922209232092420925209262092720928209292093020931209322093320934209352093620937209382093920940209412094220943209442094520946209472094820949209502095120952209532095420955209562095720958209592096020961209622096320964209652096620967209682096920970209712097220973209742097520976209772097820979209802098120982209832098420985209862098720988209892099020991209922099320994209952099620997209982099921000210012100221003210042100521006210072100821009210102101121012210132101421015210162101721018210192102021021210222102321024210252102621027210282102921030210312103221033210342103521036210372103821039210402104121042210432104421045210462104721048210492105021051210522105321054210552105621057210582105921060210612106221063210642106521066210672106821069210702107121072210732107421075210762107721078210792108021081210822108321084210852108621087210882108921090210912109221093210942109521096210972109821099211002110121102211032110421105211062110721108211092111021111211122111321114211152111621117211182111921120211212112221123211242112521126211272112821129211302113121132211332113421135211362113721138211392114021141211422114321144211452114621147211482114921150211512115221153211542115521156211572115821159211602116121162211632116421165211662116721168211692117021171211722117321174211752117621177211782117921180211812118221183211842118521186211872118821189211902119121192211932119421195211962119721198211992120021201212022120321204212052120621207212082120921210212112121221213212142121521216212172121821219212202122121222212232122421225212262122721228212292123021231212322123321234212352123621237212382123921240212412124221243212442124521246212472124821249212502125121252212532125421255212562125721258212592126021261212622126321264212652126621267212682126921270212712127221273212742127521276212772127821279212802128121282212832128421285212862128721288212892129021291212922129321294212952129621297212982129921300213012130221303213042130521306213072130821309213102131121312213132131421315213162131721318213192132021321213222132321324213252132621327213282132921330213312133221333213342133521336213372133821339213402134121342213432134421345213462134721348213492135021351213522135321354213552135621357213582135921360213612136221363213642136521366213672136821369213702137121372213732137421375213762137721378213792138021381213822138321384213852138621387213882138921390213912139221393213942139521396213972139821399214002140121402214032140421405214062140721408214092141021411214122141321414214152141621417214182141921420214212142221423214242142521426214272142821429214302143121432214332143421435214362143721438214392144021441214422144321444214452144621447214482144921450214512145221453214542145521456214572145821459214602146121462214632146421465214662146721468214692147021471214722147321474214752147621477214782147921480214812148221483214842148521486214872148821489214902149121492214932149421495214962149721498214992150021501215022150321504215052150621507215082150921510215112151221513215142151521516215172151821519215202152121522215232152421525215262152721528215292153021531215322153321534215352153621537215382153921540215412154221543215442154521546215472154821549215502155121552215532155421555215562155721558215592156021561215622156321564215652156621567215682156921570215712157221573215742157521576215772157821579215802158121582215832158421585215862158721588215892159021591215922159321594215952159621597215982159921600216012160221603216042160521606216072160821609216102161121612216132161421615216162161721618216192162021621216222162321624216252162621627216282162921630216312163221633216342163521636216372163821639216402164121642216432164421645216462164721648216492165021651216522165321654216552165621657216582165921660216612166221663216642166521666216672166821669216702167121672216732167421675216762167721678216792168021681216822168321684216852168621687216882168921690216912169221693216942169521696216972169821699217002170121702217032170421705217062170721708217092171021711217122171321714217152171621717217182171921720217212172221723217242172521726217272172821729217302173121732217332173421735217362173721738217392174021741217422174321744217452174621747217482174921750217512175221753217542175521756217572175821759217602176121762217632176421765217662176721768217692177021771217722177321774217752177621777217782177921780217812178221783217842178521786217872178821789217902179121792217932179421795217962179721798217992180021801218022180321804218052180621807218082180921810218112181221813218142181521816218172181821819218202182121822218232182421825218262182721828218292183021831218322183321834218352183621837218382183921840218412184221843218442184521846218472184821849218502185121852218532185421855218562185721858218592186021861218622186321864218652186621867218682186921870218712187221873218742187521876218772187821879218802188121882218832188421885218862188721888218892189021891218922189321894218952189621897218982189921900219012190221903219042190521906219072190821909219102191121912219132191421915219162191721918219192192021921219222192321924219252192621927219282192921930219312193221933219342193521936219372193821939219402194121942219432194421945219462194721948219492195021951219522195321954219552195621957219582195921960219612196221963219642196521966219672196821969219702197121972219732197421975219762197721978219792198021981219822198321984219852198621987219882198921990219912199221993219942199521996219972199821999220002200122002220032200422005220062200722008220092201022011220122201322014220152201622017220182201922020220212202222023220242202522026220272202822029220302203122032220332203422035220362203722038220392204022041220422204322044220452204622047220482204922050220512205222053220542205522056220572205822059220602206122062220632206422065220662206722068220692207022071220722207322074220752207622077220782207922080220812208222083220842208522086220872208822089220902209122092220932209422095220962209722098220992210022101221022210322104221052210622107221082210922110221112211222113221142211522116221172211822119221202212122122221232212422125221262212722128221292213022131221322213322134221352213622137221382213922140221412214222143221442214522146221472214822149221502215122152221532215422155221562215722158221592216022161221622216322164221652216622167221682216922170221712217222173221742217522176221772217822179221802218122182221832218422185221862218722188221892219022191221922219322194221952219622197221982219922200222012220222203222042220522206222072220822209222102221122212222132221422215222162221722218222192222022221222222222322224222252222622227222282222922230222312223222233222342223522236222372223822239222402224122242222432224422245222462224722248222492225022251222522225322254222552225622257222582225922260222612226222263222642226522266222672226822269222702227122272222732227422275222762227722278222792228022281222822228322284222852228622287222882228922290222912229222293222942229522296222972229822299223002230122302223032230422305223062230722308223092231022311223122231322314223152231622317223182231922320223212232222323223242232522326223272232822329223302233122332223332233422335223362233722338223392234022341223422234322344223452234622347223482234922350223512235222353223542235522356223572235822359223602236122362223632236422365223662236722368223692237022371223722237322374223752237622377223782237922380223812238222383223842238522386223872238822389223902239122392223932239422395223962239722398223992240022401224022240322404224052240622407224082240922410224112241222413224142241522416224172241822419224202242122422224232242422425224262242722428224292243022431224322243322434224352243622437224382243922440224412244222443224442244522446224472244822449224502245122452224532245422455224562245722458224592246022461224622246322464224652246622467224682246922470224712247222473224742247522476224772247822479224802248122482224832248422485224862248722488224892249022491224922249322494224952249622497224982249922500225012250222503225042250522506225072250822509225102251122512225132251422515225162251722518225192252022521225222252322524225252252622527225282252922530225312253222533225342253522536225372253822539225402254122542225432254422545225462254722548225492255022551225522255322554225552255622557225582255922560225612256222563225642256522566225672256822569225702257122572225732257422575225762257722578225792258022581225822258322584225852258622587225882258922590225912259222593225942259522596225972259822599226002260122602226032260422605226062260722608226092261022611226122261322614226152261622617226182261922620226212262222623226242262522626226272262822629226302263122632226332263422635226362263722638226392264022641226422264322644226452264622647226482264922650226512265222653226542265522656226572265822659226602266122662226632266422665226662266722668226692267022671226722267322674226752267622677226782267922680226812268222683226842268522686226872268822689226902269122692226932269422695226962269722698226992270022701227022270322704227052270622707227082270922710227112271222713227142271522716227172271822719227202272122722227232272422725227262272722728227292273022731227322273322734227352273622737227382273922740227412274222743227442274522746227472274822749227502275122752227532275422755227562275722758227592276022761227622276322764227652276622767227682276922770227712277222773227742277522776227772277822779227802278122782227832278422785227862278722788227892279022791227922279322794227952279622797227982279922800228012280222803228042280522806228072280822809228102281122812228132281422815228162281722818228192282022821228222282322824228252282622827228282282922830228312283222833228342283522836228372283822839228402284122842228432284422845228462284722848228492285022851228522285322854228552285622857228582285922860228612286222863228642286522866228672286822869228702287122872228732287422875228762287722878228792288022881228822288322884228852288622887228882288922890228912289222893228942289522896228972289822899229002290122902229032290422905229062290722908229092291022911229122291322914229152291622917229182291922920229212292222923229242292522926229272292822929229302293122932229332293422935229362293722938229392294022941229422294322944229452294622947229482294922950229512295222953229542295522956229572295822959229602296122962229632296422965229662296722968229692297022971229722297322974229752297622977229782297922980229812298222983229842298522986229872298822989229902299122992229932299422995229962299722998229992300023001230022300323004230052300623007230082300923010230112301223013230142301523016230172301823019230202302123022230232302423025230262302723028230292303023031230322303323034230352303623037230382303923040230412304223043230442304523046230472304823049230502305123052230532305423055230562305723058230592306023061230622306323064230652306623067230682306923070230712307223073230742307523076230772307823079230802308123082230832308423085230862308723088230892309023091230922309323094230952309623097230982309923100231012310223103231042310523106231072310823109231102311123112231132311423115231162311723118231192312023121231222312323124231252312623127231282312923130231312313223133231342313523136231372313823139231402314123142231432314423145231462314723148231492315023151231522315323154231552315623157231582315923160231612316223163231642316523166231672316823169231702317123172231732317423175231762317723178231792318023181231822318323184231852318623187231882318923190231912319223193231942319523196231972319823199232002320123202232032320423205232062320723208232092321023211232122321323214232152321623217232182321923220232212322223223232242322523226232272322823229232302323123232232332323423235232362323723238232392324023241232422324323244232452324623247232482324923250232512325223253232542325523256232572325823259232602326123262232632326423265232662326723268232692327023271232722327323274232752327623277232782327923280232812328223283232842328523286232872328823289232902329123292232932329423295232962329723298232992330023301233022330323304233052330623307233082330923310233112331223313233142331523316233172331823319233202332123322233232332423325233262332723328233292333023331233322333323334233352333623337233382333923340233412334223343233442334523346233472334823349233502335123352233532335423355233562335723358233592336023361233622336323364233652336623367233682336923370233712337223373233742337523376233772337823379233802338123382233832338423385233862338723388233892339023391233922339323394233952339623397233982339923400234012340223403234042340523406234072340823409234102341123412234132341423415234162341723418234192342023421234222342323424234252342623427234282342923430234312343223433234342343523436234372343823439234402344123442234432344423445234462344723448234492345023451234522345323454234552345623457234582345923460234612346223463234642346523466234672346823469234702347123472234732347423475234762347723478234792348023481234822348323484234852348623487234882348923490234912349223493234942349523496234972349823499235002350123502235032350423505235062350723508235092351023511235122351323514235152351623517235182351923520235212352223523235242352523526235272352823529235302353123532235332353423535235362353723538235392354023541235422354323544235452354623547235482354923550235512355223553235542355523556235572355823559235602356123562235632356423565235662356723568235692357023571235722357323574235752357623577235782357923580235812358223583235842358523586235872358823589235902359123592235932359423595235962359723598235992360023601236022360323604236052360623607236082360923610236112361223613236142361523616236172361823619236202362123622236232362423625236262362723628236292363023631236322363323634236352363623637236382363923640236412364223643236442364523646236472364823649236502365123652236532365423655236562365723658236592366023661236622366323664236652366623667236682366923670236712367223673236742367523676236772367823679236802368123682236832368423685236862368723688236892369023691236922369323694236952369623697236982369923700237012370223703237042370523706237072370823709237102371123712237132371423715237162371723718237192372023721237222372323724237252372623727237282372923730237312373223733237342373523736237372373823739237402374123742237432374423745237462374723748237492375023751237522375323754237552375623757237582375923760237612376223763237642376523766237672376823769237702377123772237732377423775237762377723778237792378023781237822378323784237852378623787237882378923790237912379223793237942379523796237972379823799238002380123802238032380423805238062380723808238092381023811238122381323814238152381623817238182381923820238212382223823238242382523826238272382823829238302383123832238332383423835238362383723838238392384023841238422384323844238452384623847238482384923850238512385223853238542385523856238572385823859238602386123862238632386423865238662386723868238692387023871238722387323874238752387623877238782387923880238812388223883238842388523886238872388823889238902389123892238932389423895238962389723898238992390023901239022390323904239052390623907239082390923910239112391223913239142391523916239172391823919239202392123922239232392423925239262392723928239292393023931239322393323934239352393623937239382393923940239412394223943239442394523946239472394823949239502395123952239532395423955239562395723958239592396023961239622396323964239652396623967239682396923970239712397223973239742397523976239772397823979239802398123982239832398423985239862398723988239892399023991239922399323994239952399623997239982399924000240012400224003240042400524006240072400824009240102401124012240132401424015240162401724018240192402024021240222402324024240252402624027240282402924030240312403224033240342403524036240372403824039240402404124042240432404424045240462404724048240492405024051240522405324054240552405624057240582405924060240612406224063240642406524066240672406824069240702407124072240732407424075240762407724078240792408024081240822408324084240852408624087240882408924090240912409224093240942409524096240972409824099241002410124102241032410424105241062410724108241092411024111241122411324114241152411624117241182411924120241212412224123241242412524126241272412824129241302413124132241332413424135241362413724138241392414024141241422414324144241452414624147241482414924150241512415224153241542415524156241572415824159241602416124162241632416424165241662416724168241692417024171241722417324174241752417624177241782417924180241812418224183241842418524186241872418824189241902419124192241932419424195241962419724198241992420024201242022420324204242052420624207242082420924210242112421224213242142421524216242172421824219242202422124222242232422424225242262422724228242292423024231242322423324234242352423624237242382423924240242412424224243242442424524246242472424824249242502425124252242532425424255242562425724258242592426024261242622426324264242652426624267242682426924270242712427224273242742427524276242772427824279242802428124282242832428424285242862428724288242892429024291242922429324294242952429624297242982429924300243012430224303243042430524306243072430824309243102431124312243132431424315243162431724318243192432024321243222432324324243252432624327243282432924330243312433224333243342433524336243372433824339243402434124342243432434424345243462434724348243492435024351243522435324354243552435624357243582435924360243612436224363243642436524366243672436824369243702437124372243732437424375243762437724378243792438024381243822438324384243852438624387243882438924390243912439224393243942439524396243972439824399244002440124402244032440424405244062440724408244092441024411244122441324414244152441624417244182441924420244212442224423244242442524426244272442824429244302443124432244332443424435244362443724438244392444024441244422444324444244452444624447244482444924450244512445224453244542445524456244572445824459244602446124462244632446424465244662446724468244692447024471244722447324474244752447624477244782447924480244812448224483244842448524486244872448824489244902449124492244932449424495244962449724498244992450024501245022450324504245052450624507245082450924510245112451224513245142451524516245172451824519245202452124522245232452424525245262452724528245292453024531245322453324534245352453624537245382453924540245412454224543245442454524546245472454824549245502455124552245532455424555245562455724558245592456024561245622456324564245652456624567245682456924570245712457224573245742457524576245772457824579245802458124582245832458424585245862458724588245892459024591245922459324594245952459624597245982459924600246012460224603246042460524606246072460824609246102461124612246132461424615246162461724618246192462024621246222462324624246252462624627246282462924630246312463224633246342463524636246372463824639246402464124642246432464424645246462464724648246492465024651246522465324654246552465624657246582465924660246612466224663246642466524666246672466824669246702467124672246732467424675246762467724678246792468024681246822468324684246852468624687246882468924690246912469224693246942469524696246972469824699247002470124702247032470424705247062470724708247092471024711247122471324714247152471624717247182471924720247212472224723247242472524726247272472824729247302473124732247332473424735247362473724738247392474024741247422474324744247452474624747247482474924750247512475224753247542475524756247572475824759247602476124762247632476424765247662476724768247692477024771247722477324774247752477624777247782477924780247812478224783247842478524786247872478824789247902479124792247932479424795247962479724798247992480024801248022480324804248052480624807248082480924810248112481224813248142481524816248172481824819248202482124822248232482424825248262482724828248292483024831248322483324834248352483624837248382483924840248412484224843248442484524846248472484824849248502485124852248532485424855248562485724858248592486024861248622486324864248652486624867248682486924870248712487224873248742487524876248772487824879248802488124882248832488424885248862488724888248892489024891248922489324894248952489624897248982489924900249012490224903249042490524906249072490824909249102491124912249132491424915249162491724918249192492024921249222492324924249252492624927249282492924930249312493224933249342493524936249372493824939249402494124942249432494424945249462494724948249492495024951249522495324954249552495624957249582495924960249612496224963249642496524966249672496824969249702497124972249732497424975249762497724978249792498024981249822498324984249852498624987249882498924990249912499224993249942499524996249972499824999250002500125002250032500425005250062500725008250092501025011250122501325014250152501625017250182501925020250212502225023250242502525026250272502825029250302503125032250332503425035250362503725038250392504025041250422504325044250452504625047250482504925050250512505225053250542505525056250572505825059250602506125062250632506425065250662506725068250692507025071250722507325074250752507625077250782507925080250812508225083250842508525086250872508825089250902509125092250932509425095250962509725098250992510025101251022510325104251052510625107251082510925110251112511225113251142511525116251172511825119251202512125122251232512425125251262512725128251292513025131251322513325134251352513625137251382513925140251412514225143251442514525146251472514825149251502515125152251532515425155251562515725158251592516025161251622516325164251652516625167251682516925170251712517225173251742517525176251772517825179251802518125182251832518425185251862518725188251892519025191251922519325194251952519625197251982519925200252012520225203252042520525206252072520825209252102521125212252132521425215252162521725218252192522025221252222522325224252252522625227252282522925230252312523225233252342523525236252372523825239252402524125242252432524425245252462524725248252492525025251252522525325254252552525625257252582525925260252612526225263252642526525266252672526825269252702527125272252732527425275252762527725278252792528025281252822528325284252852528625287252882528925290252912529225293252942529525296252972529825299253002530125302253032530425305253062530725308253092531025311253122531325314253152531625317253182531925320253212532225323253242532525326253272532825329253302533125332253332533425335253362533725338253392534025341253422534325344253452534625347253482534925350253512535225353253542535525356253572535825359253602536125362253632536425365253662536725368253692537025371253722537325374253752537625377253782537925380253812538225383253842538525386253872538825389253902539125392253932539425395253962539725398253992540025401254022540325404254052540625407254082540925410254112541225413254142541525416254172541825419254202542125422254232542425425254262542725428254292543025431254322543325434254352543625437254382543925440254412544225443254442544525446254472544825449254502545125452254532545425455254562545725458254592546025461254622546325464254652546625467254682546925470254712547225473254742547525476254772547825479254802548125482254832548425485254862548725488254892549025491254922549325494254952549625497254982549925500255012550225503255042550525506255072550825509255102551125512255132551425515255162551725518255192552025521255222552325524255252552625527255282552925530255312553225533255342553525536255372553825539255402554125542255432554425545255462554725548255492555025551255522555325554255552555625557255582555925560255612556225563255642556525566255672556825569255702557125572255732557425575255762557725578255792558025581255822558325584255852558625587255882558925590255912559225593255942559525596255972559825599256002560125602256032560425605256062560725608256092561025611256122561325614256152561625617256182561925620256212562225623256242562525626256272562825629256302563125632256332563425635256362563725638256392564025641256422564325644256452564625647256482564925650256512565225653256542565525656256572565825659256602566125662256632566425665256662566725668256692567025671256722567325674256752567625677256782567925680256812568225683256842568525686256872568825689256902569125692256932569425695256962569725698256992570025701257022570325704257052570625707257082570925710257112571225713257142571525716257172571825719257202572125722257232572425725257262572725728257292573025731257322573325734257352573625737257382573925740257412574225743257442574525746257472574825749257502575125752257532575425755257562575725758257592576025761257622576325764257652576625767257682576925770257712577225773257742577525776257772577825779257802578125782257832578425785257862578725788257892579025791257922579325794257952579625797257982579925800258012580225803258042580525806258072580825809258102581125812258132581425815258162581725818258192582025821258222582325824258252582625827258282582925830258312583225833258342583525836258372583825839258402584125842258432584425845258462584725848258492585025851258522585325854258552585625857258582585925860258612586225863258642586525866258672586825869258702587125872258732587425875258762587725878258792588025881258822588325884258852588625887258882588925890258912589225893258942589525896258972589825899259002590125902259032590425905259062590725908259092591025911259122591325914259152591625917259182591925920259212592225923259242592525926259272592825929259302593125932259332593425935259362593725938259392594025941259422594325944259452594625947259482594925950259512595225953259542595525956259572595825959259602596125962259632596425965259662596725968259692597025971259722597325974259752597625977259782597925980259812598225983259842598525986259872598825989259902599125992259932599425995259962599725998259992600026001260022600326004260052600626007260082600926010260112601226013260142601526016260172601826019260202602126022260232602426025260262602726028260292603026031260322603326034260352603626037260382603926040260412604226043260442604526046260472604826049260502605126052260532605426055260562605726058260592606026061260622606326064260652606626067260682606926070260712607226073260742607526076260772607826079260802608126082260832608426085260862608726088260892609026091260922609326094260952609626097260982609926100261012610226103261042610526106261072610826109261102611126112261132611426115261162611726118261192612026121261222612326124261252612626127261282612926130261312613226133261342613526136261372613826139261402614126142261432614426145261462614726148261492615026151261522615326154261552615626157261582615926160261612616226163261642616526166261672616826169261702617126172261732617426175261762617726178261792618026181261822618326184261852618626187261882618926190261912619226193261942619526196261972619826199262002620126202262032620426205262062620726208262092621026211262122621326214262152621626217262182621926220262212622226223262242622526226262272622826229262302623126232262332623426235262362623726238262392624026241262422624326244262452624626247262482624926250262512625226253262542625526256262572625826259262602626126262262632626426265262662626726268262692627026271262722627326274262752627626277262782627926280262812628226283262842628526286262872628826289262902629126292262932629426295262962629726298262992630026301263022630326304263052630626307263082630926310263112631226313263142631526316263172631826319263202632126322263232632426325263262632726328263292633026331263322633326334263352633626337263382633926340263412634226343263442634526346263472634826349263502635126352263532635426355263562635726358263592636026361263622636326364263652636626367263682636926370263712637226373263742637526376263772637826379263802638126382263832638426385263862638726388263892639026391263922639326394263952639626397263982639926400264012640226403264042640526406264072640826409264102641126412264132641426415264162641726418264192642026421264222642326424264252642626427264282642926430264312643226433264342643526436264372643826439264402644126442264432644426445264462644726448264492645026451264522645326454264552645626457264582645926460264612646226463264642646526466264672646826469264702647126472264732647426475264762647726478264792648026481264822648326484264852648626487264882648926490264912649226493264942649526496264972649826499265002650126502265032650426505265062650726508265092651026511265122651326514265152651626517265182651926520265212652226523265242652526526265272652826529265302653126532265332653426535265362653726538265392654026541265422654326544265452654626547265482654926550265512655226553265542655526556265572655826559265602656126562265632656426565265662656726568265692657026571265722657326574265752657626577265782657926580265812658226583265842658526586265872658826589265902659126592265932659426595265962659726598265992660026601266022660326604266052660626607266082660926610266112661226613266142661526616266172661826619266202662126622266232662426625266262662726628266292663026631266322663326634266352663626637266382663926640266412664226643266442664526646266472664826649266502665126652266532665426655266562665726658266592666026661266622666326664266652666626667266682666926670266712667226673266742667526676266772667826679266802668126682266832668426685266862668726688266892669026691266922669326694266952669626697266982669926700267012670226703267042670526706267072670826709267102671126712267132671426715267162671726718267192672026721267222672326724267252672626727267282672926730267312673226733267342673526736267372673826739267402674126742267432674426745267462674726748267492675026751267522675326754267552675626757267582675926760267612676226763267642676526766267672676826769267702677126772267732677426775267762677726778267792678026781267822678326784267852678626787267882678926790267912679226793267942679526796267972679826799268002680126802268032680426805268062680726808268092681026811268122681326814268152681626817268182681926820268212682226823268242682526826268272682826829268302683126832268332683426835268362683726838268392684026841268422684326844268452684626847268482684926850268512685226853268542685526856268572685826859268602686126862268632686426865268662686726868268692687026871268722687326874268752687626877268782687926880268812688226883268842688526886268872688826889268902689126892268932689426895268962689726898268992690026901269022690326904269052690626907269082690926910269112691226913269142691526916269172691826919269202692126922269232692426925269262692726928269292693026931269322693326934269352693626937269382693926940269412694226943269442694526946269472694826949269502695126952269532695426955269562695726958269592696026961269622696326964269652696626967269682696926970269712697226973269742697526976269772697826979269802698126982269832698426985269862698726988269892699026991269922699326994269952699626997269982699927000270012700227003270042700527006270072700827009270102701127012270132701427015270162701727018270192702027021270222702327024270252702627027270282702927030270312703227033270342703527036270372703827039270402704127042270432704427045270462704727048270492705027051270522705327054270552705627057270582705927060270612706227063270642706527066270672706827069270702707127072270732707427075270762707727078270792708027081270822708327084270852708627087270882708927090270912709227093270942709527096270972709827099271002710127102271032710427105271062710727108271092711027111271122711327114271152711627117271182711927120271212712227123271242712527126271272712827129271302713127132271332713427135271362713727138271392714027141271422714327144271452714627147271482714927150271512715227153271542715527156271572715827159271602716127162271632716427165271662716727168271692717027171271722717327174271752717627177271782717927180271812718227183271842718527186271872718827189271902719127192271932719427195271962719727198271992720027201272022720327204272052720627207272082720927210272112721227213272142721527216272172721827219272202722127222272232722427225272262722727228272292723027231272322723327234272352723627237272382723927240272412724227243272442724527246272472724827249272502725127252272532725427255272562725727258272592726027261272622726327264272652726627267272682726927270272712727227273272742727527276272772727827279272802728127282272832728427285272862728727288272892729027291272922729327294272952729627297272982729927300273012730227303273042730527306273072730827309273102731127312273132731427315273162731727318273192732027321273222732327324273252732627327273282732927330273312733227333273342733527336273372733827339273402734127342273432734427345273462734727348273492735027351273522735327354273552735627357273582735927360273612736227363273642736527366273672736827369273702737127372273732737427375273762737727378273792738027381273822738327384273852738627387273882738927390273912739227393273942739527396273972739827399274002740127402274032740427405274062740727408274092741027411274122741327414274152741627417274182741927420274212742227423274242742527426274272742827429274302743127432274332743427435274362743727438274392744027441274422744327444274452744627447274482744927450274512745227453274542745527456274572745827459274602746127462274632746427465274662746727468274692747027471274722747327474274752747627477274782747927480274812748227483274842748527486274872748827489274902749127492274932749427495274962749727498274992750027501275022750327504275052750627507275082750927510275112751227513275142751527516275172751827519275202752127522275232752427525275262752727528275292753027531275322753327534275352753627537275382753927540275412754227543275442754527546275472754827549275502755127552275532755427555275562755727558275592756027561275622756327564275652756627567275682756927570275712757227573275742757527576275772757827579275802758127582275832758427585275862758727588275892759027591275922759327594275952759627597275982759927600276012760227603276042760527606276072760827609276102761127612276132761427615276162761727618276192762027621276222762327624276252762627627276282762927630276312763227633276342763527636276372763827639276402764127642276432764427645276462764727648276492765027651276522765327654276552765627657276582765927660276612766227663276642766527666276672766827669276702767127672276732767427675276762767727678276792768027681276822768327684276852768627687276882768927690276912769227693276942769527696276972769827699277002770127702277032770427705277062770727708277092771027711277122771327714277152771627717277182771927720277212772227723277242772527726277272772827729277302773127732277332773427735277362773727738277392774027741277422774327744277452774627747277482774927750277512775227753277542775527756277572775827759277602776127762277632776427765277662776727768277692777027771277722777327774277752777627777277782777927780277812778227783277842778527786277872778827789277902779127792277932779427795277962779727798277992780027801278022780327804278052780627807278082780927810278112781227813278142781527816278172781827819278202782127822278232782427825278262782727828278292783027831278322783327834278352783627837278382783927840278412784227843278442784527846278472784827849278502785127852278532785427855278562785727858278592786027861278622786327864278652786627867278682786927870278712787227873278742787527876278772787827879278802788127882278832788427885278862788727888278892789027891278922789327894278952789627897278982789927900279012790227903279042790527906279072790827909279102791127912279132791427915279162791727918279192792027921279222792327924279252792627927279282792927930279312793227933279342793527936279372793827939279402794127942279432794427945279462794727948279492795027951279522795327954279552795627957279582795927960279612796227963279642796527966279672796827969279702797127972279732797427975279762797727978279792798027981279822798327984279852798627987279882798927990279912799227993279942799527996279972799827999280002800128002280032800428005280062800728008280092801028011280122801328014280152801628017280182801928020280212802228023280242802528026280272802828029280302803128032280332803428035280362803728038280392804028041280422804328044280452804628047280482804928050280512805228053280542805528056280572805828059280602806128062280632806428065280662806728068280692807028071280722807328074280752807628077280782807928080280812808228083280842808528086280872808828089280902809128092280932809428095280962809728098280992810028101281022810328104281052810628107281082810928110281112811228113281142811528116281172811828119281202812128122281232812428125281262812728128281292813028131281322813328134281352813628137281382813928140281412814228143281442814528146281472814828149281502815128152281532815428155281562815728158281592816028161281622816328164281652816628167281682816928170281712817228173281742817528176281772817828179281802818128182281832818428185281862818728188281892819028191281922819328194281952819628197281982819928200282012820228203282042820528206282072820828209282102821128212282132821428215282162821728218282192822028221282222822328224282252822628227282282822928230282312823228233282342823528236282372823828239282402824128242282432824428245282462824728248282492825028251282522825328254282552825628257282582825928260282612826228263282642826528266282672826828269282702827128272282732827428275282762827728278282792828028281282822828328284282852828628287282882828928290282912829228293282942829528296282972829828299283002830128302283032830428305283062830728308283092831028311283122831328314283152831628317283182831928320283212832228323283242832528326283272832828329283302833128332283332833428335283362833728338283392834028341283422834328344283452834628347283482834928350283512835228353283542835528356283572835828359283602836128362283632836428365283662836728368283692837028371283722837328374283752837628377283782837928380283812838228383283842838528386283872838828389283902839128392283932839428395283962839728398283992840028401284022840328404284052840628407284082840928410284112841228413284142841528416284172841828419284202842128422284232842428425284262842728428284292843028431284322843328434284352843628437284382843928440284412844228443284442844528446284472844828449284502845128452284532845428455284562845728458284592846028461284622846328464284652846628467284682846928470284712847228473284742847528476284772847828479284802848128482284832848428485284862848728488284892849028491284922849328494284952849628497284982849928500285012850228503285042850528506285072850828509285102851128512285132851428515285162851728518285192852028521285222852328524285252852628527285282852928530285312853228533285342853528536285372853828539285402854128542285432854428545285462854728548285492855028551285522855328554285552855628557285582855928560285612856228563285642856528566285672856828569285702857128572285732857428575285762857728578285792858028581285822858328584285852858628587285882858928590285912859228593285942859528596285972859828599286002860128602286032860428605286062860728608286092861028611286122861328614286152861628617286182861928620286212862228623286242862528626286272862828629286302863128632286332863428635286362863728638286392864028641286422864328644286452864628647286482864928650286512865228653286542865528656286572865828659286602866128662286632866428665286662866728668286692867028671286722867328674286752867628677286782867928680286812868228683286842868528686286872868828689286902869128692286932869428695286962869728698286992870028701287022870328704287052870628707287082870928710287112871228713287142871528716287172871828719287202872128722287232872428725287262872728728287292873028731287322873328734287352873628737287382873928740287412874228743287442874528746287472874828749287502875128752287532875428755287562875728758287592876028761287622876328764287652876628767287682876928770287712877228773287742877528776287772877828779287802878128782287832878428785287862878728788287892879028791287922879328794287952879628797287982879928800288012880228803288042880528806288072880828809288102881128812288132881428815288162881728818288192882028821288222882328824288252882628827288282882928830288312883228833288342883528836288372883828839288402884128842288432884428845288462884728848288492885028851288522885328854288552885628857288582885928860288612886228863288642886528866288672886828869288702887128872288732887428875288762887728878288792888028881288822888328884288852888628887288882888928890288912889228893288942889528896288972889828899289002890128902289032890428905289062890728908289092891028911289122891328914289152891628917289182891928920289212892228923289242892528926289272892828929289302893128932289332893428935289362893728938289392894028941289422894328944289452894628947289482894928950289512895228953289542895528956289572895828959289602896128962289632896428965289662896728968289692897028971289722897328974289752897628977289782897928980289812898228983289842898528986289872898828989289902899128992289932899428995289962899728998289992900029001290022900329004290052900629007290082900929010290112901229013290142901529016290172901829019290202902129022290232902429025290262902729028290292903029031290322903329034290352903629037290382903929040290412904229043290442904529046290472904829049290502905129052290532905429055290562905729058290592906029061290622906329064290652906629067290682906929070290712907229073290742907529076290772907829079290802908129082290832908429085290862908729088290892909029091290922909329094290952909629097290982909929100291012910229103291042910529106291072910829109291102911129112291132911429115291162911729118291192912029121291222912329124291252912629127291282912929130291312913229133291342913529136291372913829139291402914129142291432914429145291462914729148291492915029151291522915329154291552915629157291582915929160291612916229163291642916529166291672916829169291702917129172291732917429175291762917729178291792918029181291822918329184291852918629187291882918929190291912919229193291942919529196291972919829199292002920129202292032920429205292062920729208292092921029211292122921329214292152921629217292182921929220292212922229223292242922529226292272922829229292302923129232292332923429235292362923729238292392924029241292422924329244292452924629247292482924929250292512925229253292542925529256292572925829259292602926129262292632926429265292662926729268292692927029271292722927329274292752927629277292782927929280292812928229283292842928529286292872928829289292902929129292292932929429295292962929729298292992930029301293022930329304293052930629307293082930929310293112931229313293142931529316293172931829319293202932129322293232932429325293262932729328293292933029331293322933329334293352933629337293382933929340293412934229343293442934529346293472934829349293502935129352293532935429355293562935729358293592936029361293622936329364293652936629367293682936929370293712937229373293742937529376293772937829379293802938129382293832938429385293862938729388293892939029391293922939329394293952939629397293982939929400294012940229403294042940529406294072940829409294102941129412294132941429415294162941729418294192942029421294222942329424294252942629427294282942929430294312943229433294342943529436294372943829439294402944129442294432944429445294462944729448294492945029451294522945329454294552945629457294582945929460294612946229463294642946529466294672946829469294702947129472294732947429475294762947729478294792948029481294822948329484294852948629487294882948929490294912949229493294942949529496294972949829499295002950129502295032950429505295062950729508295092951029511295122951329514295152951629517295182951929520295212952229523295242952529526295272952829529295302953129532295332953429535295362953729538295392954029541295422954329544295452954629547295482954929550295512955229553295542955529556295572955829559295602956129562295632956429565295662956729568295692957029571295722957329574295752957629577295782957929580295812958229583295842958529586295872958829589295902959129592295932959429595295962959729598295992960029601296022960329604296052960629607296082960929610296112961229613296142961529616296172961829619296202962129622296232962429625296262962729628296292963029631296322963329634296352963629637296382963929640296412964229643296442964529646296472964829649296502965129652296532965429655296562965729658296592966029661296622966329664296652966629667296682966929670296712967229673296742967529676296772967829679296802968129682296832968429685296862968729688296892969029691296922969329694296952969629697296982969929700297012970229703297042970529706297072970829709297102971129712297132971429715297162971729718297192972029721297222972329724297252972629727297282972929730297312973229733297342973529736297372973829739297402974129742297432974429745297462974729748297492975029751297522975329754297552975629757297582975929760297612976229763297642976529766297672976829769297702977129772297732977429775297762977729778297792978029781297822978329784297852978629787297882978929790297912979229793297942979529796297972979829799298002980129802298032980429805298062980729808298092981029811298122981329814298152981629817298182981929820298212982229823298242982529826298272982829829298302983129832298332983429835298362983729838298392984029841298422984329844298452984629847298482984929850298512985229853298542985529856298572985829859298602986129862298632986429865298662986729868298692987029871298722987329874298752987629877298782987929880298812988229883298842988529886298872988829889298902989129892298932989429895298962989729898298992990029901299022990329904299052990629907299082990929910299112991229913299142991529916299172991829919299202992129922299232992429925299262992729928299292993029931299322993329934299352993629937299382993929940299412994229943299442994529946299472994829949299502995129952299532995429955299562995729958299592996029961299622996329964299652996629967299682996929970299712997229973299742997529976299772997829979299802998129982299832998429985299862998729988299892999029991299922999329994299952999629997299982999930000300013000230003300043000530006300073000830009300103001130012300133001430015300163001730018300193002030021300223002330024300253002630027300283002930030300313003230033300343003530036300373003830039300403004130042300433004430045300463004730048300493005030051300523005330054300553005630057300583005930060300613006230063300643006530066300673006830069300703007130072300733007430075300763007730078300793008030081300823008330084300853008630087300883008930090300913009230093300943009530096300973009830099301003010130102301033010430105301063010730108301093011030111301123011330114301153011630117301183011930120301213012230123301243012530126301273012830129301303013130132301333013430135301363013730138301393014030141301423014330144301453014630147301483014930150301513015230153301543015530156301573015830159301603016130162301633016430165301663016730168301693017030171301723017330174301753017630177301783017930180301813018230183301843018530186301873018830189301903019130192301933019430195301963019730198301993020030201302023020330204302053020630207302083020930210302113021230213302143021530216302173021830219302203022130222302233022430225302263022730228302293023030231302323023330234302353023630237302383023930240302413024230243302443024530246302473024830249302503025130252302533025430255302563025730258302593026030261302623026330264302653026630267302683026930270302713027230273302743027530276302773027830279302803028130282302833028430285302863028730288302893029030291302923029330294302953029630297302983029930300303013030230303303043030530306303073030830309303103031130312303133031430315303163031730318303193032030321303223032330324303253032630327303283032930330303313033230333303343033530336303373033830339303403034130342303433034430345303463034730348303493035030351303523035330354303553035630357303583035930360303613036230363303643036530366303673036830369303703037130372303733037430375303763037730378303793038030381303823038330384303853038630387303883038930390303913039230393303943039530396303973039830399304003040130402304033040430405304063040730408304093041030411304123041330414304153041630417304183041930420304213042230423304243042530426304273042830429304303043130432304333043430435304363043730438304393044030441304423044330444304453044630447304483044930450304513045230453304543045530456304573045830459304603046130462304633046430465304663046730468304693047030471304723047330474304753047630477304783047930480304813048230483304843048530486304873048830489304903049130492304933049430495304963049730498304993050030501305023050330504305053050630507305083050930510305113051230513305143051530516305173051830519305203052130522305233052430525305263052730528305293053030531305323053330534305353053630537305383053930540305413054230543305443054530546305473054830549305503055130552305533055430555305563055730558305593056030561305623056330564305653056630567305683056930570305713057230573305743057530576305773057830579305803058130582305833058430585305863058730588305893059030591305923059330594305953059630597305983059930600306013060230603306043060530606306073060830609306103061130612306133061430615306163061730618306193062030621306223062330624306253062630627306283062930630306313063230633306343063530636306373063830639306403064130642306433064430645306463064730648306493065030651306523065330654306553065630657306583065930660306613066230663306643066530666306673066830669306703067130672306733067430675306763067730678306793068030681306823068330684306853068630687306883068930690306913069230693306943069530696306973069830699307003070130702307033070430705307063070730708307093071030711307123071330714307153071630717307183071930720307213072230723307243072530726307273072830729307303073130732307333073430735307363073730738307393074030741307423074330744307453074630747307483074930750307513075230753307543075530756307573075830759307603076130762307633076430765307663076730768307693077030771307723077330774307753077630777307783077930780307813078230783307843078530786307873078830789307903079130792307933079430795307963079730798307993080030801308023080330804308053080630807308083080930810308113081230813308143081530816308173081830819308203082130822308233082430825308263082730828308293083030831308323083330834308353083630837308383083930840308413084230843308443084530846308473084830849308503085130852308533085430855308563085730858308593086030861308623086330864308653086630867308683086930870308713087230873308743087530876308773087830879308803088130882308833088430885308863088730888308893089030891308923089330894308953089630897308983089930900309013090230903309043090530906309073090830909309103091130912309133091430915309163091730918309193092030921309223092330924309253092630927309283092930930309313093230933309343093530936309373093830939309403094130942309433094430945309463094730948309493095030951309523095330954309553095630957309583095930960309613096230963309643096530966309673096830969309703097130972309733097430975309763097730978309793098030981309823098330984309853098630987309883098930990309913099230993309943099530996309973099830999310003100131002310033100431005310063100731008310093101031011310123101331014310153101631017310183101931020310213102231023310243102531026310273102831029310303103131032310333103431035310363103731038310393104031041310423104331044310453104631047310483104931050310513105231053310543105531056310573105831059310603106131062310633106431065310663106731068310693107031071310723107331074310753107631077310783107931080310813108231083310843108531086310873108831089310903109131092310933109431095310963109731098310993110031101311023110331104311053110631107311083110931110311113111231113311143111531116311173111831119311203112131122311233112431125311263112731128311293113031131311323113331134311353113631137311383113931140311413114231143311443114531146311473114831149311503115131152311533115431155311563115731158311593116031161311623116331164311653116631167311683116931170311713117231173311743117531176311773117831179311803118131182311833118431185311863118731188311893119031191311923119331194311953119631197311983119931200312013120231203312043120531206312073120831209312103121131212312133121431215312163121731218312193122031221312223122331224312253122631227312283122931230312313123231233312343123531236312373123831239312403124131242312433124431245312463124731248312493125031251312523125331254312553125631257312583125931260312613126231263312643126531266312673126831269312703127131272312733127431275312763127731278312793128031281312823128331284312853128631287312883128931290312913129231293312943129531296312973129831299313003130131302313033130431305313063130731308313093131031311313123131331314313153131631317313183131931320313213132231323313243132531326313273132831329313303133131332313333133431335313363133731338313393134031341313423134331344313453134631347313483134931350313513135231353313543135531356313573135831359313603136131362313633136431365313663136731368313693137031371313723137331374313753137631377313783137931380313813138231383313843138531386313873138831389313903139131392313933139431395313963139731398313993140031401314023140331404314053140631407314083140931410314113141231413314143141531416314173141831419314203142131422314233142431425314263142731428314293143031431314323143331434314353143631437314383143931440314413144231443314443144531446314473144831449314503145131452314533145431455314563145731458314593146031461314623146331464314653146631467314683146931470314713147231473314743147531476314773147831479314803148131482314833148431485314863148731488314893149031491314923149331494314953149631497314983149931500315013150231503315043150531506315073150831509315103151131512315133151431515315163151731518315193152031521315223152331524315253152631527315283152931530315313153231533315343153531536315373153831539315403154131542315433154431545315463154731548315493155031551315523155331554315553155631557315583155931560315613156231563315643156531566315673156831569315703157131572315733157431575315763157731578315793158031581315823158331584315853158631587315883158931590315913159231593315943159531596315973159831599316003160131602316033160431605316063160731608316093161031611316123161331614316153161631617316183161931620316213162231623316243162531626316273162831629316303163131632316333163431635316363163731638316393164031641316423164331644316453164631647316483164931650316513165231653316543165531656316573165831659316603166131662316633166431665316663166731668316693167031671316723167331674316753167631677316783167931680316813168231683316843168531686316873168831689316903169131692316933169431695316963169731698316993170031701317023170331704317053170631707317083170931710317113171231713317143171531716317173171831719317203172131722317233172431725317263172731728317293173031731317323173331734317353173631737317383173931740317413174231743317443174531746317473174831749317503175131752317533175431755317563175731758317593176031761317623176331764317653176631767317683176931770317713177231773317743177531776317773177831779317803178131782317833178431785317863178731788317893179031791317923179331794317953179631797317983179931800318013180231803318043180531806318073180831809318103181131812318133181431815318163181731818318193182031821318223182331824318253182631827318283182931830318313183231833318343183531836318373183831839318403184131842318433184431845318463184731848318493185031851318523185331854318553185631857318583185931860318613186231863318643186531866318673186831869318703187131872318733187431875318763187731878318793188031881318823188331884318853188631887318883188931890318913189231893318943189531896318973189831899319003190131902319033190431905319063190731908319093191031911319123191331914319153191631917319183191931920319213192231923319243192531926319273192831929319303193131932319333193431935319363193731938319393194031941319423194331944319453194631947319483194931950319513195231953319543195531956319573195831959319603196131962319633196431965319663196731968319693197031971319723197331974319753197631977319783197931980319813198231983319843198531986319873198831989319903199131992319933199431995319963199731998319993200032001320023200332004320053200632007320083200932010320113201232013320143201532016320173201832019320203202132022320233202432025320263202732028320293203032031320323203332034320353203632037320383203932040320413204232043320443204532046320473204832049320503205132052320533205432055320563205732058320593206032061320623206332064320653206632067320683206932070320713207232073320743207532076320773207832079320803208132082320833208432085320863208732088320893209032091320923209332094320953209632097320983209932100321013210232103321043210532106321073210832109321103211132112321133211432115321163211732118321193212032121321223212332124321253212632127321283212932130321313213232133321343213532136321373213832139321403214132142321433214432145321463214732148321493215032151321523215332154321553215632157321583215932160321613216232163321643216532166321673216832169321703217132172321733217432175321763217732178321793218032181321823218332184321853218632187321883218932190321913219232193321943219532196321973219832199322003220132202322033220432205322063220732208322093221032211322123221332214322153221632217322183221932220322213222232223322243222532226322273222832229322303223132232322333223432235322363223732238322393224032241322423224332244322453224632247322483224932250322513225232253322543225532256322573225832259322603226132262322633226432265322663226732268322693227032271322723227332274322753227632277322783227932280322813228232283322843228532286322873228832289322903229132292322933229432295322963229732298322993230032301323023230332304323053230632307323083230932310323113231232313323143231532316323173231832319323203232132322323233232432325323263232732328323293233032331323323233332334323353233632337323383233932340323413234232343323443234532346323473234832349323503235132352323533235432355323563235732358323593236032361323623236332364323653236632367323683236932370323713237232373323743237532376323773237832379323803238132382323833238432385323863238732388323893239032391323923239332394323953239632397323983239932400324013240232403324043240532406324073240832409324103241132412324133241432415324163241732418324193242032421324223242332424324253242632427324283242932430324313243232433324343243532436324373243832439324403244132442324433244432445324463244732448324493245032451324523245332454324553245632457324583245932460324613246232463324643246532466324673246832469324703247132472324733247432475324763247732478324793248032481324823248332484324853248632487324883248932490324913249232493324943249532496324973249832499325003250132502325033250432505325063250732508325093251032511325123251332514325153251632517325183251932520325213252232523325243252532526325273252832529325303253132532325333253432535325363253732538325393254032541325423254332544325453254632547325483254932550325513255232553325543255532556325573255832559325603256132562325633256432565325663256732568325693257032571325723257332574325753257632577325783257932580325813258232583325843258532586325873258832589325903259132592325933259432595325963259732598325993260032601326023260332604326053260632607326083260932610326113261232613326143261532616326173261832619326203262132622326233262432625326263262732628326293263032631326323263332634326353263632637326383263932640326413264232643326443264532646326473264832649326503265132652326533265432655326563265732658326593266032661326623266332664326653266632667326683266932670326713267232673326743267532676326773267832679326803268132682326833268432685326863268732688326893269032691326923269332694326953269632697326983269932700327013270232703327043270532706327073270832709327103271132712327133271432715327163271732718327193272032721327223272332724327253272632727327283272932730327313273232733327343273532736327373273832739327403274132742327433274432745327463274732748327493275032751327523275332754327553275632757327583275932760327613276232763327643276532766327673276832769327703277132772327733277432775327763277732778327793278032781327823278332784327853278632787327883278932790327913279232793327943279532796327973279832799328003280132802328033280432805328063280732808328093281032811328123281332814328153281632817328183281932820328213282232823328243282532826328273282832829328303283132832328333283432835328363283732838328393284032841328423284332844328453284632847328483284932850328513285232853328543285532856328573285832859328603286132862328633286432865328663286732868328693287032871328723287332874328753287632877328783287932880328813288232883328843288532886328873288832889328903289132892328933289432895328963289732898328993290032901329023290332904329053290632907329083290932910329113291232913329143291532916329173291832919329203292132922329233292432925329263292732928329293293032931329323293332934329353293632937329383293932940329413294232943329443294532946329473294832949329503295132952329533295432955329563295732958329593296032961329623296332964329653296632967329683296932970329713297232973329743297532976329773297832979329803298132982329833298432985329863298732988329893299032991329923299332994329953299632997329983299933000330013300233003330043300533006330073300833009330103301133012330133301433015330163301733018330193302033021330223302333024330253302633027330283302933030330313303233033330343303533036330373303833039330403304133042330433304433045330463304733048330493305033051330523305333054330553305633057330583305933060330613306233063330643306533066330673306833069330703307133072330733307433075330763307733078330793308033081330823308333084330853308633087330883308933090330913309233093330943309533096330973309833099331003310133102331033310433105331063310733108331093311033111331123311333114331153311633117331183311933120331213312233123331243312533126331273312833129331303313133132331333313433135331363313733138331393314033141331423314333144331453314633147331483314933150331513315233153331543315533156331573315833159331603316133162331633316433165331663316733168331693317033171331723317333174331753317633177331783317933180331813318233183331843318533186331873318833189331903319133192331933319433195331963319733198331993320033201332023320333204332053320633207332083320933210332113321233213332143321533216332173321833219332203322133222332233322433225332263322733228332293323033231332323323333234332353323633237332383323933240332413324233243332443324533246332473324833249332503325133252332533325433255332563325733258332593326033261332623326333264332653326633267332683326933270332713327233273332743327533276332773327833279332803328133282332833328433285332863328733288332893329033291332923329333294332953329633297332983329933300333013330233303333043330533306333073330833309333103331133312333133331433315333163331733318333193332033321333223332333324333253332633327333283332933330333313333233333333343333533336333373333833339333403334133342333433334433345333463334733348333493335033351333523335333354333553335633357333583335933360333613336233363333643336533366333673336833369333703337133372333733337433375333763337733378333793338033381333823338333384333853338633387333883338933390333913339233393333943339533396333973339833399334003340133402334033340433405334063340733408334093341033411334123341333414334153341633417334183341933420334213342233423334243342533426334273342833429334303343133432334333343433435334363343733438334393344033441334423344333444334453344633447334483344933450334513345233453334543345533456334573345833459334603346133462334633346433465334663346733468334693347033471334723347333474334753347633477334783347933480334813348233483334843348533486334873348833489334903349133492334933349433495334963349733498334993350033501335023350333504335053350633507335083350933510335113351233513335143351533516335173351833519335203352133522335233352433525335263352733528335293353033531335323353333534335353353633537335383353933540335413354233543335443354533546335473354833549335503355133552335533355433555335563355733558335593356033561335623356333564335653356633567335683356933570335713357233573335743357533576335773357833579335803358133582335833358433585335863358733588335893359033591335923359333594335953359633597335983359933600336013360233603336043360533606336073360833609336103361133612336133361433615336163361733618336193362033621336223362333624336253362633627336283362933630336313363233633336343363533636336373363833639336403364133642336433364433645336463364733648336493365033651336523365333654336553365633657336583365933660336613366233663336643366533666336673366833669336703367133672336733367433675336763367733678336793368033681336823368333684336853368633687336883368933690336913369233693336943369533696336973369833699337003370133702337033370433705337063370733708337093371033711337123371333714337153371633717337183371933720337213372233723337243372533726337273372833729337303373133732337333373433735337363373733738337393374033741337423374333744337453374633747337483374933750337513375233753337543375533756337573375833759337603376133762337633376433765337663376733768337693377033771337723377333774337753377633777337783377933780337813378233783337843378533786337873378833789337903379133792337933379433795337963379733798337993380033801338023380333804338053380633807338083380933810338113381233813338143381533816338173381833819338203382133822338233382433825338263382733828338293383033831338323383333834338353383633837338383383933840338413384233843338443384533846338473384833849338503385133852338533385433855338563385733858338593386033861338623386333864338653386633867338683386933870338713387233873338743387533876338773387833879338803388133882338833388433885338863388733888338893389033891338923389333894338953389633897338983389933900339013390233903339043390533906339073390833909339103391133912339133391433915339163391733918339193392033921339223392333924339253392633927339283392933930339313393233933339343393533936339373393833939339403394133942339433394433945339463394733948339493395033951339523395333954339553395633957339583395933960339613396233963339643396533966339673396833969339703397133972339733397433975339763397733978339793398033981339823398333984339853398633987339883398933990339913399233993339943399533996339973399833999340003400134002340033400434005340063400734008340093401034011340123401334014340153401634017340183401934020340213402234023340243402534026340273402834029340303403134032340333403434035340363403734038340393404034041340423404334044340453404634047340483404934050340513405234053340543405534056340573405834059340603406134062340633406434065340663406734068340693407034071340723407334074340753407634077340783407934080340813408234083340843408534086340873408834089340903409134092340933409434095340963409734098340993410034101341023410334104341053410634107341083410934110341113411234113341143411534116341173411834119341203412134122341233412434125341263412734128341293413034131341323413334134341353413634137341383413934140341413414234143341443414534146341473414834149341503415134152341533415434155341563415734158341593416034161341623416334164341653416634167341683416934170341713417234173341743417534176341773417834179341803418134182341833418434185341863418734188341893419034191341923419334194341953419634197341983419934200342013420234203342043420534206342073420834209342103421134212342133421434215342163421734218342193422034221342223422334224342253422634227342283422934230342313423234233342343423534236342373423834239342403424134242342433424434245342463424734248342493425034251342523425334254342553425634257342583425934260342613426234263342643426534266342673426834269342703427134272342733427434275342763427734278342793428034281342823428334284342853428634287342883428934290342913429234293342943429534296342973429834299343003430134302343033430434305343063430734308343093431034311343123431334314343153431634317343183431934320343213432234323343243432534326343273432834329343303433134332343333433434335343363433734338343393434034341343423434334344343453434634347343483434934350343513435234353343543435534356343573435834359343603436134362343633436434365343663436734368343693437034371343723437334374343753437634377343783437934380343813438234383343843438534386343873438834389343903439134392343933439434395343963439734398343993440034401344023440334404344053440634407344083440934410344113441234413344143441534416344173441834419344203442134422344233442434425344263442734428344293443034431344323443334434344353443634437344383443934440344413444234443344443444534446344473444834449344503445134452344533445434455344563445734458344593446034461344623446334464344653446634467344683446934470344713447234473344743447534476344773447834479344803448134482344833448434485344863448734488344893449034491344923449334494344953449634497344983449934500345013450234503345043450534506345073450834509345103451134512345133451434515345163451734518345193452034521345223452334524345253452634527345283452934530345313453234533345343453534536345373453834539345403454134542345433454434545345463454734548345493455034551345523455334554345553455634557345583455934560345613456234563345643456534566345673456834569345703457134572345733457434575345763457734578345793458034581345823458334584345853458634587345883458934590345913459234593345943459534596345973459834599346003460134602346033460434605346063460734608346093461034611346123461334614346153461634617346183461934620346213462234623346243462534626346273462834629346303463134632346333463434635346363463734638346393464034641346423464334644346453464634647346483464934650346513465234653346543465534656346573465834659346603466134662346633466434665346663466734668346693467034671346723467334674346753467634677346783467934680346813468234683346843468534686346873468834689346903469134692346933469434695346963469734698346993470034701347023470334704347053470634707347083470934710347113471234713347143471534716347173471834719347203472134722347233472434725347263472734728347293473034731347323473334734347353473634737347383473934740347413474234743347443474534746347473474834749347503475134752347533475434755347563475734758347593476034761347623476334764347653476634767347683476934770347713477234773347743477534776347773477834779347803478134782347833478434785347863478734788347893479034791347923479334794347953479634797347983479934800348013480234803348043480534806348073480834809348103481134812348133481434815348163481734818348193482034821348223482334824348253482634827348283482934830348313483234833348343483534836348373483834839348403484134842348433484434845348463484734848348493485034851348523485334854348553485634857348583485934860348613486234863348643486534866348673486834869348703487134872348733487434875348763487734878348793488034881348823488334884348853488634887348883488934890348913489234893348943489534896348973489834899349003490134902349033490434905349063490734908349093491034911349123491334914349153491634917349183491934920349213492234923349243492534926349273492834929349303493134932349333493434935349363493734938349393494034941349423494334944349453494634947349483494934950349513495234953349543495534956349573495834959349603496134962349633496434965349663496734968349693497034971349723497334974349753497634977349783497934980349813498234983349843498534986349873498834989349903499134992349933499434995349963499734998349993500035001350023500335004350053500635007350083500935010350113501235013350143501535016350173501835019350203502135022350233502435025350263502735028350293503035031350323503335034350353503635037350383503935040350413504235043350443504535046350473504835049350503505135052350533505435055350563505735058350593506035061350623506335064350653506635067350683506935070350713507235073350743507535076350773507835079350803508135082350833508435085350863508735088350893509035091350923509335094350953509635097350983509935100351013510235103351043510535106351073510835109351103511135112351133511435115351163511735118351193512035121351223512335124351253512635127351283512935130351313513235133351343513535136351373513835139351403514135142351433514435145351463514735148351493515035151351523515335154351553515635157351583515935160351613516235163351643516535166351673516835169351703517135172351733517435175351763517735178351793518035181351823518335184351853518635187351883518935190351913519235193351943519535196351973519835199352003520135202352033520435205352063520735208352093521035211352123521335214352153521635217352183521935220352213522235223352243522535226352273522835229352303523135232352333523435235352363523735238352393524035241352423524335244352453524635247352483524935250352513525235253352543525535256352573525835259352603526135262352633526435265352663526735268352693527035271352723527335274352753527635277352783527935280352813528235283352843528535286352873528835289352903529135292352933529435295352963529735298352993530035301353023530335304353053530635307353083530935310353113531235313353143531535316353173531835319353203532135322353233532435325353263532735328353293533035331353323533335334353353533635337353383533935340353413534235343353443534535346353473534835349353503535135352353533535435355353563535735358353593536035361353623536335364353653536635367353683536935370353713537235373353743537535376353773537835379353803538135382353833538435385353863538735388353893539035391353923539335394353953539635397353983539935400354013540235403354043540535406354073540835409354103541135412354133541435415354163541735418354193542035421354223542335424354253542635427354283542935430354313543235433354343543535436354373543835439354403544135442354433544435445354463544735448354493545035451354523545335454354553545635457354583545935460354613546235463354643546535466354673546835469354703547135472354733547435475354763547735478354793548035481354823548335484354853548635487354883548935490354913549235493354943549535496354973549835499355003550135502355033550435505355063550735508355093551035511355123551335514355153551635517355183551935520355213552235523355243552535526355273552835529355303553135532355333553435535355363553735538355393554035541355423554335544355453554635547355483554935550355513555235553355543555535556355573555835559355603556135562355633556435565355663556735568355693557035571355723557335574355753557635577355783557935580355813558235583355843558535586355873558835589355903559135592355933559435595355963559735598355993560035601356023560335604356053560635607356083560935610356113561235613356143561535616356173561835619356203562135622356233562435625356263562735628356293563035631356323563335634356353563635637356383563935640356413564235643356443564535646356473564835649356503565135652356533565435655356563565735658356593566035661356623566335664356653566635667356683566935670356713567235673356743567535676356773567835679356803568135682356833568435685356863568735688356893569035691356923569335694356953569635697356983569935700357013570235703357043570535706357073570835709357103571135712357133571435715357163571735718357193572035721357223572335724357253572635727357283572935730357313573235733357343573535736357373573835739357403574135742357433574435745357463574735748357493575035751357523575335754357553575635757357583575935760357613576235763357643576535766357673576835769357703577135772357733577435775357763577735778357793578035781357823578335784357853578635787357883578935790357913579235793357943579535796357973579835799358003580135802358033580435805358063580735808358093581035811358123581335814358153581635817358183581935820358213582235823358243582535826358273582835829358303583135832358333583435835358363583735838358393584035841358423584335844358453584635847358483584935850358513585235853358543585535856358573585835859358603586135862358633586435865358663586735868358693587035871358723587335874358753587635877358783587935880358813588235883358843588535886358873588835889358903589135892358933589435895358963589735898358993590035901359023590335904359053590635907359083590935910359113591235913359143591535916359173591835919359203592135922359233592435925359263592735928359293593035931359323593335934359353593635937359383593935940359413594235943359443594535946359473594835949359503595135952359533595435955359563595735958359593596035961359623596335964359653596635967359683596935970359713597235973359743597535976359773597835979359803598135982359833598435985359863598735988359893599035991359923599335994359953599635997359983599936000360013600236003360043600536006360073600836009360103601136012360133601436015360163601736018360193602036021360223602336024360253602636027360283602936030360313603236033360343603536036360373603836039360403604136042360433604436045360463604736048360493605036051360523605336054360553605636057360583605936060360613606236063360643606536066360673606836069360703607136072360733607436075360763607736078360793608036081360823608336084360853608636087360883608936090360913609236093360943609536096360973609836099361003610136102361033610436105361063610736108361093611036111361123611336114361153611636117361183611936120361213612236123361243612536126361273612836129361303613136132361333613436135361363613736138361393614036141361423614336144361453614636147361483614936150361513615236153361543615536156361573615836159361603616136162361633616436165361663616736168361693617036171361723617336174361753617636177361783617936180361813618236183361843618536186361873618836189361903619136192361933619436195361963619736198361993620036201362023620336204362053620636207362083620936210362113621236213362143621536216362173621836219362203622136222362233622436225362263622736228362293623036231362323623336234362353623636237362383623936240362413624236243362443624536246362473624836249362503625136252362533625436255362563625736258362593626036261362623626336264362653626636267362683626936270362713627236273362743627536276362773627836279362803628136282362833628436285362863628736288362893629036291362923629336294362953629636297362983629936300363013630236303363043630536306363073630836309363103631136312363133631436315363163631736318363193632036321363223632336324363253632636327363283632936330363313633236333363343633536336363373633836339363403634136342363433634436345363463634736348363493635036351363523635336354363553635636357363583635936360363613636236363363643636536366363673636836369363703637136372363733637436375363763637736378363793638036381363823638336384363853638636387363883638936390363913639236393363943639536396363973639836399364003640136402364033640436405364063640736408364093641036411364123641336414364153641636417364183641936420364213642236423364243642536426364273642836429364303643136432364333643436435364363643736438364393644036441364423644336444364453644636447364483644936450364513645236453364543645536456364573645836459364603646136462364633646436465364663646736468364693647036471364723647336474364753647636477364783647936480364813648236483364843648536486364873648836489364903649136492364933649436495364963649736498364993650036501365023650336504365053650636507365083650936510365113651236513365143651536516365173651836519365203652136522365233652436525365263652736528365293653036531365323653336534365353653636537365383653936540365413654236543365443654536546365473654836549365503655136552365533655436555365563655736558365593656036561365623656336564365653656636567365683656936570365713657236573365743657536576365773657836579365803658136582365833658436585365863658736588365893659036591365923659336594365953659636597365983659936600366013660236603366043660536606366073660836609366103661136612366133661436615366163661736618366193662036621366223662336624366253662636627366283662936630366313663236633366343663536636366373663836639366403664136642366433664436645366463664736648366493665036651366523665336654366553665636657366583665936660366613666236663366643666536666366673666836669366703667136672366733667436675366763667736678366793668036681366823668336684366853668636687366883668936690366913669236693366943669536696366973669836699367003670136702367033670436705367063670736708367093671036711367123671336714367153671636717367183671936720367213672236723367243672536726367273672836729367303673136732367333673436735367363673736738367393674036741367423674336744367453674636747367483674936750367513675236753367543675536756367573675836759367603676136762367633676436765367663676736768367693677036771367723677336774367753677636777367783677936780367813678236783367843678536786367873678836789367903679136792367933679436795367963679736798367993680036801368023680336804368053680636807368083680936810368113681236813368143681536816368173681836819368203682136822368233682436825368263682736828368293683036831368323683336834368353683636837368383683936840368413684236843368443684536846368473684836849368503685136852368533685436855368563685736858368593686036861368623686336864368653686636867368683686936870368713687236873368743687536876368773687836879368803688136882368833688436885368863688736888368893689036891368923689336894368953689636897368983689936900369013690236903369043690536906369073690836909369103691136912369133691436915369163691736918369193692036921369223692336924369253692636927369283692936930369313693236933369343693536936369373693836939369403694136942369433694436945369463694736948369493695036951369523695336954369553695636957369583695936960369613696236963369643696536966369673696836969369703697136972369733697436975369763697736978369793698036981369823698336984369853698636987369883698936990369913699236993369943699536996369973699836999370003700137002370033700437005370063700737008370093701037011370123701337014370153701637017370183701937020370213702237023370243702537026370273702837029370303703137032370333703437035370363703737038370393704037041370423704337044370453704637047370483704937050370513705237053370543705537056370573705837059370603706137062370633706437065370663706737068370693707037071370723707337074370753707637077370783707937080370813708237083370843708537086370873708837089370903709137092370933709437095370963709737098370993710037101371023710337104371053710637107371083710937110371113711237113371143711537116371173711837119371203712137122371233712437125371263712737128371293713037131371323713337134371353713637137371383713937140371413714237143371443714537146371473714837149371503715137152371533715437155371563715737158371593716037161371623716337164371653716637167371683716937170371713717237173371743717537176371773717837179371803718137182371833718437185371863718737188371893719037191371923719337194371953719637197371983719937200372013720237203372043720537206372073720837209372103721137212372133721437215372163721737218372193722037221372223722337224372253722637227372283722937230372313723237233372343723537236372373723837239372403724137242372433724437245372463724737248372493725037251372523725337254372553725637257372583725937260372613726237263372643726537266372673726837269372703727137272372733727437275372763727737278372793728037281372823728337284372853728637287372883728937290372913729237293372943729537296372973729837299373003730137302373033730437305373063730737308373093731037311373123731337314373153731637317373183731937320373213732237323373243732537326373273732837329373303733137332373333733437335373363733737338373393734037341373423734337344373453734637347373483734937350373513735237353373543735537356373573735837359373603736137362373633736437365373663736737368373693737037371373723737337374373753737637377373783737937380373813738237383373843738537386373873738837389373903739137392373933739437395373963739737398373993740037401374023740337404374053740637407374083740937410374113741237413374143741537416374173741837419374203742137422374233742437425374263742737428374293743037431374323743337434374353743637437374383743937440374413744237443374443744537446374473744837449374503745137452374533745437455374563745737458374593746037461374623746337464374653746637467374683746937470374713747237473374743747537476374773747837479374803748137482374833748437485374863748737488374893749037491374923749337494374953749637497374983749937500375013750237503375043750537506375073750837509375103751137512375133751437515375163751737518375193752037521375223752337524375253752637527375283752937530375313753237533375343753537536375373753837539375403754137542375433754437545375463754737548375493755037551375523755337554375553755637557375583755937560375613756237563375643756537566375673756837569375703757137572375733757437575375763757737578375793758037581375823758337584375853758637587375883758937590375913759237593375943759537596375973759837599376003760137602376033760437605376063760737608376093761037611376123761337614376153761637617376183761937620376213762237623376243762537626376273762837629376303763137632376333763437635376363763737638376393764037641376423764337644376453764637647376483764937650376513765237653376543765537656376573765837659376603766137662376633766437665376663766737668376693767037671376723767337674376753767637677376783767937680376813768237683376843768537686376873768837689376903769137692376933769437695376963769737698376993770037701377023770337704377053770637707377083770937710377113771237713377143771537716377173771837719377203772137722377233772437725377263772737728377293773037731377323773337734377353773637737377383773937740377413774237743377443774537746377473774837749377503775137752377533775437755377563775737758377593776037761377623776337764377653776637767377683776937770377713777237773377743777537776377773777837779377803778137782377833778437785377863778737788377893779037791377923779337794377953779637797377983779937800378013780237803378043780537806378073780837809378103781137812378133781437815378163781737818378193782037821378223782337824378253782637827378283782937830378313783237833378343783537836378373783837839378403784137842378433784437845378463784737848378493785037851378523785337854378553785637857378583785937860378613786237863378643786537866378673786837869378703787137872378733787437875378763787737878378793788037881378823788337884378853788637887378883788937890378913789237893378943789537896378973789837899379003790137902379033790437905379063790737908379093791037911379123791337914379153791637917379183791937920379213792237923379243792537926379273792837929379303793137932379333793437935379363793737938379393794037941379423794337944379453794637947379483794937950379513795237953379543795537956379573795837959379603796137962379633796437965379663796737968379693797037971379723797337974379753797637977379783797937980379813798237983379843798537986379873798837989379903799137992379933799437995379963799737998379993800038001380023800338004380053800638007380083800938010380113801238013380143801538016380173801838019380203802138022380233802438025380263802738028380293803038031380323803338034380353803638037380383803938040380413804238043380443804538046380473804838049380503805138052380533805438055380563805738058380593806038061380623806338064380653806638067380683806938070380713807238073380743807538076380773807838079380803808138082380833808438085380863808738088380893809038091380923809338094380953809638097380983809938100381013810238103381043810538106381073810838109381103811138112381133811438115381163811738118381193812038121381223812338124381253812638127381283812938130381313813238133381343813538136381373813838139381403814138142381433814438145381463814738148381493815038151381523815338154381553815638157381583815938160381613816238163381643816538166381673816838169381703817138172381733817438175381763817738178381793818038181381823818338184381853818638187381883818938190381913819238193381943819538196381973819838199382003820138202382033820438205382063820738208382093821038211382123821338214382153821638217382183821938220382213822238223382243822538226382273822838229382303823138232382333823438235382363823738238382393824038241382423824338244382453824638247382483824938250382513825238253382543825538256382573825838259382603826138262382633826438265382663826738268382693827038271382723827338274382753827638277382783827938280382813828238283382843828538286382873828838289382903829138292382933829438295382963829738298382993830038301383023830338304383053830638307383083830938310383113831238313383143831538316383173831838319383203832138322383233832438325383263832738328383293833038331383323833338334383353833638337383383833938340383413834238343383443834538346383473834838349383503835138352383533835438355383563835738358383593836038361383623836338364383653836638367383683836938370383713837238373383743837538376383773837838379383803838138382383833838438385383863838738388383893839038391383923839338394383953839638397383983839938400384013840238403384043840538406384073840838409384103841138412384133841438415384163841738418384193842038421384223842338424384253842638427384283842938430384313843238433384343843538436384373843838439384403844138442384433844438445384463844738448384493845038451384523845338454384553845638457384583845938460384613846238463384643846538466384673846838469384703847138472384733847438475384763847738478384793848038481384823848338484384853848638487384883848938490384913849238493384943849538496384973849838499385003850138502385033850438505385063850738508385093851038511385123851338514385153851638517385183851938520385213852238523385243852538526385273852838529385303853138532385333853438535385363853738538385393854038541385423854338544385453854638547385483854938550385513855238553385543855538556385573855838559385603856138562385633856438565385663856738568385693857038571385723857338574385753857638577385783857938580385813858238583385843858538586385873858838589385903859138592385933859438595385963859738598385993860038601386023860338604386053860638607386083860938610386113861238613386143861538616386173861838619386203862138622386233862438625386263862738628386293863038631386323863338634386353863638637386383863938640386413864238643386443864538646386473864838649386503865138652386533865438655386563865738658386593866038661386623866338664386653866638667386683866938670386713867238673386743867538676386773867838679386803868138682386833868438685386863868738688386893869038691386923869338694386953869638697386983869938700387013870238703387043870538706387073870838709387103871138712387133871438715387163871738718387193872038721387223872338724387253872638727387283872938730387313873238733387343873538736387373873838739387403874138742387433874438745387463874738748387493875038751387523875338754387553875638757387583875938760387613876238763387643876538766387673876838769387703877138772387733877438775387763877738778387793878038781387823878338784387853878638787387883878938790387913879238793387943879538796387973879838799388003880138802388033880438805388063880738808388093881038811388123881338814388153881638817388183881938820388213882238823388243882538826388273882838829388303883138832388333883438835388363883738838388393884038841388423884338844388453884638847388483884938850388513885238853388543885538856388573885838859388603886138862388633886438865388663886738868388693887038871388723887338874388753887638877388783887938880388813888238883388843888538886388873888838889388903889138892388933889438895388963889738898388993890038901389023890338904389053890638907389083890938910389113891238913389143891538916389173891838919389203892138922389233892438925389263892738928389293893038931389323893338934389353893638937389383893938940389413894238943389443894538946389473894838949389503895138952389533895438955389563895738958389593896038961389623896338964389653896638967389683896938970389713897238973389743897538976389773897838979389803898138982389833898438985389863898738988389893899038991389923899338994389953899638997389983899939000390013900239003390043900539006390073900839009390103901139012390133901439015390163901739018390193902039021390223902339024390253902639027390283902939030390313903239033390343903539036390373903839039390403904139042390433904439045390463904739048390493905039051390523905339054390553905639057390583905939060390613906239063390643906539066390673906839069390703907139072390733907439075390763907739078390793908039081390823908339084390853908639087390883908939090390913909239093390943909539096390973909839099391003910139102391033910439105391063910739108391093911039111391123911339114391153911639117391183911939120391213912239123391243912539126391273912839129391303913139132391333913439135391363913739138391393914039141391423914339144391453914639147391483914939150391513915239153391543915539156391573915839159391603916139162391633916439165391663916739168391693917039171391723917339174391753917639177391783917939180391813918239183391843918539186391873918839189391903919139192391933919439195391963919739198391993920039201392023920339204392053920639207392083920939210392113921239213392143921539216392173921839219392203922139222392233922439225392263922739228392293923039231392323923339234392353923639237392383923939240392413924239243392443924539246392473924839249392503925139252392533925439255392563925739258392593926039261392623926339264392653926639267392683926939270392713927239273392743927539276392773927839279392803928139282392833928439285392863928739288392893929039291392923929339294392953929639297392983929939300393013930239303393043930539306393073930839309393103931139312393133931439315393163931739318393193932039321393223932339324393253932639327393283932939330393313933239333393343933539336393373933839339393403934139342393433934439345393463934739348393493935039351393523935339354393553935639357393583935939360393613936239363393643936539366393673936839369393703937139372393733937439375393763937739378393793938039381393823938339384393853938639387393883938939390393913939239393393943939539396393973939839399394003940139402394033940439405394063940739408394093941039411394123941339414394153941639417394183941939420394213942239423394243942539426394273942839429394303943139432394333943439435394363943739438394393944039441394423944339444394453944639447394483944939450394513945239453394543945539456394573945839459394603946139462394633946439465394663946739468394693947039471394723947339474394753947639477394783947939480394813948239483394843948539486394873948839489394903949139492394933949439495394963949739498394993950039501395023950339504395053950639507395083950939510395113951239513395143951539516395173951839519395203952139522395233952439525395263952739528395293953039531395323953339534395353953639537395383953939540395413954239543395443954539546395473954839549395503955139552395533955439555395563955739558395593956039561395623956339564395653956639567395683956939570395713957239573395743957539576395773957839579395803958139582395833958439585395863958739588395893959039591395923959339594395953959639597395983959939600396013960239603396043960539606396073960839609396103961139612396133961439615396163961739618396193962039621396223962339624396253962639627396283962939630396313963239633396343963539636396373963839639396403964139642396433964439645396463964739648396493965039651396523965339654396553965639657396583965939660396613966239663396643966539666396673966839669396703967139672396733967439675396763967739678396793968039681396823968339684396853968639687396883968939690396913969239693396943969539696396973969839699397003970139702397033970439705397063970739708397093971039711397123971339714397153971639717397183971939720397213972239723397243972539726397273972839729397303973139732397333973439735397363973739738397393974039741397423974339744397453974639747397483974939750397513975239753397543975539756397573975839759397603976139762397633976439765397663976739768397693977039771397723977339774397753977639777397783977939780397813978239783397843978539786397873978839789397903979139792397933979439795397963979739798397993980039801398023980339804398053980639807398083980939810398113981239813398143981539816398173981839819398203982139822398233982439825398263982739828398293983039831398323983339834398353983639837398383983939840398413984239843398443984539846398473984839849398503985139852398533985439855398563985739858398593986039861398623986339864398653986639867398683986939870398713987239873398743987539876398773987839879398803988139882398833988439885398863988739888398893989039891398923989339894398953989639897398983989939900399013990239903399043990539906399073990839909399103991139912399133991439915399163991739918399193992039921399223992339924399253992639927399283992939930399313993239933399343993539936399373993839939399403994139942399433994439945399463994739948399493995039951399523995339954399553995639957399583995939960399613996239963399643996539966399673996839969399703997139972399733997439975399763997739978399793998039981399823998339984399853998639987399883998939990399913999239993399943999539996399973999839999400004000140002400034000440005400064000740008400094001040011400124001340014400154001640017400184001940020400214002240023400244002540026400274002840029400304003140032400334003440035400364003740038400394004040041400424004340044400454004640047400484004940050400514005240053400544005540056400574005840059400604006140062400634006440065400664006740068400694007040071400724007340074400754007640077400784007940080400814008240083400844008540086400874008840089400904009140092400934009440095400964009740098400994010040101401024010340104401054010640107401084010940110401114011240113401144011540116401174011840119401204012140122401234012440125401264012740128401294013040131401324013340134401354013640137401384013940140401414014240143401444014540146401474014840149401504015140152401534015440155401564015740158401594016040161401624016340164401654016640167401684016940170401714017240173401744017540176401774017840179401804018140182401834018440185401864018740188401894019040191401924019340194401954019640197401984019940200402014020240203402044020540206402074020840209402104021140212402134021440215402164021740218402194022040221402224022340224402254022640227402284022940230402314023240233402344023540236402374023840239402404024140242402434024440245402464024740248402494025040251402524025340254402554025640257402584025940260402614026240263402644026540266402674026840269402704027140272402734027440275402764027740278402794028040281402824028340284402854028640287402884028940290402914029240293402944029540296402974029840299403004030140302403034030440305403064030740308403094031040311403124031340314403154031640317403184031940320403214032240323403244032540326403274032840329403304033140332403334033440335403364033740338403394034040341403424034340344403454034640347403484034940350403514035240353403544035540356403574035840359403604036140362403634036440365403664036740368403694037040371403724037340374403754037640377403784037940380403814038240383403844038540386403874038840389403904039140392403934039440395403964039740398403994040040401404024040340404404054040640407404084040940410404114041240413404144041540416404174041840419404204042140422404234042440425404264042740428404294043040431404324043340434404354043640437404384043940440404414044240443404444044540446404474044840449404504045140452404534045440455404564045740458404594046040461404624046340464404654046640467404684046940470404714047240473404744047540476404774047840479404804048140482404834048440485404864048740488404894049040491404924049340494404954049640497404984049940500405014050240503405044050540506405074050840509405104051140512405134051440515405164051740518405194052040521405224052340524405254052640527405284052940530405314053240533405344053540536405374053840539405404054140542405434054440545405464054740548405494055040551405524055340554405554055640557405584055940560405614056240563405644056540566405674056840569405704057140572405734057440575405764057740578405794058040581405824058340584405854058640587405884058940590405914059240593405944059540596405974059840599406004060140602406034060440605406064060740608406094061040611406124061340614406154061640617406184061940620406214062240623406244062540626406274062840629406304063140632406334063440635406364063740638406394064040641406424064340644406454064640647406484064940650406514065240653406544065540656406574065840659406604066140662406634066440665406664066740668406694067040671406724067340674406754067640677406784067940680406814068240683406844068540686406874068840689406904069140692406934069440695406964069740698406994070040701407024070340704407054070640707407084070940710407114071240713407144071540716407174071840719407204072140722407234072440725407264072740728407294073040731407324073340734407354073640737407384073940740407414074240743407444074540746407474074840749407504075140752407534075440755407564075740758407594076040761407624076340764407654076640767407684076940770407714077240773407744077540776407774077840779407804078140782407834078440785407864078740788407894079040791407924079340794407954079640797407984079940800408014080240803408044080540806408074080840809408104081140812408134081440815408164081740818408194082040821408224082340824408254082640827408284082940830408314083240833408344083540836408374083840839408404084140842408434084440845408464084740848408494085040851408524085340854408554085640857408584085940860408614086240863408644086540866408674086840869408704087140872408734087440875408764087740878408794088040881408824088340884408854088640887408884088940890408914089240893408944089540896408974089840899409004090140902409034090440905409064090740908409094091040911409124091340914409154091640917409184091940920409214092240923409244092540926409274092840929409304093140932409334093440935409364093740938409394094040941409424094340944409454094640947409484094940950409514095240953409544095540956409574095840959409604096140962409634096440965409664096740968409694097040971409724097340974409754097640977409784097940980409814098240983409844098540986409874098840989409904099140992409934099440995409964099740998409994100041001410024100341004410054100641007410084100941010410114101241013410144101541016410174101841019410204102141022410234102441025410264102741028410294103041031410324103341034410354103641037410384103941040410414104241043410444104541046410474104841049410504105141052410534105441055410564105741058410594106041061410624106341064410654106641067410684106941070410714107241073410744107541076410774107841079410804108141082410834108441085410864108741088410894109041091410924109341094410954109641097410984109941100411014110241103411044110541106411074110841109411104111141112411134111441115411164111741118411194112041121411224112341124411254112641127411284112941130411314113241133411344113541136411374113841139411404114141142411434114441145411464114741148411494115041151411524115341154411554115641157411584115941160411614116241163411644116541166411674116841169411704117141172411734117441175411764117741178411794118041181411824118341184411854118641187411884118941190411914119241193411944119541196411974119841199412004120141202412034120441205412064120741208412094121041211412124121341214412154121641217412184121941220412214122241223412244122541226412274122841229412304123141232412334123441235412364123741238412394124041241412424124341244412454124641247412484124941250412514125241253412544125541256412574125841259412604126141262412634126441265412664126741268412694127041271412724127341274412754127641277412784127941280412814128241283412844128541286412874128841289412904129141292412934129441295412964129741298412994130041301413024130341304413054130641307413084130941310413114131241313413144131541316413174131841319413204132141322413234132441325413264132741328413294133041331413324133341334413354133641337413384133941340413414134241343413444134541346413474134841349413504135141352413534135441355413564135741358413594136041361413624136341364413654136641367413684136941370413714137241373413744137541376413774137841379413804138141382413834138441385413864138741388413894139041391413924139341394413954139641397413984139941400414014140241403414044140541406414074140841409414104141141412414134141441415414164141741418414194142041421414224142341424414254142641427414284142941430414314143241433414344143541436414374143841439414404144141442414434144441445414464144741448414494145041451414524145341454414554145641457414584145941460414614146241463414644146541466414674146841469414704147141472414734147441475414764147741478414794148041481414824148341484414854148641487414884148941490414914149241493414944149541496414974149841499415004150141502415034150441505415064150741508415094151041511415124151341514415154151641517415184151941520415214152241523415244152541526415274152841529415304153141532415334153441535415364153741538415394154041541415424154341544415454154641547415484154941550415514155241553415544155541556415574155841559415604156141562415634156441565415664156741568415694157041571415724157341574415754157641577415784157941580415814158241583415844158541586415874158841589415904159141592415934159441595415964159741598415994160041601416024160341604416054160641607416084160941610416114161241613416144161541616416174161841619416204162141622416234162441625416264162741628416294163041631416324163341634416354163641637416384163941640416414164241643416444164541646416474164841649416504165141652416534165441655416564165741658416594166041661416624166341664416654166641667416684166941670416714167241673416744167541676416774167841679416804168141682416834168441685416864168741688416894169041691416924169341694416954169641697416984169941700417014170241703417044170541706417074170841709417104171141712417134171441715417164171741718417194172041721417224172341724417254172641727417284172941730417314173241733417344173541736417374173841739417404174141742417434174441745417464174741748417494175041751417524175341754417554175641757417584175941760417614176241763417644176541766417674176841769417704177141772417734177441775417764177741778417794178041781417824178341784417854178641787417884178941790417914179241793417944179541796417974179841799418004180141802418034180441805418064180741808418094181041811418124181341814418154181641817418184181941820418214182241823418244182541826418274182841829418304183141832418334183441835418364183741838418394184041841418424184341844418454184641847418484184941850418514185241853418544185541856418574185841859418604186141862418634186441865418664186741868418694187041871418724187341874418754187641877418784187941880418814188241883418844188541886418874188841889418904189141892418934189441895418964189741898418994190041901419024190341904419054190641907419084190941910419114191241913419144191541916419174191841919419204192141922419234192441925419264192741928419294193041931419324193341934419354193641937419384193941940419414194241943419444194541946419474194841949419504195141952419534195441955419564195741958419594196041961419624196341964419654196641967419684196941970419714197241973419744197541976419774197841979419804198141982419834198441985419864198741988419894199041991419924199341994419954199641997419984199942000420014200242003420044200542006420074200842009420104201142012420134201442015420164201742018420194202042021420224202342024420254202642027420284202942030420314203242033420344203542036420374203842039420404204142042420434204442045420464204742048420494205042051420524205342054420554205642057420584205942060420614206242063420644206542066420674206842069420704207142072420734207442075420764207742078420794208042081420824208342084420854208642087420884208942090420914209242093420944209542096420974209842099421004210142102421034210442105421064210742108421094211042111421124211342114421154211642117421184211942120421214212242123421244212542126421274212842129421304213142132421334213442135421364213742138421394214042141421424214342144421454214642147421484214942150421514215242153421544215542156421574215842159421604216142162421634216442165421664216742168421694217042171421724217342174421754217642177421784217942180421814218242183421844218542186421874218842189421904219142192421934219442195421964219742198421994220042201422024220342204422054220642207422084220942210422114221242213422144221542216422174221842219422204222142222422234222442225422264222742228422294223042231422324223342234422354223642237422384223942240422414224242243422444224542246422474224842249422504225142252422534225442255422564225742258422594226042261422624226342264422654226642267422684226942270422714227242273422744227542276422774227842279422804228142282422834228442285422864228742288422894229042291422924229342294422954229642297422984229942300423014230242303423044230542306423074230842309423104231142312423134231442315423164231742318423194232042321423224232342324423254232642327423284232942330423314233242333423344233542336423374233842339423404234142342423434234442345423464234742348423494235042351423524235342354423554235642357423584235942360423614236242363423644236542366423674236842369423704237142372423734237442375423764237742378423794238042381423824238342384423854238642387423884238942390423914239242393423944239542396423974239842399424004240142402424034240442405424064240742408424094241042411424124241342414424154241642417424184241942420424214242242423424244242542426424274242842429424304243142432424334243442435424364243742438424394244042441424424244342444424454244642447424484244942450424514245242453424544245542456424574245842459424604246142462424634246442465424664246742468424694247042471424724247342474424754247642477424784247942480424814248242483424844248542486424874248842489424904249142492424934249442495424964249742498424994250042501425024250342504425054250642507425084250942510425114251242513425144251542516425174251842519425204252142522425234252442525425264252742528425294253042531425324253342534425354253642537425384253942540425414254242543425444254542546425474254842549425504255142552425534255442555425564255742558425594256042561425624256342564425654256642567425684256942570425714257242573425744257542576425774257842579425804258142582425834258442585425864258742588425894259042591425924259342594425954259642597425984259942600426014260242603426044260542606426074260842609426104261142612426134261442615426164261742618426194262042621426224262342624426254262642627426284262942630426314263242633426344263542636426374263842639426404264142642426434264442645426464264742648426494265042651426524265342654426554265642657426584265942660426614266242663426644266542666426674266842669426704267142672426734267442675426764267742678426794268042681426824268342684426854268642687426884268942690426914269242693426944269542696426974269842699427004270142702427034270442705427064270742708427094271042711427124271342714427154271642717427184271942720427214272242723427244272542726427274272842729427304273142732427334273442735427364273742738427394274042741427424274342744427454274642747427484274942750427514275242753427544275542756427574275842759427604276142762427634276442765427664276742768427694277042771427724277342774427754277642777427784277942780427814278242783427844278542786427874278842789427904279142792427934279442795427964279742798427994280042801428024280342804428054280642807428084280942810428114281242813428144281542816428174281842819428204282142822428234282442825428264282742828428294283042831428324283342834428354283642837428384283942840428414284242843428444284542846428474284842849428504285142852428534285442855428564285742858428594286042861428624286342864428654286642867428684286942870428714287242873428744287542876428774287842879428804288142882428834288442885428864288742888428894289042891428924289342894428954289642897428984289942900429014290242903429044290542906429074290842909429104291142912429134291442915429164291742918429194292042921429224292342924429254292642927429284292942930429314293242933429344293542936429374293842939429404294142942429434294442945429464294742948429494295042951429524295342954429554295642957429584295942960429614296242963429644296542966429674296842969429704297142972429734297442975429764297742978429794298042981429824298342984429854298642987429884298942990429914299242993429944299542996429974299842999430004300143002430034300443005430064300743008430094301043011430124301343014430154301643017430184301943020430214302243023430244302543026430274302843029430304303143032430334303443035430364303743038430394304043041430424304343044430454304643047430484304943050430514305243053430544305543056430574305843059430604306143062430634306443065430664306743068430694307043071430724307343074430754307643077430784307943080430814308243083430844308543086430874308843089430904309143092430934309443095430964309743098430994310043101431024310343104431054310643107431084310943110431114311243113431144311543116431174311843119431204312143122431234312443125431264312743128431294313043131431324313343134431354313643137431384313943140431414314243143431444314543146431474314843149431504315143152431534315443155431564315743158431594316043161431624316343164431654316643167431684316943170431714317243173431744317543176431774317843179431804318143182431834318443185431864318743188431894319043191431924319343194431954319643197431984319943200432014320243203432044320543206432074320843209432104321143212432134321443215432164321743218432194322043221432224322343224432254322643227432284322943230432314323243233432344323543236432374323843239432404324143242432434324443245432464324743248432494325043251432524325343254432554325643257432584325943260432614326243263432644326543266432674326843269432704327143272432734327443275432764327743278432794328043281432824328343284432854328643287432884328943290432914329243293432944329543296432974329843299433004330143302433034330443305433064330743308433094331043311433124331343314433154331643317433184331943320433214332243323433244332543326433274332843329433304333143332433334333443335433364333743338433394334043341433424334343344433454334643347433484334943350433514335243353433544335543356433574335843359433604336143362433634336443365433664336743368433694337043371433724337343374433754337643377433784337943380433814338243383433844338543386433874338843389433904339143392433934339443395433964339743398433994340043401434024340343404434054340643407434084340943410434114341243413434144341543416434174341843419434204342143422434234342443425434264342743428434294343043431434324343343434434354343643437434384343943440434414344243443434444344543446434474344843449434504345143452434534345443455434564345743458434594346043461434624346343464434654346643467434684346943470434714347243473434744347543476434774347843479434804348143482434834348443485434864348743488434894349043491434924349343494434954349643497434984349943500435014350243503435044350543506435074350843509435104351143512435134351443515435164351743518435194352043521435224352343524435254352643527435284352943530435314353243533435344353543536435374353843539435404354143542435434354443545435464354743548435494355043551435524355343554435554355643557435584355943560435614356243563435644356543566435674356843569435704357143572435734357443575435764357743578435794358043581435824358343584435854358643587435884358943590435914359243593435944359543596435974359843599436004360143602436034360443605436064360743608436094361043611436124361343614436154361643617436184361943620436214362243623436244362543626436274362843629436304363143632436334363443635436364363743638436394364043641436424364343644436454364643647436484364943650436514365243653436544365543656436574365843659436604366143662436634366443665436664366743668436694367043671436724367343674436754367643677436784367943680436814368243683436844368543686436874368843689436904369143692436934369443695436964369743698436994370043701437024370343704437054370643707437084370943710437114371243713437144371543716437174371843719437204372143722437234372443725437264372743728437294373043731437324373343734437354373643737437384373943740437414374243743437444374543746437474374843749437504375143752437534375443755437564375743758437594376043761437624376343764437654376643767437684376943770437714377243773437744377543776437774377843779437804378143782437834378443785437864378743788437894379043791437924379343794437954379643797437984379943800438014380243803438044380543806438074380843809438104381143812438134381443815438164381743818438194382043821438224382343824438254382643827438284382943830438314383243833438344383543836438374383843839438404384143842438434384443845438464384743848438494385043851438524385343854438554385643857438584385943860438614386243863438644386543866438674386843869438704387143872438734387443875438764387743878438794388043881438824388343884438854388643887438884388943890438914389243893438944389543896438974389843899439004390143902439034390443905439064390743908439094391043911439124391343914439154391643917439184391943920439214392243923439244392543926439274392843929439304393143932439334393443935439364393743938439394394043941439424394343944439454394643947439484394943950439514395243953439544395543956439574395843959439604396143962439634396443965439664396743968439694397043971439724397343974439754397643977439784397943980439814398243983439844398543986439874398843989439904399143992439934399443995439964399743998439994400044001440024400344004440054400644007440084400944010440114401244013440144401544016440174401844019440204402144022440234402444025440264402744028440294403044031440324403344034440354403644037440384403944040440414404244043440444404544046440474404844049440504405144052440534405444055440564405744058440594406044061440624406344064440654406644067440684406944070440714407244073440744407544076440774407844079440804408144082440834408444085440864408744088440894409044091440924409344094440954409644097440984409944100441014410244103441044410544106441074410844109441104411144112441134411444115441164411744118441194412044121441224412344124441254412644127441284412944130441314413244133441344413544136441374413844139441404414144142441434414444145441464414744148441494415044151441524415344154441554415644157441584415944160441614416244163441644416544166441674416844169441704417144172441734417444175441764417744178441794418044181441824418344184441854418644187441884418944190441914419244193441944419544196441974419844199442004420144202442034420444205442064420744208442094421044211442124421344214442154421644217442184421944220442214422244223442244422544226442274422844229442304423144232442334423444235442364423744238442394424044241442424424344244442454424644247442484424944250442514425244253442544425544256442574425844259442604426144262442634426444265442664426744268442694427044271442724427344274442754427644277442784427944280442814428244283442844428544286442874428844289442904429144292442934429444295442964429744298442994430044301443024430344304443054430644307443084430944310443114431244313443144431544316443174431844319443204432144322443234432444325443264432744328443294433044331443324433344334443354433644337443384433944340443414434244343443444434544346443474434844349443504435144352443534435444355443564435744358443594436044361443624436344364443654436644367443684436944370443714437244373443744437544376443774437844379443804438144382443834438444385443864438744388443894439044391443924439344394443954439644397443984439944400444014440244403444044440544406444074440844409444104441144412444134441444415444164441744418444194442044421444224442344424444254442644427444284442944430444314443244433444344443544436444374443844439444404444144442444434444444445444464444744448444494445044451444524445344454444554445644457444584445944460444614446244463444644446544466444674446844469444704447144472444734447444475444764447744478444794448044481444824448344484444854448644487444884448944490444914449244493444944449544496444974449844499445004450144502445034450444505445064450744508445094451044511445124451344514445154451644517445184451944520445214452244523445244452544526445274452844529445304453144532445334453444535445364453744538445394454044541445424454344544445454454644547445484454944550445514455244553445544455544556445574455844559445604456144562445634456444565445664456744568445694457044571445724457344574445754457644577445784457944580445814458244583445844458544586445874458844589445904459144592445934459444595445964459744598445994460044601446024460344604446054460644607446084460944610446114461244613446144461544616446174461844619446204462144622446234462444625446264462744628446294463044631446324463344634446354463644637446384463944640446414464244643446444464544646446474464844649446504465144652446534465444655446564465744658446594466044661446624466344664446654466644667446684466944670446714467244673446744467544676446774467844679446804468144682446834468444685446864468744688446894469044691446924469344694446954469644697446984469944700447014470244703447044470544706447074470844709447104471144712447134471444715447164471744718447194472044721447224472344724447254472644727447284472944730447314473244733447344473544736447374473844739447404474144742447434474444745447464474744748447494475044751447524475344754447554475644757447584475944760447614476244763447644476544766447674476844769447704477144772447734477444775447764477744778447794478044781447824478344784447854478644787447884478944790447914479244793447944479544796447974479844799448004480144802448034480444805448064480744808448094481044811448124481344814448154481644817448184481944820448214482244823448244482544826448274482844829448304483144832448334483444835448364483744838448394484044841448424484344844448454484644847448484484944850448514485244853448544485544856448574485844859448604486144862448634486444865448664486744868448694487044871448724487344874448754487644877448784487944880448814488244883448844488544886448874488844889448904489144892448934489444895448964489744898448994490044901449024490344904449054490644907449084490944910449114491244913449144491544916449174491844919449204492144922449234492444925449264492744928449294493044931449324493344934449354493644937449384493944940449414494244943449444494544946449474494844949449504495144952449534495444955449564495744958449594496044961449624496344964449654496644967449684496944970449714497244973449744497544976449774497844979449804498144982449834498444985449864498744988449894499044991449924499344994449954499644997449984499945000450014500245003450044500545006450074500845009450104501145012450134501445015450164501745018450194502045021450224502345024450254502645027450284502945030450314503245033450344503545036450374503845039450404504145042450434504445045450464504745048450494505045051450524505345054450554505645057450584505945060450614506245063450644506545066450674506845069450704507145072450734507445075450764507745078450794508045081450824508345084450854508645087450884508945090450914509245093450944509545096450974509845099451004510145102451034510445105451064510745108451094511045111451124511345114451154511645117451184511945120451214512245123451244512545126451274512845129451304513145132451334513445135451364513745138451394514045141451424514345144451454514645147451484514945150451514515245153451544515545156451574515845159451604516145162451634516445165451664516745168451694517045171451724517345174451754517645177451784517945180451814518245183451844518545186451874518845189451904519145192451934519445195451964519745198451994520045201452024520345204452054520645207452084520945210452114521245213452144521545216452174521845219452204522145222452234522445225452264522745228452294523045231452324523345234452354523645237452384523945240452414524245243452444524545246452474524845249452504525145252452534525445255452564525745258452594526045261452624526345264452654526645267452684526945270452714527245273452744527545276452774527845279452804528145282452834528445285452864528745288452894529045291452924529345294452954529645297452984529945300453014530245303453044530545306453074530845309453104531145312453134531445315453164531745318453194532045321453224532345324453254532645327453284532945330453314533245333453344533545336453374533845339453404534145342453434534445345453464534745348453494535045351453524535345354453554535645357453584535945360453614536245363453644536545366453674536845369453704537145372453734537445375453764537745378453794538045381453824538345384453854538645387453884538945390453914539245393453944539545396453974539845399454004540145402454034540445405454064540745408454094541045411454124541345414454154541645417454184541945420454214542245423454244542545426454274542845429454304543145432454334543445435454364543745438454394544045441454424544345444454454544645447454484544945450454514545245453454544545545456454574545845459454604546145462454634546445465454664546745468454694547045471454724547345474454754547645477454784547945480454814548245483454844548545486454874548845489454904549145492454934549445495454964549745498454994550045501455024550345504455054550645507455084550945510455114551245513455144551545516455174551845519455204552145522455234552445525455264552745528455294553045531455324553345534455354553645537455384553945540455414554245543455444554545546455474554845549455504555145552455534555445555455564555745558455594556045561455624556345564455654556645567455684556945570455714557245573455744557545576455774557845579455804558145582455834558445585455864558745588455894559045591455924559345594455954559645597455984559945600456014560245603456044560545606456074560845609456104561145612456134561445615456164561745618456194562045621456224562345624456254562645627456284562945630456314563245633456344563545636456374563845639456404564145642456434564445645456464564745648456494565045651456524565345654456554565645657456584565945660456614566245663456644566545666456674566845669456704567145672456734567445675456764567745678456794568045681456824568345684456854568645687456884568945690456914569245693456944569545696456974569845699457004570145702457034570445705457064570745708457094571045711457124571345714457154571645717457184571945720457214572245723457244572545726457274572845729457304573145732457334573445735457364573745738457394574045741457424574345744457454574645747457484574945750457514575245753457544575545756457574575845759457604576145762457634576445765457664576745768457694577045771457724577345774457754577645777457784577945780457814578245783457844578545786457874578845789457904579145792457934579445795457964579745798457994580045801458024580345804458054580645807458084580945810458114581245813458144581545816458174581845819458204582145822458234582445825458264582745828458294583045831458324583345834458354583645837458384583945840458414584245843458444584545846458474584845849458504585145852458534585445855458564585745858458594586045861458624586345864458654586645867458684586945870458714587245873458744587545876458774587845879458804588145882458834588445885458864588745888458894589045891458924589345894458954589645897458984589945900459014590245903459044590545906459074590845909459104591145912459134591445915459164591745918459194592045921459224592345924459254592645927459284592945930459314593245933459344593545936459374593845939459404594145942459434594445945459464594745948459494595045951459524595345954459554595645957459584595945960459614596245963459644596545966459674596845969459704597145972459734597445975459764597745978459794598045981459824598345984459854598645987459884598945990459914599245993459944599545996459974599845999460004600146002460034600446005460064600746008460094601046011460124601346014460154601646017460184601946020460214602246023460244602546026460274602846029460304603146032460334603446035460364603746038460394604046041460424604346044460454604646047460484604946050460514605246053460544605546056460574605846059460604606146062460634606446065460664606746068460694607046071460724607346074460754607646077460784607946080460814608246083460844608546086460874608846089460904609146092460934609446095460964609746098460994610046101461024610346104461054610646107461084610946110461114611246113461144611546116461174611846119461204612146122461234612446125461264612746128461294613046131461324613346134461354613646137461384613946140461414614246143461444614546146461474614846149461504615146152461534615446155461564615746158461594616046161461624616346164461654616646167461684616946170461714617246173461744617546176461774617846179461804618146182461834618446185461864618746188461894619046191461924619346194461954619646197461984619946200462014620246203462044620546206462074620846209462104621146212462134621446215462164621746218462194622046221462224622346224462254622646227462284622946230462314623246233462344623546236462374623846239462404624146242462434624446245462464624746248462494625046251462524625346254462554625646257462584625946260462614626246263462644626546266462674626846269462704627146272462734627446275462764627746278462794628046281462824628346284462854628646287462884628946290462914629246293462944629546296462974629846299463004630146302463034630446305463064630746308463094631046311463124631346314463154631646317463184631946320463214632246323463244632546326463274632846329463304633146332463334633446335463364633746338463394634046341463424634346344463454634646347463484634946350463514635246353463544635546356463574635846359463604636146362463634636446365463664636746368463694637046371463724637346374463754637646377463784637946380463814638246383463844638546386463874638846389463904639146392463934639446395463964639746398463994640046401464024640346404464054640646407464084640946410464114641246413464144641546416464174641846419464204642146422464234642446425464264642746428464294643046431464324643346434464354643646437464384643946440464414644246443464444644546446464474644846449464504645146452464534645446455464564645746458464594646046461464624646346464464654646646467464684646946470464714647246473464744647546476464774647846479464804648146482464834648446485464864648746488464894649046491464924649346494464954649646497464984649946500465014650246503465044650546506465074650846509465104651146512465134651446515465164651746518465194652046521465224652346524465254652646527465284652946530465314653246533465344653546536465374653846539465404654146542465434654446545465464654746548465494655046551465524655346554465554655646557465584655946560465614656246563465644656546566465674656846569465704657146572465734657446575465764657746578465794658046581465824658346584465854658646587465884658946590465914659246593465944659546596465974659846599466004660146602466034660446605466064660746608466094661046611466124661346614466154661646617466184661946620466214662246623466244662546626466274662846629466304663146632466334663446635466364663746638466394664046641466424664346644466454664646647466484664946650466514665246653466544665546656466574665846659466604666146662466634666446665466664666746668466694667046671466724667346674466754667646677466784667946680466814668246683466844668546686466874668846689466904669146692466934669446695466964669746698466994670046701467024670346704467054670646707467084670946710467114671246713467144671546716467174671846719467204672146722467234672446725467264672746728467294673046731467324673346734467354673646737467384673946740467414674246743467444674546746467474674846749467504675146752467534675446755467564675746758467594676046761467624676346764467654676646767467684676946770467714677246773467744677546776467774677846779467804678146782467834678446785467864678746788467894679046791467924679346794467954679646797467984679946800468014680246803468044680546806468074680846809468104681146812468134681446815468164681746818468194682046821468224682346824468254682646827468284682946830468314683246833468344683546836468374683846839468404684146842468434684446845468464684746848468494685046851468524685346854468554685646857468584685946860468614686246863468644686546866468674686846869468704687146872468734687446875468764687746878468794688046881468824688346884468854688646887468884688946890468914689246893468944689546896468974689846899469004690146902469034690446905469064690746908469094691046911469124691346914469154691646917469184691946920469214692246923469244692546926469274692846929469304693146932469334693446935469364693746938469394694046941469424694346944469454694646947469484694946950469514695246953469544695546956469574695846959469604696146962469634696446965469664696746968469694697046971469724697346974469754697646977469784697946980469814698246983469844698546986469874698846989469904699146992469934699446995469964699746998469994700047001470024700347004470054700647007470084700947010470114701247013470144701547016470174701847019470204702147022470234702447025470264702747028470294703047031470324703347034470354703647037470384703947040470414704247043470444704547046470474704847049470504705147052470534705447055470564705747058470594706047061470624706347064470654706647067470684706947070470714707247073470744707547076470774707847079470804708147082470834708447085470864708747088470894709047091470924709347094470954709647097470984709947100471014710247103471044710547106471074710847109471104711147112471134711447115471164711747118471194712047121471224712347124471254712647127471284712947130471314713247133471344713547136471374713847139471404714147142471434714447145471464714747148471494715047151471524715347154471554715647157471584715947160471614716247163471644716547166471674716847169471704717147172471734717447175471764717747178471794718047181471824718347184471854718647187471884718947190471914719247193471944719547196471974719847199472004720147202472034720447205472064720747208472094721047211472124721347214472154721647217472184721947220472214722247223472244722547226472274722847229472304723147232472334723447235472364723747238472394724047241472424724347244472454724647247472484724947250472514725247253472544725547256472574725847259472604726147262472634726447265472664726747268472694727047271472724727347274472754727647277472784727947280472814728247283472844728547286472874728847289472904729147292472934729447295472964729747298472994730047301473024730347304473054730647307473084730947310473114731247313473144731547316473174731847319473204732147322473234732447325473264732747328473294733047331473324733347334473354733647337473384733947340473414734247343473444734547346473474734847349473504735147352473534735447355473564735747358473594736047361473624736347364473654736647367473684736947370473714737247373473744737547376473774737847379473804738147382473834738447385473864738747388473894739047391473924739347394473954739647397473984739947400474014740247403474044740547406474074740847409474104741147412474134741447415474164741747418474194742047421474224742347424474254742647427474284742947430474314743247433474344743547436474374743847439474404744147442474434744447445474464744747448474494745047451474524745347454474554745647457474584745947460474614746247463474644746547466474674746847469474704747147472474734747447475474764747747478474794748047481474824748347484474854748647487474884748947490474914749247493474944749547496474974749847499475004750147502475034750447505475064750747508475094751047511475124751347514475154751647517475184751947520475214752247523475244752547526475274752847529475304753147532475334753447535475364753747538475394754047541475424754347544475454754647547475484754947550475514755247553475544755547556475574755847559475604756147562475634756447565475664756747568475694757047571475724757347574475754757647577475784757947580475814758247583475844758547586475874758847589475904759147592475934759447595475964759747598475994760047601476024760347604476054760647607476084760947610476114761247613476144761547616476174761847619476204762147622476234762447625476264762747628476294763047631476324763347634476354763647637476384763947640476414764247643476444764547646476474764847649476504765147652476534765447655476564765747658476594766047661476624766347664476654766647667476684766947670476714767247673476744767547676476774767847679476804768147682476834768447685476864768747688476894769047691476924769347694476954769647697476984769947700477014770247703477044770547706477074770847709477104771147712477134771447715477164771747718477194772047721477224772347724477254772647727477284772947730477314773247733477344773547736477374773847739477404774147742477434774447745477464774747748477494775047751477524775347754477554775647757477584775947760477614776247763477644776547766477674776847769477704777147772477734777447775477764777747778477794778047781477824778347784477854778647787477884778947790477914779247793477944779547796477974779847799478004780147802478034780447805478064780747808478094781047811478124781347814478154781647817478184781947820478214782247823478244782547826478274782847829478304783147832478334783447835478364783747838478394784047841478424784347844478454784647847478484784947850478514785247853478544785547856478574785847859478604786147862478634786447865478664786747868478694787047871478724787347874478754787647877478784787947880478814788247883478844788547886478874788847889478904789147892478934789447895478964789747898478994790047901479024790347904479054790647907479084790947910479114791247913479144791547916479174791847919479204792147922479234792447925479264792747928479294793047931479324793347934479354793647937479384793947940479414794247943479444794547946479474794847949479504795147952479534795447955479564795747958479594796047961479624796347964479654796647967479684796947970479714797247973479744797547976479774797847979479804798147982479834798447985479864798747988479894799047991479924799347994479954799647997479984799948000480014800248003480044800548006480074800848009480104801148012480134801448015480164801748018480194802048021480224802348024480254802648027480284802948030480314803248033480344803548036480374803848039480404804148042480434804448045480464804748048480494805048051480524805348054480554805648057480584805948060480614806248063480644806548066480674806848069480704807148072480734807448075480764807748078480794808048081480824808348084480854808648087480884808948090480914809248093480944809548096480974809848099481004810148102481034810448105481064810748108481094811048111481124811348114481154811648117481184811948120481214812248123481244812548126481274812848129481304813148132481334813448135481364813748138481394814048141481424814348144481454814648147481484814948150481514815248153481544815548156481574815848159481604816148162481634816448165481664816748168481694817048171481724817348174481754817648177481784817948180481814818248183481844818548186481874818848189481904819148192481934819448195481964819748198481994820048201482024820348204482054820648207482084820948210482114821248213482144821548216482174821848219482204822148222482234822448225482264822748228482294823048231482324823348234482354823648237482384823948240482414824248243482444824548246482474824848249482504825148252482534825448255482564825748258482594826048261482624826348264482654826648267482684826948270482714827248273482744827548276482774827848279482804828148282482834828448285482864828748288482894829048291482924829348294482954829648297482984829948300483014830248303483044830548306483074830848309483104831148312483134831448315483164831748318483194832048321483224832348324483254832648327483284832948330483314833248333483344833548336483374833848339483404834148342483434834448345483464834748348483494835048351483524835348354483554835648357483584835948360483614836248363483644836548366483674836848369483704837148372483734837448375483764837748378483794838048381483824838348384483854838648387483884838948390483914839248393483944839548396483974839848399484004840148402484034840448405484064840748408484094841048411484124841348414484154841648417484184841948420484214842248423484244842548426484274842848429484304843148432484334843448435484364843748438484394844048441484424844348444484454844648447484484844948450484514845248453484544845548456484574845848459484604846148462484634846448465484664846748468484694847048471484724847348474484754847648477484784847948480484814848248483484844848548486484874848848489484904849148492484934849448495484964849748498484994850048501485024850348504485054850648507485084850948510485114851248513485144851548516485174851848519485204852148522485234852448525485264852748528485294853048531485324853348534485354853648537485384853948540485414854248543485444854548546485474854848549485504855148552485534855448555485564855748558485594856048561485624856348564485654856648567485684856948570485714857248573485744857548576485774857848579485804858148582485834858448585485864858748588485894859048591485924859348594485954859648597485984859948600486014860248603486044860548606486074860848609486104861148612486134861448615486164861748618486194862048621486224862348624486254862648627486284862948630486314863248633486344863548636486374863848639486404864148642486434864448645486464864748648486494865048651486524865348654486554865648657486584865948660486614866248663486644866548666486674866848669486704867148672486734867448675486764867748678486794868048681486824868348684486854868648687486884868948690486914869248693486944869548696486974869848699487004870148702487034870448705487064870748708487094871048711487124871348714487154871648717487184871948720487214872248723487244872548726487274872848729487304873148732487334873448735487364873748738487394874048741487424874348744487454874648747487484874948750487514875248753487544875548756487574875848759487604876148762487634876448765487664876748768487694877048771487724877348774487754877648777487784877948780487814878248783487844878548786487874878848789487904879148792487934879448795487964879748798487994880048801488024880348804488054880648807488084880948810488114881248813488144881548816488174881848819488204882148822488234882448825488264882748828488294883048831488324883348834488354883648837488384883948840488414884248843488444884548846488474884848849488504885148852488534885448855488564885748858488594886048861488624886348864488654886648867488684886948870488714887248873488744887548876488774887848879488804888148882488834888448885488864888748888488894889048891488924889348894488954889648897488984889948900489014890248903489044890548906489074890848909489104891148912489134891448915489164891748918489194892048921489224892348924489254892648927489284892948930489314893248933489344893548936489374893848939489404894148942489434894448945489464894748948489494895048951489524895348954489554895648957489584895948960489614896248963489644896548966489674896848969489704897148972489734897448975489764897748978489794898048981489824898348984489854898648987489884898948990489914899248993489944899548996489974899848999490004900149002490034900449005490064900749008490094901049011490124901349014490154901649017490184901949020490214902249023490244902549026490274902849029490304903149032490334903449035490364903749038490394904049041490424904349044490454904649047490484904949050490514905249053490544905549056490574905849059490604906149062490634906449065490664906749068490694907049071490724907349074490754907649077490784907949080490814908249083490844908549086490874908849089490904909149092490934909449095490964909749098490994910049101491024910349104491054910649107491084910949110491114911249113491144911549116491174911849119491204912149122491234912449125491264912749128491294913049131491324913349134491354913649137491384913949140491414914249143491444914549146491474914849149491504915149152491534915449155491564915749158491594916049161491624916349164491654916649167491684916949170491714917249173491744917549176491774917849179491804918149182491834918449185491864918749188491894919049191491924919349194491954919649197491984919949200492014920249203492044920549206492074920849209492104921149212492134921449215492164921749218492194922049221492224922349224492254922649227492284922949230492314923249233492344923549236492374923849239492404924149242492434924449245492464924749248492494925049251492524925349254492554925649257492584925949260492614926249263492644926549266492674926849269492704927149272492734927449275492764927749278492794928049281492824928349284492854928649287492884928949290492914929249293492944929549296492974929849299493004930149302493034930449305493064930749308493094931049311493124931349314493154931649317493184931949320493214932249323493244932549326493274932849329493304933149332493334933449335493364933749338493394934049341493424934349344493454934649347493484934949350493514935249353493544935549356493574935849359493604936149362493634936449365493664936749368493694937049371493724937349374493754937649377493784937949380493814938249383493844938549386493874938849389493904939149392493934939449395493964939749398493994940049401494024940349404494054940649407494084940949410494114941249413494144941549416494174941849419494204942149422494234942449425494264942749428494294943049431494324943349434494354943649437494384943949440494414944249443494444944549446494474944849449494504945149452494534945449455494564945749458494594946049461494624946349464494654946649467494684946949470494714947249473494744947549476494774947849479494804948149482494834948449485494864948749488494894949049491494924949349494494954949649497494984949949500495014950249503495044950549506495074950849509495104951149512495134951449515495164951749518495194952049521495224952349524495254952649527495284952949530495314953249533495344953549536495374953849539495404954149542495434954449545495464954749548495494955049551495524955349554495554955649557495584955949560495614956249563495644956549566495674956849569495704957149572495734957449575495764957749578495794958049581495824958349584495854958649587495884958949590495914959249593495944959549596495974959849599496004960149602496034960449605496064960749608496094961049611496124961349614496154961649617496184961949620496214962249623496244962549626496274962849629496304963149632496334963449635496364963749638496394964049641496424964349644496454964649647496484964949650496514965249653496544965549656496574965849659496604966149662496634966449665496664966749668496694967049671496724967349674496754967649677496784967949680496814968249683496844968549686496874968849689496904969149692496934969449695496964969749698496994970049701497024970349704497054970649707497084970949710497114971249713497144971549716497174971849719497204972149722497234972449725497264972749728497294973049731497324973349734497354973649737497384973949740497414974249743497444974549746497474974849749497504975149752497534975449755497564975749758497594976049761497624976349764497654976649767497684976949770497714977249773497744977549776497774977849779497804978149782497834978449785497864978749788497894979049791497924979349794497954979649797497984979949800498014980249803498044980549806498074980849809498104981149812498134981449815498164981749818498194982049821498224982349824498254982649827498284982949830498314983249833498344983549836498374983849839498404984149842498434984449845498464984749848498494985049851498524985349854498554985649857498584985949860498614986249863498644986549866498674986849869498704987149872498734987449875498764987749878498794988049881498824988349884498854988649887498884988949890498914989249893498944989549896498974989849899499004990149902499034990449905499064990749908499094991049911499124991349914499154991649917499184991949920499214992249923499244992549926499274992849929499304993149932499334993449935499364993749938499394994049941499424994349944499454994649947499484994949950499514995249953499544995549956499574995849959499604996149962499634996449965499664996749968499694997049971499724997349974499754997649977499784997949980499814998249983499844998549986499874998849989499904999149992499934999449995499964999749998499995000050001500025000350004500055000650007500085000950010500115001250013500145001550016500175001850019500205002150022500235002450025500265002750028500295003050031500325003350034500355003650037500385003950040500415004250043500445004550046500475004850049500505005150052500535005450055500565005750058500595006050061500625006350064500655006650067500685006950070500715007250073500745007550076500775007850079500805008150082500835008450085500865008750088500895009050091500925009350094500955009650097500985009950100501015010250103501045010550106501075010850109501105011150112501135011450115501165011750118501195012050121501225012350124501255012650127501285012950130501315013250133501345013550136501375013850139501405014150142501435014450145501465014750148501495015050151501525015350154501555015650157501585015950160501615016250163501645016550166501675016850169501705017150172501735017450175501765017750178501795018050181501825018350184501855018650187501885018950190501915019250193501945019550196501975019850199502005020150202502035020450205502065020750208502095021050211502125021350214502155021650217502185021950220502215022250223502245022550226502275022850229502305023150232502335023450235502365023750238502395024050241502425024350244502455024650247502485024950250502515025250253502545025550256502575025850259502605026150262502635026450265502665026750268502695027050271502725027350274502755027650277502785027950280502815028250283502845028550286502875028850289502905029150292502935029450295502965029750298502995030050301503025030350304503055030650307503085030950310503115031250313503145031550316503175031850319503205032150322503235032450325503265032750328503295033050331503325033350334503355033650337503385033950340503415034250343503445034550346503475034850349503505035150352503535035450355503565035750358503595036050361503625036350364503655036650367503685036950370503715037250373503745037550376503775037850379503805038150382503835038450385503865038750388503895039050391503925039350394503955039650397503985039950400504015040250403504045040550406504075040850409504105041150412504135041450415504165041750418504195042050421504225042350424504255042650427504285042950430504315043250433504345043550436504375043850439504405044150442504435044450445504465044750448504495045050451504525045350454504555045650457504585045950460504615046250463504645046550466504675046850469504705047150472504735047450475504765047750478504795048050481504825048350484504855048650487504885048950490504915049250493504945049550496504975049850499505005050150502505035050450505505065050750508505095051050511505125051350514505155051650517505185051950520505215052250523505245052550526505275052850529505305053150532505335053450535505365053750538505395054050541505425054350544505455054650547505485054950550505515055250553505545055550556505575055850559505605056150562505635056450565505665056750568505695057050571505725057350574505755057650577505785057950580505815058250583505845058550586505875058850589505905059150592505935059450595505965059750598505995060050601506025060350604506055060650607506085060950610506115061250613506145061550616506175061850619506205062150622506235062450625506265062750628506295063050631506325063350634506355063650637506385063950640506415064250643506445064550646506475064850649506505065150652506535065450655506565065750658506595066050661506625066350664506655066650667506685066950670506715067250673506745067550676506775067850679506805068150682506835068450685506865068750688506895069050691506925069350694506955069650697506985069950700507015070250703507045070550706507075070850709507105071150712507135071450715507165071750718507195072050721507225072350724507255072650727507285072950730507315073250733507345073550736507375073850739507405074150742507435074450745507465074750748507495075050751507525075350754507555075650757507585075950760507615076250763507645076550766507675076850769507705077150772507735077450775507765077750778507795078050781507825078350784507855078650787507885078950790507915079250793507945079550796507975079850799508005080150802508035080450805508065080750808508095081050811508125081350814508155081650817508185081950820508215082250823508245082550826508275082850829508305083150832508335083450835508365083750838508395084050841508425084350844508455084650847508485084950850508515085250853508545085550856508575085850859508605086150862508635086450865508665086750868508695087050871508725087350874508755087650877508785087950880508815088250883508845088550886508875088850889508905089150892508935089450895508965089750898508995090050901509025090350904509055090650907509085090950910509115091250913509145091550916509175091850919509205092150922509235092450925509265092750928509295093050931509325093350934509355093650937509385093950940509415094250943509445094550946509475094850949509505095150952509535095450955509565095750958509595096050961509625096350964509655096650967509685096950970509715097250973509745097550976509775097850979509805098150982509835098450985509865098750988509895099050991509925099350994509955099650997509985099951000510015100251003510045100551006510075100851009510105101151012510135101451015510165101751018510195102051021510225102351024510255102651027510285102951030510315103251033510345103551036510375103851039510405104151042510435104451045510465104751048510495105051051510525105351054510555105651057510585105951060510615106251063510645106551066510675106851069510705107151072510735107451075510765107751078510795108051081510825108351084510855108651087510885108951090510915109251093510945109551096510975109851099511005110151102511035110451105511065110751108511095111051111511125111351114511155111651117511185111951120511215112251123511245112551126511275112851129511305113151132511335113451135511365113751138511395114051141511425114351144511455114651147511485114951150511515115251153511545115551156511575115851159511605116151162511635116451165511665116751168511695117051171511725117351174511755117651177511785117951180511815118251183511845118551186511875118851189511905119151192511935119451195511965119751198511995120051201512025120351204512055120651207512085120951210512115121251213512145121551216512175121851219512205122151222512235122451225512265122751228512295123051231512325123351234512355123651237512385123951240512415124251243512445124551246512475124851249512505125151252512535125451255512565125751258512595126051261512625126351264512655126651267512685126951270512715127251273512745127551276512775127851279512805128151282512835128451285512865128751288512895129051291512925129351294512955129651297512985129951300513015130251303513045130551306513075130851309513105131151312513135131451315513165131751318513195132051321513225132351324513255132651327513285132951330513315133251333513345133551336513375133851339513405134151342513435134451345513465134751348513495135051351513525135351354513555135651357513585135951360513615136251363513645136551366513675136851369513705137151372513735137451375513765137751378513795138051381513825138351384513855138651387513885138951390513915139251393513945139551396513975139851399514005140151402514035140451405514065140751408514095141051411514125141351414514155141651417514185141951420514215142251423514245142551426514275142851429514305143151432514335143451435514365143751438514395144051441514425144351444514455144651447514485144951450514515145251453514545145551456514575145851459514605146151462514635146451465514665146751468514695147051471514725147351474514755147651477514785147951480514815148251483514845148551486514875148851489514905149151492514935149451495514965149751498514995150051501515025150351504515055150651507515085150951510515115151251513515145151551516515175151851519515205152151522515235152451525515265152751528515295153051531515325153351534515355153651537515385153951540515415154251543515445154551546515475154851549515505155151552515535155451555515565155751558515595156051561515625156351564515655156651567515685156951570515715157251573515745157551576515775157851579515805158151582515835158451585515865158751588515895159051591515925159351594515955159651597515985159951600516015160251603516045160551606516075160851609516105161151612516135161451615516165161751618516195162051621516225162351624516255162651627516285162951630516315163251633516345163551636516375163851639516405164151642516435164451645516465164751648516495165051651516525165351654516555165651657516585165951660516615166251663516645166551666516675166851669516705167151672516735167451675516765167751678516795168051681516825168351684516855168651687516885168951690516915169251693516945169551696516975169851699517005170151702517035170451705517065170751708517095171051711517125171351714517155171651717517185171951720517215172251723517245172551726517275172851729517305173151732517335173451735517365173751738517395174051741517425174351744517455174651747517485174951750517515175251753517545175551756517575175851759517605176151762517635176451765517665176751768517695177051771517725177351774517755177651777517785177951780517815178251783517845178551786517875178851789517905179151792517935179451795517965179751798517995180051801518025180351804518055180651807518085180951810518115181251813518145181551816518175181851819518205182151822518235182451825518265182751828518295183051831518325183351834518355183651837518385183951840518415184251843518445184551846518475184851849518505185151852518535185451855518565185751858518595186051861518625186351864518655186651867518685186951870518715187251873518745187551876518775187851879518805188151882518835188451885518865188751888518895189051891518925189351894518955189651897518985189951900519015190251903519045190551906519075190851909519105191151912519135191451915519165191751918519195192051921519225192351924519255192651927519285192951930519315193251933519345193551936519375193851939519405194151942519435194451945519465194751948519495195051951519525195351954519555195651957519585195951960519615196251963519645196551966519675196851969519705197151972519735197451975519765197751978519795198051981519825198351984519855198651987519885198951990519915199251993519945199551996519975199851999520005200152002520035200452005520065200752008520095201052011520125201352014520155201652017520185201952020520215202252023520245202552026520275202852029520305203152032520335203452035520365203752038520395204052041520425204352044520455204652047520485204952050520515205252053520545205552056520575205852059520605206152062520635206452065520665206752068520695207052071520725207352074520755207652077520785207952080520815208252083520845208552086520875208852089520905209152092520935209452095520965209752098520995210052101521025210352104521055210652107521085210952110521115211252113521145211552116521175211852119521205212152122521235212452125521265212752128521295213052131521325213352134521355213652137521385213952140521415214252143521445214552146521475214852149521505215152152521535215452155521565215752158521595216052161521625216352164521655216652167521685216952170521715217252173521745217552176521775217852179521805218152182521835218452185521865218752188521895219052191521925219352194521955219652197521985219952200522015220252203522045220552206522075220852209522105221152212522135221452215522165221752218522195222052221522225222352224522255222652227522285222952230522315223252233522345223552236522375223852239522405224152242522435224452245522465224752248522495225052251522525225352254522555225652257522585225952260522615226252263522645226552266522675226852269522705227152272522735227452275522765227752278522795228052281522825228352284522855228652287522885228952290522915229252293522945229552296522975229852299523005230152302523035230452305523065230752308523095231052311523125231352314523155231652317523185231952320523215232252323523245232552326523275232852329523305233152332523335233452335523365233752338523395234052341523425234352344523455234652347523485234952350523515235252353523545235552356523575235852359523605236152362523635236452365523665236752368523695237052371523725237352374523755237652377523785237952380523815238252383523845238552386523875238852389523905239152392523935239452395523965239752398523995240052401524025240352404524055240652407524085240952410524115241252413524145241552416524175241852419524205242152422524235242452425524265242752428524295243052431524325243352434524355243652437524385243952440524415244252443524445244552446524475244852449524505245152452524535245452455524565245752458524595246052461524625246352464524655246652467524685246952470524715247252473524745247552476524775247852479524805248152482524835248452485524865248752488524895249052491524925249352494524955249652497524985249952500525015250252503525045250552506525075250852509525105251152512525135251452515525165251752518525195252052521525225252352524525255252652527525285252952530525315253252533525345253552536525375253852539525405254152542525435254452545525465254752548525495255052551525525255352554525555255652557525585255952560525615256252563525645256552566525675256852569525705257152572525735257452575525765257752578525795258052581525825258352584525855258652587525885258952590525915259252593525945259552596525975259852599526005260152602526035260452605526065260752608526095261052611526125261352614526155261652617526185261952620526215262252623526245262552626526275262852629526305263152632526335263452635526365263752638526395264052641526425264352644526455264652647526485264952650526515265252653526545265552656526575265852659526605266152662526635266452665526665266752668526695267052671526725267352674526755267652677526785267952680526815268252683526845268552686526875268852689526905269152692526935269452695526965269752698526995270052701527025270352704527055270652707527085270952710527115271252713527145271552716527175271852719527205272152722527235272452725527265272752728527295273052731527325273352734527355273652737527385273952740527415274252743527445274552746527475274852749527505275152752527535275452755527565275752758527595276052761527625276352764527655276652767527685276952770527715277252773527745277552776527775277852779527805278152782527835278452785527865278752788527895279052791527925279352794527955279652797527985279952800528015280252803528045280552806528075280852809528105281152812528135281452815528165281752818528195282052821528225282352824528255282652827528285282952830528315283252833528345283552836528375283852839528405284152842528435284452845528465284752848528495285052851528525285352854528555285652857528585285952860528615286252863528645286552866528675286852869528705287152872528735287452875528765287752878528795288052881528825288352884528855288652887528885288952890528915289252893528945289552896528975289852899529005290152902529035290452905529065290752908529095291052911529125291352914529155291652917529185291952920529215292252923529245292552926529275292852929529305293152932529335293452935529365293752938529395294052941529425294352944529455294652947529485294952950529515295252953529545295552956529575295852959529605296152962529635296452965529665296752968529695297052971529725297352974529755297652977529785297952980529815298252983529845298552986529875298852989529905299152992529935299452995529965299752998529995300053001530025300353004530055300653007530085300953010530115301253013530145301553016530175301853019530205302153022530235302453025530265302753028530295303053031530325303353034530355303653037530385303953040530415304253043530445304553046530475304853049530505305153052530535305453055530565305753058530595306053061530625306353064530655306653067530685306953070530715307253073530745307553076530775307853079530805308153082530835308453085530865308753088530895309053091530925309353094530955309653097530985309953100531015310253103531045310553106531075310853109531105311153112531135311453115531165311753118531195312053121531225312353124531255312653127531285312953130531315313253133531345313553136531375313853139531405314153142531435314453145531465314753148531495315053151531525315353154531555315653157531585315953160531615316253163531645316553166531675316853169531705317153172531735317453175531765317753178531795318053181531825318353184531855318653187531885318953190531915319253193531945319553196531975319853199532005320153202532035320453205532065320753208532095321053211532125321353214532155321653217532185321953220532215322253223532245322553226532275322853229532305323153232532335323453235532365323753238532395324053241532425324353244532455324653247532485324953250532515325253253532545325553256532575325853259532605326153262532635326453265532665326753268532695327053271532725327353274532755327653277532785327953280532815328253283532845328553286532875328853289532905329153292532935329453295532965329753298532995330053301533025330353304533055330653307533085330953310533115331253313533145331553316533175331853319533205332153322533235332453325533265332753328533295333053331533325333353334533355333653337533385333953340533415334253343533445334553346533475334853349533505335153352533535335453355533565335753358533595336053361533625336353364533655336653367533685336953370533715337253373533745337553376533775337853379533805338153382533835338453385533865338753388533895339053391533925339353394533955339653397533985339953400534015340253403534045340553406534075340853409534105341153412534135341453415534165341753418534195342053421 |
- /* test.c
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /*
- * Some common, optional build settings:
- * these can also be set in wolfssl/options.h or user_settings.h
- * -------------------------------------------------------------
- *
- * set the default devId for cryptocb to the value instead of INVALID_DEVID
- * WC_USE_DEVID=0x1234
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #ifndef WOLFSSL_USER_SETTINGS
- #include <wolfssl/options.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #ifndef NO_CRYPT_TEST
- #include <wolfssl/version.h>
- #include <wolfssl/wolfcrypt/types.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #include <wolfssl/wolfcrypt/mem_track.h>
- #if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
- #include <wolfssl/ssl.h>
- #define err_sys err_sys_remap /* remap err_sys */
- #include <wolfssl/test.h>
- #undef err_sys
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- #include <stdint.h>
- #endif
- #ifdef HAVE_STACK_SIZE_VERBOSE
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
- static WC_MAYBE_UNUSED ssize_t max_relative_stack =
- WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
- #else
- static WC_MAYBE_UNUSED ssize_t max_relative_stack = -1;
- #endif
- #endif
- const byte const_byte_array[] = "A+Gd\0\0\0";
- #define CBPTR_EXPECTED 'A'
- #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
- static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
- #else
- static ssize_t max_relative_heap_allocs = -1;
- #endif
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
- static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
- #else
- static ssize_t max_relative_heap_bytes = -1;
- #endif
- #define PRINT_HEAP_CHECKPOINT() { \
- const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
- const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
- printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
- (long int)_rha, \
- _rha == 1 ? "" : "s", \
- (long int)_rhb); \
- if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
- return err_sys("heap allocs exceed designated max.", \
- WC_TEST_RET_ENC_NC); \
- if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
- return err_sys("heap bytes exceed designated max.", \
- WC_TEST_RET_ENC_NC); \
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
- }
- #else
- #define PRINT_HEAP_CHECKPOINT() WC_DO_NOTHING
- #endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */
- #ifdef USE_FLAT_TEST_H
- #ifdef HAVE_CONFIG_H
- #include "test_paths.h"
- #endif
- #include "test.h"
- #else
- #ifdef HAVE_CONFIG_H
- #include "wolfcrypt/test/test_paths.h"
- #endif
- #include "wolfcrypt/test/test.h"
- #endif
- /* printf mappings */
- #ifndef WOLFSSL_LOG_PRINTF
- #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
- #include <mqx.h>
- #include <stdlib.h>
- /* see wc_port.h for fio.h and nio.h includes */
- #elif defined(FREESCALE_KSDK_BM)
- #include "fsl_debug_console.h"
- #undef printf
- #define printf PRINTF
- #elif defined(WOLFSSL_APACHE_MYNEWT)
- #include <assert.h>
- #include <string.h>
- #include "sysinit/sysinit.h"
- #include "os/os.h"
- #ifdef ARCH_sim
- #include "mcu/mcu_sim.h"
- #endif
- #include "os/os_time.h"
- #elif defined(WOLFSSL_ESPIDF)
- #include <time.h>
- #include <sys/time.h>
- #include <esp_log.h>
- #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
- #define ESPIDF_TAG "wc_test"
- #elif defined(WOLFSSL_ZEPHYR)
- #include <stdio.h>
- #define printf printk
- #elif defined(MICRIUM)
- #include <os.h>
- #if (OS_VERSION < 50000)
- #include <bsp_ser.h>
- void BSP_Ser_Printf (CPU_CHAR* format, ...);
- #undef printf
- #define printf BSP_Ser_Printf
- #else
- #include <stdio.h>
- #endif
- #elif defined(WOLFSSL_PB)
- #include <stdarg.h>
- int wolfssl_pb_print(const char*, ...);
- #undef printf
- #define printf wolfssl_pb_print
- #elif defined(WOLFSSL_TELIT_M2MB)
- #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
- #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
- /* remap printf */
- #undef printf
- #define printf M2M_LOG_INFO
- /* OS requires occasional sleep() */
- #ifndef TEST_SLEEP_MS
- #define TEST_SLEEP_MS 50
- #endif
- #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
- /* don't use file system for these tests, since ./certs dir isn't loaded */
- #undef NO_FILESYSTEM
- #define NO_FILESYSTEM
- #elif defined(THREADX) && !defined(WOLFSSL_WICED) && \
- !defined(THREADX_NO_DC_PRINTF)
- #ifndef NETOS
- /* since just testing, use THREADX log printf instead (NETOS prototypes
- * this elsewhere) */
- int dc_log_printf(char*, ...);
- #endif
- #undef printf
- #define printf dc_log_printf
- #elif defined(ANDROID)
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #ifndef STRING_USER
- #include <stdio.h>
- #endif
- #include <android/log.h>
- #ifdef ANDROID_V454 /* See fips/android/wolfCrypt_v454_android */
- #ifndef NO_FILESYSTEM
- #define NO_FILESYSTEM /* Turn off tests that want to call SaveDerAndPem() */
- #endif
- #else
- #define printf(...) \
- __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
- #define fprintf(fp, ...) \
- __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
- #endif
- #elif defined(WOLFSSL_DEOS)
- #include <printx.h>
- #undef printf
- #define printf printx
- #elif defined(WOLFSSL_RENESAS_RSIP)
- #ifndef TEST_SLEEP
- #define TEST_SLEEP() vTaskDelay(50)
- #endif
- #undef vprintf
- #define vprintf rsip_vprintf
- #include <stdarg.h> /* for var args */
- int rsip_vprintf(const char* restrict format, va_list args)
- {
- int ret;
- char tmpBuf[80];
- ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
- printf(tmpBuf);
- return ret;
- }
- #else
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
- #include <stdio.h>
- #endif
- #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
- #undef printf
- #define printf(...) ({})
- #endif
- /* enable way for customer to override test/bench printf */
- #ifdef XPRINTF
- #undef printf
- #define printf XPRINTF
- #elif !defined(printf)
- /* arrange for printf() to flush after every message -- this assures
- * redirected output (to a log file) records progress right up to the
- * moment of a crash/abort(); otherwise anything queued in stdout would
- * be lost.
- */
- #define printf(...) ( printf(__VA_ARGS__), fflush(stdout) )
- #endif
- #endif
- #endif /* !WOLFSSL_LOG_PRINTF */
- #include <wolfssl/wolfcrypt/memory.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/types.h>
- #include <wolfssl/wolfcrypt/asn.h>
- #include <wolfssl/wolfcrypt/md2.h>
- #include <wolfssl/wolfcrypt/md5.h>
- #include <wolfssl/wolfcrypt/md4.h>
- #include <wolfssl/wolfcrypt/sha.h>
- #include <wolfssl/wolfcrypt/sha256.h>
- #include <wolfssl/wolfcrypt/sha512.h>
- #include <wolfssl/wolfcrypt/hash.h>
- #include <wolfssl/wolfcrypt/rc2.h>
- #include <wolfssl/wolfcrypt/arc4.h>
- #if !defined(WC_NO_RNG)
- #include <wolfssl/wolfcrypt/random.h>
- #endif
- #include <wolfssl/wolfcrypt/wolfmath.h>
- #include <wolfssl/wolfcrypt/coding.h>
- #include <wolfssl/wolfcrypt/signature.h>
- #include <wolfssl/wolfcrypt/rsa.h>
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/aes.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #include <wolfssl/wolfcrypt/cmac.h>
- #include <wolfssl/wolfcrypt/siphash.h>
- #include <wolfssl/wolfcrypt/poly1305.h>
- #include <wolfssl/wolfcrypt/camellia.h>
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/kdf.h>
- #include <wolfssl/wolfcrypt/dh.h>
- #include <wolfssl/wolfcrypt/dsa.h>
- #include <wolfssl/wolfcrypt/srp.h>
- #include <wolfssl/wolfcrypt/chacha.h>
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
- #include <wolfssl/wolfcrypt/pwdbased.h>
- #include <wolfssl/wolfcrypt/ripemd.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif
- #ifdef WOLFSSL_SM2
- #include <wolfssl/wolfcrypt/sm2.h>
- #endif
- #ifdef HAVE_HPKE
- #include <wolfssl/wolfcrypt/hpke.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_CURVE448
- #include <wolfssl/wolfcrypt/curve448.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/wolfcrypt/ed448.h>
- #endif
- #ifdef WOLFSSL_HAVE_KYBER
- #include <wolfssl/wolfcrypt/kyber.h>
- #ifdef WOLFSSL_WC_KYBER
- #include <wolfssl/wolfcrypt/wc_kyber.h>
- #endif
- #if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
- #include <wolfssl/wolfcrypt/ext_kyber.h>
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_XMSS)
- #include <wolfssl/wolfcrypt/xmss.h>
- #ifdef HAVE_LIBXMSS
- #include <wolfssl/wolfcrypt/ext_xmss.h>
- #else
- #include <wolfssl/wolfcrypt/wc_xmss.h>
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_LMS)
- #include <wolfssl/wolfcrypt/lms.h>
- #ifdef HAVE_LIBLMS
- #include <wolfssl/wolfcrypt/ext_lms.h>
- #else
- #include <wolfssl/wolfcrypt/wc_lms.h>
- #endif
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- #include <wolfssl/wolfcrypt/eccsi.h>
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- #include <wolfssl/wolfcrypt/sakke.h>
- #endif
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- #include <wolfssl/wolfcrypt/blake2.h>
- #endif
- #ifdef WOLFSSL_SHA3
- #include <wolfssl/wolfcrypt/sha3.h>
- #endif
- #ifdef WOLFSSL_SM3
- #include <wolfssl/wolfcrypt/sm3.h>
- #endif
- #ifdef WOLFSSL_SM4
- #include <wolfssl/wolfcrypt/sm4.h>
- #endif
- #ifdef HAVE_LIBZ
- #include <wolfssl/wolfcrypt/compress.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/wolfcrypt/pkcs7.h>
- #endif
- #ifdef HAVE_PKCS12
- #include <wolfssl/wolfcrypt/pkcs12.h>
- #endif
- #ifdef HAVE_FIPS
- #include <wolfssl/wolfcrypt/fips_test.h>
- #endif
- #ifdef HAVE_SELFTEST
- #include <wolfssl/wolfcrypt/selftest.h>
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- #include <wolfssl/wolfcrypt/async.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- #include <wolfssl/wolfcrypt/logging.h>
- #endif
- #ifdef WOLFSSL_CAAM
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #endif
- #ifdef WOLF_CRYPTO_CB
- #include <wolfssl/wolfcrypt/cryptocb.h>
- #ifdef HAVE_INTEL_QA_SYNC
- #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
- #endif
- #ifdef HAVE_RENESAS_SYNC
- #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
- #endif
- #endif
- #ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable: 4996)
- #endif
- #ifdef OPENSSL_EXTRA
- #ifndef WOLFCRYPT_ONLY
- #include <wolfssl/openssl/evp.h>
- #include <wolfssl/openssl/hmac.h>
- #endif
- #include <wolfssl/openssl/rand.h>
- #include <wolfssl/openssl/aes.h>
- #include <wolfssl/openssl/des.h>
- #endif
- #if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define USE_CERT_BUFFERS_2048
- #endif
- #if !defined(USE_CERT_BUFFERS_256)
- #define USE_CERT_BUFFERS_256
- #endif
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
- #define ENABLE_ECC384_CERT_GEN_TEST
- #endif
- #include <wolfssl/certs_test.h>
- #ifdef DEVKITPRO
- #include <wiiuse/wpad.h>
- #endif
- #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- /* FIPS build has replaced ecc.h. */
- #define wc_ecc_key_get_priv(key) (&((key)->k))
- #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- static WOLFSSL_HEAP_HINT* HEAP_HINT;
- #else
- #define HEAP_HINT NULL
- #endif /* WOLFSSL_STATIC_MEMORY */
- /* these cases do not have intermediate hashing support */
- #if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
- && !defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- #define NO_INTM_HASH_TEST
- #endif
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
- defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
- defined(WOLFSSL_SECO_CAAM)
- #define HASH_SIZE_LIMIT
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- static void initDefaultName(void);
- #endif
- /* for async devices */
- #ifdef WOLFSSL_CAAM_DEVID
- static int devId = WOLFSSL_CAAM_DEVID;
- #else
- #ifdef WC_USE_DEVID
- static int devId = WC_USE_DEVID;
- #else
- static int devId = INVALID_DEVID;
- #endif
- #endif
- #ifdef HAVE_WNR
- const char* wnrConfigFile = "wnr-example.conf";
- #endif
- #define TEST_STRING "Everyone gets Friday off."
- #define TEST_STRING_SZ 25
- typedef struct testVector {
- const char* input;
- const char* output;
- size_t inLen;
- size_t outLen;
- } testVector;
- #ifndef WOLFSSL_TEST_SUBROUTINE
- #define WOLFSSL_TEST_SUBROUTINE
- #endif
- PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
- PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void);
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void);
- #endif
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void);
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
- defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
- defined(WOLFSSL_AFALG_XILINX_RSA)
- /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
- static wc_test_ret_t hkdf_test(void);
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void);
- #endif
- #endif /* HAVE_HKDF && ! NO_HMAC */
- #ifdef WOLFSSL_HAVE_PRF
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void);
- #endif /* WOLFSSL_BASE16 */
- #endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
- #endif /* WOLFSSL_HAVE_PRF */
- #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void);
- #ifdef WOLFSSL_TLS13
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void);
- #ifdef WC_SRTP_KDF
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void);
- #ifdef WC_RC2
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void);
- #if defined(WOLFSSL_AES_CFB)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void);
- #endif
- #ifdef WOLFSSL_AES_XTS
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void);
- #if defined(WOLFSSL_SIPHASH)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void);
- #ifdef WOLFSSL_SM4
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void);
- #endif
- #ifdef WC_RSA_NO_PADDING
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void);
- #ifndef WC_NO_RNG
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void);
- #endif /* WC_NO_RNG */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
- #ifdef HAVE_ECC
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void);
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void);
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- /* skip for ATECC508/608A, cannot import private key buffers */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void);
- #endif
- #endif
- #ifdef HAVE_CURVE25519
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void);
- #endif
- #ifdef HAVE_ED25519
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void);
- #endif
- #ifdef HAVE_CURVE448
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void);
- #endif
- #ifdef HAVE_ED448
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void);
- #endif
- #ifdef WOLFSSL_HAVE_KYBER
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void);
- #endif
- #if defined(WOLFSSL_HAVE_XMSS)
- #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void);
- #endif
- #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void);
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_LMS)
- #if !defined(WOLFSSL_SMALL_STACK)
- #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
- defined(HAVE_LIBLMS)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
- #endif
- #endif
- #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void);
- #endif
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void);
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void);
- #endif
- #ifdef HAVE_BLAKE2
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void);
- #endif
- #ifdef HAVE_BLAKE2S
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void);
- #endif
- #ifdef HAVE_LIBZ
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void);
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void);
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void);
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void);
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key,
- word32 keySz);
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void);
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void);
- #if defined(WOLFSSL_PUBLIC_MP) && \
- ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(USE_FAST_MATH))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void);
- #endif
- #if defined(__INCLUDE_NUTTX_CONFIG_H)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void);
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void);
- #endif
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void);
- #endif
- #ifdef WOLFSSL_CAAM_BLOB
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void);
- #endif
- #ifdef HAVE_ARIA
- #include "wolfssl/wolfcrypt/port/aria/aria-crypt.h"
- void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
- WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
- #endif
- #ifdef WOLF_CRYPTO_CB
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
- #endif
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void);
- #endif
- #ifdef WOLFSSL_AES_SIV
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void);
- #endif
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
- #endif /* WOLFSSL_AES_EAX */
- /* General big buffer size for many tests. */
- #define FOURK_BUF 4096
- /* If not defined in user_settings, the ERROR_OUT pause is 120 seconds. */
- #ifndef WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION
- #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION 120
- #endif
- #if defined(WOLFSSL_ESPIDF_ERROR_PAUSE)
- #if defined(CONFIG_FREERTOS_HZ)
- #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
- (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * CONFIG_FREERTOS_HZ)
- #else
- /* If not defined, assume RTOS is 1000 ticks per second. */
- #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
- (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * 1000)
- #endif
- /* When defined, pause at error condition rather than exit with error. */
- #define ERROR_OUT(err, eLabel) \
- do { \
- ret = (err); \
- ESP_LOGE(ESPIDF_TAG, "Failed: Error = %d during %s, line %d", \
- err, __FUNCTION__, __LINE__); \
- ESP_LOGI(ESPIDF_TAG, "Extended system info:"); \
- esp_ShowExtendedSystemInfo(); \
- ESP_LOGW(ESPIDF_TAG, "Paused for %d seconds! " \
- "WOLFSSL_ESPIDF_ERROR_PAUSE is enabled.", \
- WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION); \
- vTaskDelay(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS); \
- goto eLabel; \
- } while (0)
- #else
- #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
- #endif
- /* Not all unexpected conditions are actually errors .*/
- #define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
- static void render_error_message(const char* msg, wc_test_ret_t es)
- {
- (void)msg;
- (void)es;
- #ifdef WOLFSSL_LINUXKM
- #define err_sys_printf lkm_printf
- #else
- #define err_sys_printf printf
- #endif
- switch (WC_TEST_RET_DEC_TAG(es)) {
- case WC_TEST_RET_TAG_NC:
- err_sys_printf("%s error L=%d\n", msg, WC_TEST_RET_DEC_LN(es));
- break;
- case WC_TEST_RET_TAG_EC:
- #ifdef NO_ERROR_STRINGS
- err_sys_printf("%s error L=%d code=%d\n", msg,
- WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
- #else
- err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
- WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
- wc_GetErrorString(-WC_TEST_RET_DEC_I(es)));
- #endif
- break;
- case WC_TEST_RET_TAG_ERRNO:
- {
- /* strerror_r() comes in two mutually incompatible flavors, a native glibc
- * flavor that always returns a non-null char pointer that must be used
- * directly, and a POSIX flavor that returns an error int, and iff success,
- * stores an error string in the supplied buffer. this is all most
- * infelicitous...
- */
- #if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \
- (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) && \
- ((defined(__GLIBC__) && (__GLIBC__ >= 2)) || \
- (defined(__USE_XOPEN2K) && \
- defined(_POSIX_C_SOURCE) && \
- (_POSIX_C_SOURCE >= 200112L)))
- char errno_buf[64], *errno_string;
- /* precisely mirror the gate used in glibc string.h */
- #if defined __USE_XOPEN2K && !defined __USE_GNU
- if (strerror_r(WC_TEST_RET_DEC_I(es),
- errno_buf, sizeof(errno_buf)) != 0)
- XSTRLCPY(errno_buf, "?", sizeof(errno_buf));
- errno_string = errno_buf;
- #else
- errno_string = strerror_r(WC_TEST_RET_DEC_I(es),
- errno_buf, sizeof(errno_buf));
- #endif
- err_sys_printf("%s error L=%d errno=%d (%s)\n", msg,
- WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es),
- errno_string);
- #else /* can't figure out how to strerror_r(), or don't want error strings */
- err_sys_printf("%s error L=%d errno=%d\n", msg,
- WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
- #endif
- break;
- }
- case WC_TEST_RET_TAG_I:
- err_sys_printf("%s error L=%d i=%d\n", msg,
- WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
- break;
- }
- #undef err_sys_printf
- }
- static void print_fiducials(void);
- #ifdef HAVE_STACK_SIZE
- static THREAD_RETURN err_sys(const char* msg, int es)
- #else
- static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es)
- #endif
- {
- render_error_message(msg, es);
- print_fiducials();
- #ifdef WOLFSSL_LINUXKM
- EXIT_TEST(es);
- #else
- EXIT_TEST(-1);
- #endif
- }
- #ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
- /* func_args from test.h, so don't have to pull in other stuff */
- typedef struct func_args {
- int argc;
- char** argv;
- wc_test_ret_t return_code;
- } func_args;
- #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
- #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
- static void myFipsCb(int ok, int err, const char* hash)
- {
- printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
- printf("message = %s\n", wc_GetErrorString(err));
- printf("hash = %s\n", hash);
- if (err == IN_CORE_FIPS_E) {
- printf("In core integrity hash check failure, copy above hash\n");
- printf("into verifyCore[] in fips_test.c and rebuild\n");
- }
- }
- #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
- #ifdef WOLFSSL_STATIC_MEMORY
- #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
- static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
- #elif defined(BENCH_EMBEDDED)
- static byte gTestMemory[14000];
- #elif defined(WOLFSSL_CERT_EXT)
- static byte gTestMemory[140000];
- #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(USE_FAST_MATH)) && \
- !defined(ALT_ECC_SIZE)
- static byte gTestMemory[160000];
- #else
- static byte gTestMemory[80000];
- #endif
- #endif
- #ifdef WOLFSSL_PB
- static int wolfssl_pb_print(const char* msg, ...)
- {
- int ret;
- va_list args;
- char tmpBuf[80];
- va_start(args, msg);
- ret = vsprint(tmpBuf, msg, args);
- va_end(args);
- fnDumpStringToSystemLog(tmpBuf);
- return ret;
- }
- #endif /* WOLFSSL_PB */
- #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
- !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- /* Enable support for RNG with crypto callback */
- static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
- {
- int rc = CRYPTOCB_UNAVAILABLE;
- if (info->algo_type == WC_ALGO_TYPE_RNG) {
- rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
- }
- (void)ctx;
- (void)thisDevId;
- return rc;
- }
- #endif
- #if defined(WC_KDF_NIST_SP_800_56C)
- #define INIT_SP80056C_TEST_VECTOR(_z, _fixedInfo, _derivedKey, _hashType) \
- { \
- .z = (const byte*)_z, .zSz = sizeof(_z) - 1, \
- .fixedInfo = (const byte*)_fixedInfo, \
- .fixedInfoSz = sizeof(_fixedInfo) - 1, \
- .derivedKey = (const byte*)_derivedKey, \
- .derivedKeySz = sizeof(_derivedKey) - 1, .hashType = _hashType, \
- }
- #define SP800_56C_MAX_OUT 128
- static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
- {
- struct sp800_56c_test_vector {
- const byte* z;
- word32 zSz;
- const byte* fixedInfo;
- word32 fixedInfoSz;
- const byte* derivedKey;
- word32 derivedKeySz;
- enum wc_HashType hashType;
- };
- struct sp800_56c_test_vector* v;
- byte output[SP800_56C_MAX_OUT];
- word32 i;
- int ret;
- /* vectors from
- * https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
- *
- * (KeyManagement) */
- struct sp800_56c_test_vector vctors[] = {
- #if !defined(NO_SHA)
- /* SHA-1 */
- INIT_SP80056C_TEST_VECTOR(
- "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
- "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
- "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
- "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
- "\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\xae\x64\xab\x2b\x2b\x75\xa9\x4c\xf8\xef\x24\xda\x24\x56\xbd\x3a"
- "\xa3\x6d\xb6\x14\x29\xea\x55\x21",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xcc\x96\x5a\x52\xd0\x5c\x94\x9e\x52\xc0\x35\xfd\x03\x53\x0d\xb7"
- "\xea\xa4\x08\x70\x2c\x9d\x35\x21\x1e\x67\x21\x54\x12\x45\x91\x51"
- "\xba\x22\x62\xbd\x1e\x28\xe5\x6b",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\x71\x5d\xc0\xea\x24\x6b\x46\x56\x63\xa8\x9c\xde\x04\x12\xc1\x92"
- "\xe1\x9e\x58\xd5\xb0\xb6\x36\x6d\xa7\x89\xad\xbf\x44\x9a\x38\xaa"
- "\x46\x69\xfe\x36\x30\xa2\x0f\x7f\xa3\x14\x9c\x9b\x4b\x0a\xb5\xcd"
- "\x3e\x14\x18\x2b\x75\x04\xd5\xd2\x75\x2b\xf6\x58\x7a\xab\xc9\xf4"
- "\xcb\x8f\xe5\x29\x23\x6a\xb8\x15\x36\xad\xd2\xbd\x25\xd6\xbf\x9d"
- "\x5f\x1d\xf5\x76\x16\x5a\xa5\x5c\x24\x99\x61\xd8\xf8\x75\x00\xed"
- "\x8d\xbf\xc5\xd2\x50\x53\x4c\x07\xd9\x9a\xc9\x17\xf9\x84\x60\x46"
- "\xac\x5c\xb8\xa2\x98\x74\x26\x22\xd3\xc9\x86\x18\x06\x92\x46\xe8"
- "\xad\x37\x11\x25\x57\xe0\xe6\x34\xb5\x81\x32\x7a\x4a\xd3\x2c\x7c"
- "\x76\x4b\xe8\xf8\x08\x0d\x37\x2c\x63\x20\x93\xa7\x67\xf1\x55\xbd"
- "\x22\xec\x00\x3c\xa6\x1c\x8b\x43\x32\x0f\x3a\xbe\xb5\xdd\xc4\xa3"
- "\xb1\x89\x82\xfd\xd6\x51\x0f\x88\x3c\x8d\xc1\xe0\xb1\x57\xff\xb9"
- "\xcf\xc0\xa5\x9c\xe2\xd4\x05\x5f\xfc\x73\xe7\x15\x2a\x6a\x95\x43"
- "\xb9\x19\xe7\x94\xe9\x49\x61\x33\xbe\x2a\x23\x18\xd9\x05\x6e\xfd"
- "\x74\x48\x2d\xc6\x3c\x0d\xb5\x8f\xe6\x42\x6b\x0f\xe7\x35\x45\x42"
- "\xc2\x19\x7a\xb6\xbd\x35\xf1\xa9\x2d\xce\x90\xb1\xc4\x6d\x32\xc1",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x1b\x5f\xcc\x8d\x81\xa5\xd9\xa9\x36\x94\xe6\x47\x77\x88\xd8\x03"
- "\x15\x84\xc3\xf5\x2e\x9f\x11\x7a\xe8\x18\x4d\xba\x56\x47\x9d\x87"
- "\x66\x76\x92\xf1\x2d\x7b\xd3\x8b",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\x33\xe0\x50\xbd\x20\x9f\x2d\xf2\x77\x19\x78\xfc\xd1\xd4\xc8\x2e"
- "\x49\xd0\x1d\x65\xbb\x62\x03\x20\xd3\x0b\xfe\xa8\x7a\xa8\x69\xe1"
- "\x07\xa5\x17\xa4\xc8\x5b\x69\x28\x45\x21\xca\x54\xb7\x7f\x59\xe9"
- "\x4a\x85\x6d\xaa\x30\xa3\x85\xa5\x25\xd8\xa3\xf7\xe1\x5e\xe5\xe9"
- "\xaa\x12\x8d\x45\xef\x63\xf9\x0c\x10\xe0\x8f\xc5\x26\x36\x13\x77"
- "\x81\x54\x7a\x58\x9f\x97\x87\xf9\xd7\xdd\x61\x43\x41\x9a\x26\x16"
- "\x80\x16\x82\x40\xaa\xb2\x01\x3d\x80\x20\xdb\xe8\x4b\x7e\x2b\xed"
- "\xce\x67\x1b\x94\x03\xbd\x1f\x91\x71\xa2\x57\x90\xce\x66\x7d\xed",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x35\x10\x85\x85\xfc\x55\x62\xb5\xf1\x8f\x20\x7b\xa8\x35\x63\xe4"
- "\x49\x28\x45\x6a\x5e\x53\x63\x7e\xae\x6b\xb5\xfc\x33\x88\xae\x02"
- "\x91\x79\x0a\x1d\xc8\x31\x4e\x28",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\x5c\x80\x4f\x45\x4d\x30\xd9\xc4\xdf\x85\x27\x1f\x93\x52\x8c\x91"
- "\xdf\x6b\x48\xab\x5f\x80\xb3\xb5\x9c\xaa\xc1\xb2\x8f\x8a\xcb\xa9"
- "\xcd\x3e\x39\xf3\xcb\x61\x45\x25\xd9\x52\x1d\x2e\x64\x4c\x53\xb8"
- "\x07\xb8\x10\xf3\x40\x06\x2f\x25\x7d\x7d\x6f\xbf\xe8\xd5\xe8\xf0"
- "\x72\xe9\xb6\xe9\xaf\xda\x94\x13\xea\xfb\x2e\x8b\x06\x99\xb1\xfb"
- "\x5a\x0c\xac\xed\xde\xae\xad\x7e\x9c\xfb\xb3\x6a\xe2\xb4\x20\x83"
- "\x5b\xd8\x3a\x19\xfb\x0b\x5e\x96\xbf\x8f\xa4\xd0\x9e\x34\x55\x25"
- "\x16\x7e\xcd\x91\x55\x41\x6f\x46\xf4\x08\xed\x31\xb6\x3c\x6e\x6d",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xfa\xa0\x22\xce\x7f\xa9\xba\x95\xeb\xa3\x9f\x3f\x44\xf3\xee\x14"
- "\x96\x0a\x0b\x23\x9d\x01\x4b\x57\x70\xe4\x71\xd7\x5a\x99\xea\x87"
- "\x10\xe3\x8f\x0c\xef\x0f\xfc\x67",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
- "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
- "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
- "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
- "\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
- WC_HASH_TYPE_SHA),
- #endif
- #if defined(WOLFSSL_SHA224)
- /* SHA-224*/
- INIT_SP80056C_TEST_VECTOR(
- "\x8c\x5d\x6e\x5d\x36\x06\x83\xba\x55\xb0\x9d\xb1\x69\x6d\x7c\x64"
- "\x02\xff\x87\x88\x5f\xf5\x07\x70\xf2\x76\x7b\x75\x54\x60\x20\x7e"
- "\xd5\xc7\x43\xfd\x27\xe7\xeb\x1d\x0c\xa5\x91\xf8\x56\x38\x93\x11"
- "\x73\x07\x44\xf2\x04\xd2\xe5\x5b\x8b\xd4\x46\xce\xca\x03\x1f\x7b"
- "\xac\xcf\xf1\xa7\x1b\x68\x34\x59\xcc\x54\xd5\x01\xda\xbf\x4a\x84"
- "\xcd\xb8\x6d\xfa\xda\xff\x31\x0f\xbd\xba\xf7\x4d\xd5\x1b\xa1\xe1"
- "\xe1\x19\x1a\xf1\x4c\x9b\xf8\x94\x43\xbf\x58\x8e\x9c\xe3\x30\x34"
- "\xaf\x5e\x89\xbf\x6f\xfc\x47\xd7\xd9\xca\x4a\x5e\x8f\xf8\xa0\x50"
- "\x20\xbb\x0f\x95\xbc\xde\x01\x56\xd8\x7f\xb8\x60\xbd\x40\x83\xfa"
- "\x5b\x53\x1a\x08\xa4\xfb\x7e\xe0\x20\x1a\xe8\xb3\xcc\xff\xe9\x9f"
- "\x27\x0b\xc3\x53\x4b\xaa\xcf\xc0\x01\xcd\xd8\x0a\xd8\x7c\xce\x71"
- "\xf0\x91\xe7\x66\xca\x5c\xc2\x75\xcb\x49\x14\x5a\x5e\xe6\x16\x2e"
- "\xcc\xf5\x58\xce\xc4\xd3\xee\x53\x1e\x91\xe9\xa5\x29\x69\x63\x4d"
- "\x3a\xf8\xd2\x6f\x8d\x15\xdc\x0d\x6f\x6e\x0a\x97\x4b\xe4\x34\x1b"
- "\x68\xa0\x19\x90\xdb\xb8\x64\x95\x89\x1a\xd3\xaf\xc1\xe4\xce\xdf"
- "\x4c\x6a\xe1\xf1\xcd\x60\x81\xcd\xee\xd8\xe6\xb3\x26\x4e\xc3\xbe"
- "\x24\x58\xd1\xc0\xca\x24\x43\x41\x0c\xf3\xb4\x7c\x0c\x25\x4c\x7d"
- "\xc8\xec\xb4\x3e\x6c\x23\x64\xe1\xc0\x62\x19\xcc\x7e\xfb\xff\xbb"
- "\x63\xd7\xff\xfc\x74\x58\x12\xfd\x24\x0c\x33\xd4\x96\xb9\x99\x2f"
- "\x96\x80\xa6\x3c\x07\x96\x3c\x0c\x49\xf3\xc1\xba\xef\xec\xaf\x32"
- "\xe2\xaa\x8a\x2f\x7c\xd3\x0d\x8f\x05\x1e\xe2\xf5\x0f\xbf\x05\xab"
- "\x13\x96\xa4\xea\x87\x44\x7d\x7b\x98\x1b\x5e\x46\x14\x28\x18\x71"
- "\xa6\xf0\xf6\xbf\x1f\xe0\x02\x2f\x7e\xa1\x32\xbe\x0a\xe9\x19\x26"
- "\xab\x12\xaf\x6d\xc4\x50\x64\xaa\xd5\x6b\x84\xb9\x0c\x70\x08\x37"
- "\x09\xcf\xf7\xe3\x1b\x54\x8f\xb7\xfb\x2c\xf7\x5a\xbf\x96\xe0\x1c"
- "\xcd\x3e\x94\x2e\xed\x91\x48\x0d\x4c\x24\xc6\xb7\xf9\x79\xfb\xbe"
- "\x5d\xa2\x39\xb3\x76\x16\x7d\x68\x57\x35\x24\xff\xcb\x50\x99\x54"
- "\xcc\x80\xa0\xe1\xa7\x1c\x40\xc4\xda\x17\xb8\xd1\x57\x2b\x21\x58"
- "\x7a\x8d\x66\xcc\x62\x1c\x7c\xd1\x0f\x49\xab\xd5\xef\x86\x31\x13"
- "\xe6\x19\x21\x08\x6f\xac\x25\x31\x2b\x74\x1c\x11\xa8\xfb\xc1\xe3"
- "\x3c\x34\xd9\xda\x14\xa8\x22\x47\x7f\xcc\x36\x66\x70\x25\xc4\xf1"
- "\x30\xae\x10\x0e\x36\xf1\x5d\xa0\x03\x74\xce\x87\x41\x67\x9f\x61",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x4b\x99\x6a\x60\xc0\x4a\x35\xc5\xe6\xd4\x74\xb1\x0a\x25\x8d\x56"
- "\x2e\xa6\xdc\x52\xf6\xc6\x9b\xf3\x9e\xf8\x8c\x89\xe3\xcc\x8a\x54"
- "\xda\x2f\x3c\x0b\x56\x1b\x53\xfe\x76\x55\x13\x63\xd6\x9c\x3c\xef"
- "\x74\xe3\x4f\xe8\x8e\xb3\xac\x51",
- WC_HASH_TYPE_SHA224),
- INIT_SP80056C_TEST_VECTOR(
- "\x52\x27\x2f\x50\xf4\x6f\x4e\xdc\x91\x51\x56\x90\x92\xf4\x6d\xf2"
- "\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa\x9f\x18\xff\x54"
- "\xf8\x87\x23\x07\x3f\x64\xa6\x95\x3d\x04\x91\x4f\x45\xa2\x3e\xee"
- "\x7c\xfc\x46\x67\x08\x0a\xa0\xf9",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x77\x56\xbc\xfd\xef\x3e\xe6\x9f\x6a\xc2\x3c\xd2\xdc\x60\x7d\x01"
- "\xfa\x8c\xe1\xb2\x4f\x5c\xaa\xaa\x48\xe0\x4b\x81\x63\xe1\x73\x3a"
- "\xed\x7a\x04\x0e\x73\xf2\xb5\x42\x36\x8f\x00\x54\x8b\x16\x3c\x3d"
- "\xc9\x6d\x70\x09\x99\x16\xf1\x6b",
- WC_HASH_TYPE_SHA224),
- #endif
- #if !defined(NO_SHA256)
- /* SHA-256 */
- INIT_SP80056C_TEST_VECTOR(
- "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
- "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
- "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
- "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
- "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
- "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
- "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc\xa6",
- WC_HASH_TYPE_SHA256),
- INIT_SP80056C_TEST_VECTOR(
- "\x44\xf4\x84\x09\xf3\x1b\xf3\x50\x94\x51\xdb\x4d\x30\x4b\xeb\xd8"
- "\x3c\x2a\xd6\x50\x1c\x1b\x85\xe6\x32\xbc\x92\x58\x8e\x2d\x48\xb5"
- "\xd2\xb8\x44\x44\x62\xad\x94\xe8\xa4\x44\x94\x1e\xd4\x97\x5c\x97"
- "\x91\x17\xd7\x5a\x0a\x2b\xa8\x10\xdf\xa8\x80\x4a\x0f\xe9\x42\x6d"
- "\xd7\xeb\x95\xf2\x9c\xa4\x30\xda\x37\xef\xa5\x2c\x42\xda\x1d\xe2"
- "\x23\x76\x3b\xdd\xc9\x5e\x46\x6a\xa3\xb8\xd2\x06\xb8\x21\x8e\xdf"
- "\x23\x97\x3d\x05\xf3\xc7\xc2\x2b\x22\x46\x53\xd4\xf9\x21\x85\x45"
- "\x79\x83\x26\x2f\x27\xbc\x55\xa0\xa7\xae\xe5\x43\x54\x55\xd4\x3c"
- "\x0e\x0c\x6d\x80\x67\xad\xaf\x90\x42\xb6\xb7\x77\x7e\x19\x8d\x67"
- "\x60\x83\x0d\x96\xb2\x9a\x6a\xae\xf5\x74\xd7\x5e\x2d\x65\x43\x55"
- "\x0f\x75\x55\xcf\x89\x82\xc8\x21\xc4\xec\x9b\x82\x66\x2b\x09\x36"
- "\x69\xfd\x24\x6d\x4d\xcc\xbf\xf3\x1d\x98\x4e\xf6\x3c\x4f\x95\xd7"
- "\x39\xc7\x7e\x66\xf6\x9b\x6d\xb0\xd9\xfc\x1a\x97\x3f\x52\x33\xd1"
- "\x1f\xe7\x15\x4b\x8a\x6b\xe1\x50\x46\x7d\x92\xda\xf0\x91\x44\x34"
- "\xf0\xcf\x17\x6e\x96\x1b\x31\x3f\xe3\xe2\x3b\xfe\x37\x8b\x87\xba"
- "\xf2\x73\x93\x7f\xfa\xa6\x85\x65\x8b\x09\x78\x1d\x26\x97\x86\x4b"
- "\x0d\x82\x48\x5c\xf7\xd6\x2f\xfc\xea\x34\x33\x88\xcf\xec\x15\x27"
- "\x3a\x39\x4b\x84\x32\xee\xb6\x32\x1b\xe3\x1d\x4f\xcd\x16\x15\xc8"
- "\x1c\x69\x37\xc0\x8d\x92\x41\x6e\xdb\xdd\x20\x10\xfa\x8b\x6e\x0a"
- "\x8a\x60\x3d\xad\xe0\x10\xbc\x9c\xd7\x6b\x14\xe3\xe2\x19\x0e\x3b"
- "\xa3\x00\xe7\x1a\xdd\xbf\x24\x4c\xf8\x06\x29\x49\x76\xea\xf0\x7d"
- "\x02\x3b\xdb\x57\xfc\x5d\x19\x64\xc7\xd4\x20\x6e\x72\x06\x1b\xfe"
- "\x1e\xe4\xee\xbc\x92\x00\xe1\x3a\x6c\xba\x32\x86\x9d\xbe\x80\x82"
- "\xcd\xf3\x64\x5b\x5a\x72\x7d\xd2\x7c\xa5\x03\xf4\xed\xeb\x73\xe8"
- "\x8a\x3a\x55\x2c\x7e\x00\xd4\xee\x72\x42\x13\x72\x36\xa0\x96\x5c"
- "\x1e\xc3\xeb\xc0\xb4\x8c\x2b\x46\x7e\xb8\x42\x41\x5a\x28\x3f\x55"
- "\xe2\x20\xff\xd1\x88\x19\x25\x6d\xa2\x47\x4d\x28\xfc\x3b\x04\xe0"
- "\xc0\x7e\x4d\x25\xc1\x74\x93\x41\xd2\x22\x97\x01\x5c\xd8\x17\x8c"
- "\x39\x18\xbe\x8c\x5c\xdf\x0f\xbf\xbb\x9a\x5a\xcc\xdd\x82\xaf\x07"
- "\x83\xef\xe4\xdf\x64\xa8\xd8\x92\x82\x8f\x8d\xe5\x8c\x5d\x56\x9b"
- "\x5b\x08\x45\x58\x96\xc4\xd3\xc3\x4f\xd3\xce\x93\xc4\x34\xc3\x8e"
- "\xf5\x6c\xed\x30\x56\x1c\x37\x1a\xf9\xf2\xd8\x64\xfd\xc5\xb6\x2f",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x42\x35\xac\x89\xc9\xf3\x3e\x5d\xbb\x11\x60\x1a\x29\x83\xe3\x76"
- "\xe2\x15\x39\x97\x87\xd8\x39\xa0\x38\x55\xfe\x04\x53\x3e\x1a\x67"
- "\x66\x91\x5e\x67\xc2\x5e\xeb\x04\x08\x28\xe9\x6c\xd3\xd6\xef\x0a"
- "\xb7\xd1\x7b\x43\x13\x43\xa7\xf3\xaa\xc6\x8f\x0c\x4a\x7e\x77\x9b",
- WC_HASH_TYPE_SHA256),
- /* slightly modified vector to test generation when derivedKeySz %
- * hashOutSz != 0*/
- INIT_SP80056C_TEST_VECTOR(
- "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
- "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
- "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
- "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
- "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
- "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
- "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc",
- WC_HASH_TYPE_SHA256),
- #endif
- #if defined(WOLFSSL_SHA384)
- /* SHA-384 */
- INIT_SP80056C_TEST_VECTOR(
- "\x5e\xa1\xfc\x4a\xf7\x25\x6d\x20\x55\x98\x1b\x11\x05\x75\xe0\xa8"
- "\xca\xe5\x31\x60\x13\x7d\x90\x4c\x59\xd9\x26\xeb\x1b\x84\x56\xe4"
- "\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e"
- "\x88\x76\x9c\xb7\x2f\xc5\xac\x45\x7c\xd5\x8e\x89\x08\x9b\x19\x6a"
- "\x70\xbf\x53\x3c\x6d\xc9\x1c\x9c\x7e\x17\x41\xdb\x5e\x7a\xb6\xb0"
- "\x84\x9f\x01\xde\xa6\x5f\xed\xd0\x6c\x77\x18\x7c\xd8\x8e\xd0\x30",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x8e\x6e\x26\x5f\x20\x82\xf1\x4d\x34\xda\x23\xe1\x03\x2c\x90\x24"
- "\x83\x4a\xf0\x15\x72\xb6\x64\x77\x82\x41\x1b\xdd\xcb\x84\xa5\xda"
- "\xee\x11\x7b\xa6\xfb\xa6\xd0\xeb\x28\x08\xef\x8a\xb0\x70\x05\xee"
- "\xab\xe5\x2d\x2e\xfd\x31\x12\x1c\x7b\xf9\xd5\xfa\xfc\x40\xe0\x0c"
- "\x6d\x6d\xbf\x39\xef\x43\xfe\x97\x15\xc7\x20\x2c\xdc\x2d\xb7\xe8"
- "\x2b\x88\xd7\x48\xeb\x84\x25\x8b\xf8\x4d\x85\x82\xf2\xbf\xd9\x40",
- WC_HASH_TYPE_SHA384),
- #endif
- #if defined(WOLFSSL_SHA512)
- /* SHA-512 */
- INIT_SP80056C_TEST_VECTOR(
- "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
- "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
- "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
- "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
- "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
- "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
- "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
- "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
- "\xde\x34\x54\xe4",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x2d\x4a\x46\xa1\x70\x99\xba\xa8\x33\x0b\xc5\x9d\x4a\x1c\xf5\xae"
- "\x3a\x30\x75\xb4\xc6\x2b\xb2\x6e\x7f\xc9\x89\x24\x72\x6d\x27\x4c"
- "\x09\x64\x6f\x44\x08\xe6\x85\x8c\x43\xb4\x2d\xae\xd0\x15\xef\x26"
- "\x17\x08\xd5\x5e\xf2\x4d\xaa\x7d\x3e\xa3\xd1\xc4\xa0\x8c\xfd\x24"
- "\xdb\x60\x00\xa5\xb8\xa6\x7d\xe7\x46\xf3\xd3\xf4\xff\x34\x85\x15"
- "\x8f\xd3\xb6\x91\x55\x79\x1d\xf4\x67\x47\xd4\xdb\xbe\x17\xc4\xb5"
- "\x58\x46\x2e\x26\xbe\x5e\xd3\x5f\xe6\x80\xe2\x97\x14\x22\xc3\xb0"
- "\x1b\x17\xe1\x67\xfc\x43\x7f\x84\x86\x9d\x85\x49\x53\x7b\x33\x38",
- WC_HASH_TYPE_SHA512),
- #endif
- INIT_SP80056C_TEST_VECTOR(
- "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
- "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
- "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
- "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
- "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
- "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
- "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
- "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
- "\xde\x34\x54\xe4",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x2d\x4a",
- WC_HASH_TYPE_SHA512),
- };
- for (i = 0; i < sizeof(vctors) / sizeof(vctors[0]); i++) {
- v = &vctors[i];
- ret = wc_KDA_KDF_onestep(v->z, v->zSz, v->fixedInfo, v->fixedInfoSz,
- v->derivedKeySz, v->hashType, output,
- /* use derivedKeySz to force the function to use a temporary buff
- for the last block */
- v->derivedKeySz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(output, v->derivedKey, v->derivedKeySz) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- /* negative tests */
- ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info",
- sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16,
- WC_HASH_TYPE_SHA256, output, 16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- /* allow empty FixedInfo */
- ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,
- WC_HASH_TYPE_SHA256, output, 16);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* WC_KDF_NIST_SP_800_56C */
- /* optional macro to add sleep between tests */
- #ifndef TEST_SLEEP
- #define TEST_SLEEP() WC_DO_NOTHING
- #else
- #define TEST_PASS test_pass
- #include <stdarg.h> /* for var args */
- static WC_INLINE void test_pass(const char* fmt, ...)
- {
- va_list args;
- va_start(args, fmt);
- STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
- va_end(args);
- PRINT_HEAP_CHECKPOINT();
- TEST_SLEEP();
- ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););
- }
- #endif
- /* set test pass output to printf if not overridden */
- #ifndef TEST_PASS
- /* redirect to printf */
- #define TEST_PASS(...) { \
- if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
- (max_relative_stack, printf(__VA_ARGS__)) < 0) { \
- return err_sys("post-test check failed", WC_TEST_RET_ENC_NC);\
- } \
- PRINT_HEAP_CHECKPOINT(); \
- ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); \
- }
- #endif
- #ifdef TEST_ALWAYS_RUN_TO_END
- #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); render_error_message(msg, retval); } while (0)
- #elif !defined(TEST_FAIL)
- #define TEST_FAIL(msg, retval) return err_sys(msg, retval)
- #endif
- #ifdef HAVE_STACK_SIZE
- THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
- #else
- wc_test_ret_t wolfcrypt_test(void* args)
- #endif
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
- long heap_baselineAllocs, heap_baselineBytes;
- #endif
- #ifdef TEST_ALWAYS_RUN_TO_END
- int last_failed_test_ret = 0;
- #endif
- STACK_SIZE_INIT();
- #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
- (void)wolfCrypt_heap_peakAllocs_checkpoint();
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
- (void)wolfCrypt_heap_peakBytes_checkpoint();
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
- #endif
- #ifdef WC_RNG_SEED_CB
- wc_SetSeed_Cb(wc_GenerateSeed);
- #endif
- printf("------------------------------------------------------------------------------\n");
- printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
- #ifdef WOLF_CRYPTO_CB
- if (devId != INVALID_DEVID)
- printf(" CryptoCB with DevID:%X\n", devId);
- #endif
- printf("------------------------------------------------------------------------------\n");
- if (args) {
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int ch;
- #endif
- ((func_args*)args)->return_code = -1; /* error state */
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
- switch(ch) {
- case 's':
- #ifdef HAVE_STACK_SIZE_VERBOSE
- max_relative_stack = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", WC_TEST_RET_ENC_NC);
- #endif
- case 'm':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
- #endif
- case 'a':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
- #endif
- case 'h':
- return err_sys("\
- options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
- [-a max_relative_heap_allocs] [-h]\n", 0);
- default:
- return err_sys("unknown test option. try -h.", WC_TEST_RET_ENC_NC);
- }
- }
- #endif
- }
- #ifdef WOLFSSL_STATIC_MEMORY
- if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
- WOLFMEM_GENERAL, 1) != 0) {
- printf("unable to load static memory.\n");
- return(EXIT_FAILURE);
- }
- #ifndef OPENSSL_EXTRA
- wolfSSL_SetGlobalHeapHint(HEAP_HINT);
- #endif
- #endif
- #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
- wolfSSL_Debugging_ON();
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- wc_SetLoggingHeap(HEAP_HINT);
- #endif
- #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
- wolfCrypt_SetCb_fips(myFipsCb);
- #if FIPS_VERSION3_GE(6,0,0)
- printf("FIPS module version in use: %s\n",
- wolfCrypt_GetVersion_fips());
- #endif
- #endif
- #if !defined(NO_BIG_INT)
- if (CheckCtcSettings() != 1) {
- printf("Sizeof mismatch (build) %x != (run) %lx\n",
- CTC_SETTINGS, (unsigned long)CheckRunTimeSettings());
- return err_sys("Build vs runtime math mismatch\n", WC_TEST_RET_ENC_NC);
- }
- #if defined(USE_FAST_MATH) && \
- (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
- if (CheckFastMathSettings() != 1)
- return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
- WC_TEST_RET_ENC_NC);
- #endif /* USE_FAST_MATH */
- #endif /* !NO_BIG_INT */
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- initDefaultName();
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- ret = wolfAsync_DevOpen(&devId);
- if (ret < 0) {
- printf("Async device open failed\nRunning without async\n");
- }
- #else
- (void)devId;
- #endif /* WOLFSSL_ASYNC_CRYPT */
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- devId = wc_CryptoCb_InitIntelQa();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Intel QA\n");
- }
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- devId = wc_CryptoCb_InitOcteon();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Cavium Octeon\n");
- }
- #endif
- #ifdef HAVE_RENESAS_SYNC
- devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo);
- if (devId == INVALID_DEVID) {
- printf("Couldn't get the Renesas device ID\n");
- }
- #endif
- #endif
- #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
- !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- if (devId == INVALID_DEVID) {
- /* for testing RNG with crypto callback register function */
- devId = 100; /* any value beside -2 (INVALID_DEVID) */
- wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL);
- }
- #endif
- #ifdef HAVE_SELFTEST
- if ( (ret = wolfCrypt_SelfTest()) != 0)
- TEST_FAIL("CAVP selftest failed!\n", ret);
- else
- TEST_PASS("CAVP selftest passed!\n");
- #endif
- if ( (ret = error_test()) != 0)
- TEST_FAIL("error test failed!\n", ret);
- else
- TEST_PASS("error test passed!\n");
- if ( (ret = memory_test()) != 0)
- TEST_FAIL("MEMORY test failed!\n", ret);
- else
- TEST_PASS("MEMORY test passed!\n");
- #ifndef NO_CODING
- if ( (ret = base64_test()) != 0)
- TEST_FAIL("base64 test failed!\n", ret);
- else
- TEST_PASS("base64 test passed!\n");
- #ifdef WOLFSSL_BASE16
- if ( (ret = base16_test()) != 0)
- TEST_FAIL("base16 test failed!\n", ret);
- else
- TEST_PASS("base16 test passed!\n");
- #endif
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- if ( (ret = asn_test()) != 0)
- TEST_FAIL("asn test failed!\n", ret);
- else
- TEST_PASS("asn test passed!\n");
- #endif
- #ifndef WC_NO_RNG
- if ( (ret = random_test()) != 0)
- TEST_FAIL("RANDOM test failed!\n", ret);
- else
- TEST_PASS("RANDOM test passed!\n");
- #endif /* WC_NO_RNG */
- #ifndef NO_MD5
- if ( (ret = md5_test()) != 0)
- TEST_FAIL("MD5 test failed!\n", ret);
- else
- TEST_PASS("MD5 test passed!\n");
- #endif
- #ifdef WOLFSSL_MD2
- if ( (ret = md2_test()) != 0)
- TEST_FAIL("MD2 test failed!\n", ret);
- else
- TEST_PASS("MD2 test passed!\n");
- #endif
- #ifndef NO_MD4
- if ( (ret = md4_test()) != 0)
- TEST_FAIL("MD4 test failed!\n", ret);
- else
- TEST_PASS("MD4 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = sha_test()) != 0)
- TEST_FAIL("SHA test failed!\n", ret);
- else
- TEST_PASS("SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = sha224_test()) != 0)
- TEST_FAIL("SHA-224 test failed!\n", ret);
- else
- TEST_PASS("SHA-224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = sha256_test()) != 0)
- TEST_FAIL("SHA-256 test failed!\n", ret);
- else
- TEST_PASS("SHA-256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = sha384_test()) != 0)
- TEST_FAIL("SHA-384 test failed!\n", ret);
- else
- TEST_PASS("SHA-384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ((ret = sha512_test()) != 0) {
- TEST_FAIL("SHA-512 test failed!\n", ret);
- }
- else {
- TEST_PASS("SHA-512 test passed!\n");
- }
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- if ((ret = sha512_224_test()) != 0) {
- TEST_FAIL("SHA-512/224 test failed!\n", ret);
- }
- else
- TEST_PASS("SHA-512/224 test passed!\n");
- #endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- if ((ret = sha512_256_test()) != 0) {
- TEST_FAIL("SHA-512/256 test failed!\n", ret);
- }
- else
- TEST_PASS("SHA-512/256 test passed!\n");
- #endif /* !defined(WOLFSSL_NOSHA512_256) & !FIPS ... */
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA3
- if ( (ret = sha3_test()) != 0)
- TEST_FAIL("SHA-3 test failed!\n", ret);
- else
- TEST_PASS("SHA-3 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHAKE128
- if ( (ret = shake128_test()) != 0)
- TEST_FAIL("SHAKE128 test failed!\n", ret);
- else
- TEST_PASS("SHAKE128 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHAKE256
- if ( (ret = shake256_test()) != 0)
- TEST_FAIL("SHAKE256 test failed!\n", ret);
- else
- TEST_PASS("SHAKE256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SM3
- if ( (ret = sm3_test()) != 0)
- return err_sys("SM-3 test failed!\n", ret);
- else
- TEST_PASS("SM-3 test passed!\n");
- #endif
- #ifndef NO_HASH_WRAPPER
- if ( (ret = hash_test()) != 0)
- TEST_FAIL("Hash test failed!\n", ret);
- else
- TEST_PASS("Hash test passed!\n");
- #endif
- #ifdef WOLFSSL_RIPEMD
- if ( (ret = ripemd_test()) != 0)
- TEST_FAIL("RIPEMD test failed!\n", ret);
- else
- TEST_PASS("RIPEMD test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2
- if ( (ret = blake2b_test()) != 0)
- TEST_FAIL("BLAKE2b test failed!\n", ret);
- else
- TEST_PASS("BLAKE2b test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2S
- if ( (ret = blake2s_test()) != 0)
- TEST_FAIL("BLAKE2s test failed!\n", ret);
- else
- TEST_PASS("BLAKE2s test passed!\n");
- #endif
- #ifndef NO_HMAC
- #if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \
- && (HAVE_FIPS_VERSION >= 5))
- if ( (ret = hmac_md5_test()) != 0)
- TEST_FAIL("HMAC-MD5 test failed!\n", ret);
- else
- TEST_PASS("HMAC-MD5 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = hmac_sha_test()) != 0)
- TEST_FAIL("HMAC-SHA test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = hmac_sha224_test()) != 0)
- TEST_FAIL("HMAC-SHA224 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = hmac_sha256_test()) != 0)
- TEST_FAIL("HMAC-SHA256 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = hmac_sha384_test()) != 0)
- TEST_FAIL("HMAC-SHA384 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = hmac_sha512_test()) != 0)
- TEST_FAIL("HMAC-SHA512 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA512 test passed!\n");
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- if ( (ret = hmac_sha3_test()) != 0)
- TEST_FAIL("HMAC-SHA3 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA3 test passed!\n");
- #endif
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = hkdf_test()) != 0)
- TEST_FAIL("HMAC-KDF test failed!\n", ret);
- else
- TEST_PASS("HMAC-KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #endif /* !NO_HMAC */
- #ifdef WOLFSSL_WOLFSSH
- PRIVATE_KEY_UNLOCK();
- if ( (ret = sshkdf_test()) != 0)
- TEST_FAIL("SSH-KDF test failed!\n", ret);
- else
- TEST_PASS("SSH-KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_WOLFSSH */
- #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = prf_test()) != 0)
- TEST_FAIL("PRF test failed!\n", ret);
- else
- TEST_PASS("PRF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef WOLFSSL_HAVE_PRF
- #if defined (HAVE_HKDF) && !defined(NO_HMAC)
- #ifdef WOLFSSL_BASE16
- PRIVATE_KEY_UNLOCK();
- if ( (ret = tls12_kdf_test()) != 0)
- TEST_FAIL("TLSv1.2 KDF test failed!\n", ret);
- else
- TEST_PASS("TLSv1.2 KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_BASE16 */
- #endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
- #endif /* WOLFSSL_HAVE_PRF */
- #ifdef WOLFSSL_TLS13
- PRIVATE_KEY_UNLOCK();
- if ( (ret = tls13_kdf_test()) != 0)
- TEST_FAIL("TLSv1.3 KDF test failed!\n", ret);
- else
- TEST_PASS("TLSv1.3 KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_TLS13 */
- #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
- if ( (ret = x963kdf_test()) != 0)
- TEST_FAIL("X963-KDF test failed!\n", ret);
- else
- TEST_PASS("X963-KDF test passed!\n");
- #endif
- #if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
- if ( (ret = hpke_test()) != 0)
- TEST_FAIL("HPKE test failed!\n", ret);
- else
- TEST_PASS("HPKE test passed!\n");
- #endif
- #if defined(WC_SRTP_KDF)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = srtpkdf_test()) != 0)
- TEST_FAIL("SRTP KDF test failed!\n", ret);
- else
- TEST_PASS("SRTP KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WC_KDF_NIST_SP_800_56C)
- if ( (ret = nist_sp80056c_kdf_test()) != 0)
- TEST_FAIL("NIST SP 800-56C KDF test failed!\n", ret);
- else
- TEST_PASS("NIST SP 800-56C KDF test passed!\n");
- #endif
- #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
- !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
- if ( (ret = gmac_test()) != 0)
- TEST_FAIL("GMAC test failed!\n", ret);
- else
- TEST_PASS("GMAC test passed!\n");
- #endif
- #ifdef WC_RC2
- if ( (ret = rc2_test()) != 0)
- TEST_FAIL("RC2 test failed!\n", ret);
- else
- TEST_PASS("RC2 test passed!\n");
- #endif
- #ifndef NO_RC4
- if ( (ret = arc4_test()) != 0)
- TEST_FAIL("ARC4 test failed!\n", ret);
- else
- TEST_PASS("ARC4 test passed!\n");
- #endif
- #ifdef HAVE_CHACHA
- if ( (ret = chacha_test()) != 0)
- TEST_FAIL("Chacha test failed!\n", ret);
- else
- TEST_PASS("Chacha test passed!\n");
- #endif
- #ifdef HAVE_XCHACHA
- if ( (ret = XChaCha_test()) != 0)
- TEST_FAIL("XChacha test failed!\n", ret);
- else
- TEST_PASS("XChacha test passed!\n");
- #endif
- #ifdef HAVE_POLY1305
- if ( (ret = poly1305_test()) != 0)
- TEST_FAIL("POLY1305 test failed!\n", ret);
- else
- TEST_PASS("POLY1305 test passed!\n");
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- if ( (ret = chacha20_poly1305_aead_test()) != 0)
- TEST_FAIL("ChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- if ( (ret = XChaCha20Poly1305_test()) != 0)
- TEST_FAIL("XChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- TEST_PASS("XChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des_test()) != 0)
- TEST_FAIL("DES test failed!\n", ret);
- else
- TEST_PASS("DES test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des3_test()) != 0)
- TEST_FAIL("DES3 test failed!\n", ret);
- else
- TEST_PASS("DES3 test passed!\n");
- #endif
- #ifndef NO_AES
- if ( (ret = aes_test()) != 0)
- TEST_FAIL("AES test failed!\n", ret);
- else
- TEST_PASS("AES test passed!\n");
- #if defined(WOLFSSL_AES_192) && \
- !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
- if ( (ret = aes192_test()) != 0)
- TEST_FAIL("AES192 test failed!\n", ret);
- else
- TEST_PASS("AES192 test passed!\n");
- #endif
- #if defined(WOLFSSL_AES_256)
- if ( (ret = aes256_test()) != 0)
- TEST_FAIL("AES256 test failed!\n", ret);
- else
- TEST_PASS("AES256 test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_OFB
- if ( (ret = aesofb_test()) != 0)
- TEST_FAIL("AES-OFB test failed!\n", ret);
- else
- TEST_PASS("AES-OFB test passed!\n");
- #endif
- #ifdef HAVE_AESGCM
- #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
- if ( (ret = aesgcm_test()) != 0)
- TEST_FAIL("AES-GCM test failed!\n", ret);
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
- !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- if ((ret = aesgcm_default_test()) != 0) {
- TEST_FAIL("AES-GCM test failed!\n", ret);
- }
- #endif
- if (ret == 0) {
- TEST_PASS("AES-GCM test passed!\n");
- }
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if ( (ret = aesccm_test()) != 0)
- TEST_FAIL("AES-CCM test failed!\n", ret);
- else
- TEST_PASS("AES-CCM test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_CFB
- if ( (ret = aes_cfb_test()) != 0)
- TEST_FAIL("AES-CFB test failed!\n", ret);
- else
- TEST_PASS("AES-CFB test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_XTS
- if ( (ret = aes_xts_test()) != 0)
- TEST_FAIL("AES-XTS test failed!\n", ret);
- else
- TEST_PASS("AES-XTS test passed!\n");
- #endif
- #ifdef HAVE_AES_KEYWRAP
- if ( (ret = aeskeywrap_test()) != 0)
- TEST_FAIL("AES Key Wrap test failed!\n", ret);
- else
- TEST_PASS("AES Key Wrap test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_SIV
- if ( (ret = aes_siv_test()) != 0)
- TEST_FAIL("AES-SIV test failed!\n", ret);
- else
- TEST_PASS("AES-SIV test passed!\n");
- #endif
- #endif
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- if ( (ret = aes_eax_test()) != 0)
- TEST_FAIL("AES-EAX test failed!\n", ret);
- else
- TEST_PASS("AES-EAX test passed!\n");
- #endif /* WOLFSSL_AES_EAX */
- #ifdef HAVE_ARIA
- if ( (ret = ariagcm_test(MC_ALGID_ARIA_128BITKEY)) != 0)
- TEST_FAIL("ARIA128 test failed!\n", ret);
- else
- TEST_PASS("ARIA128 test passed!\n");
- if ( (ret = ariagcm_test(MC_ALGID_ARIA_192BITKEY)) != 0)
- TEST_FAIL("ARIA192 test failed!\n", ret);
- else
- TEST_PASS("ARIA192 test passed!\n");
- if ( (ret = ariagcm_test(MC_ALGID_ARIA_256BITKEY)) != 0)
- TEST_FAIL("ARIA256 test failed!\n", ret);
- else
- TEST_PASS("ARIA256 test passed!\n");
- #endif
- #ifdef HAVE_CAMELLIA
- if ( (ret = camellia_test()) != 0)
- TEST_FAIL("CAMELLIA test failed!\n", ret);
- else
- TEST_PASS("CAMELLIA test passed!\n");
- #endif
- #ifdef WOLFSSL_SM4
- if ( (ret = sm4_test()) != 0)
- return err_sys("SM-4 test failed!\n", ret);
- else
- TEST_PASS("SM-4 test passed!\n");
- #endif
- #if !defined(NO_RSA) && !defined(HAVE_RENESAS_SYNC)
- #ifdef WC_RSA_NO_PADDING
- if ( (ret = rsa_no_pad_test()) != 0)
- TEST_FAIL("RSA NOPAD test failed!\n", ret);
- else
- TEST_PASS("RSA NOPAD test passed!\n");
- #endif
- if ( (ret = rsa_test()) != 0)
- TEST_FAIL("RSA test failed!\n", ret);
- else
- TEST_PASS("RSA test passed!\n");
- #endif
- #ifndef NO_DH
- PRIVATE_KEY_UNLOCK();
- if ( (ret = dh_test()) != 0)
- TEST_FAIL("DH test failed!\n", ret);
- else
- TEST_PASS("DH test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifndef NO_DSA
- if ( (ret = dsa_test()) != 0)
- TEST_FAIL("DSA test failed!\n", ret);
- else
- TEST_PASS("DSA test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SRP
- if ( (ret = srp_test()) != 0)
- TEST_FAIL("SRP test failed!\n", ret);
- else
- TEST_PASS("SRP test passed!\n");
- #endif
- #ifndef NO_PWDBASED
- PRIVATE_KEY_UNLOCK();
- if ( (ret = pwdbased_test()) != 0)
- TEST_FAIL("PWDBASED test failed!\n", ret);
- else
- TEST_PASS("PWDBASED test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(USE_CERT_BUFFERS_2048) && \
- defined(HAVE_PKCS12) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
- !defined(NO_CERTS) && !defined(NO_DES3)
- if ( (ret = pkcs12_test()) != 0)
- TEST_FAIL("PKCS12 test failed!\n", ret);
- else
- TEST_PASS("PKCS12 test passed!\n");
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- if ( (ret = openssl_test()) != 0)
- TEST_FAIL("OPENSSL test failed!\n", ret);
- else
- TEST_PASS("OPENSSL test passed!\n");
- if ( (ret = openSSL_evpMD_test()) != 0)
- TEST_FAIL("OPENSSL (EVP MD) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (EVP MD) passed!\n");
- if ( (ret = openssl_pkey0_test()) != 0)
- TEST_FAIL("OPENSSL (PKEY0) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (PKEY0) passed!\n");
- if ( (ret = openssl_pkey1_test()) != 0)
- TEST_FAIL("OPENSSL (PKEY1) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (PKEY1) passed!\n");
- #if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- if ( (ret = openssl_evpSig_test()) != 0)
- TEST_FAIL("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (EVP Sign/Verify) passed!\n");
- #endif
- #endif
- #if defined(HAVE_ECC)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = ecc_test()) != 0)
- TEST_FAIL("ECC test failed!\n", ret);
- else
- TEST_PASS("ECC test passed!\n");
- PRIVATE_KEY_LOCK();
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- if ( (ret = ecc_encrypt_test()) != 0)
- TEST_FAIL("ECC Enc test failed!\n", ret);
- else
- TEST_PASS("ECC Enc test passed!\n");
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- /* skip for ATECC508/608A, cannot import private key buffers */
- if ( (ret = ecc_test_buffers()) != 0)
- TEST_FAIL("ECC buffer test failed!\n", ret);
- else
- TEST_PASS("ECC buffer test passed!\n");
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- if ( (ret = cert_test()) != 0)
- TEST_FAIL("CERT test failed!\n", ret);
- else
- TEST_PASS("CERT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
- if ( (ret = certext_test()) != 0)
- TEST_FAIL("CERT EXT test failed!\n", ret);
- else
- TEST_PASS("CERT EXT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- if ( (ret = decodedCertCache_test()) != 0)
- TEST_FAIL("DECODED CERT CACHE test failed!\n", ret);
- else
- TEST_PASS("DECODED CERT CACHE test passed!\n");
- #endif
- #ifdef HAVE_CURVE25519
- if ( (ret = curve25519_test()) != 0)
- TEST_FAIL("CURVE25519 test failed!\n", ret);
- else
- TEST_PASS("CURVE25519 test passed!\n");
- #endif
- #ifdef HAVE_ED25519
- PRIVATE_KEY_UNLOCK();
- if ( (ret = ed25519_test()) != 0)
- TEST_FAIL("ED25519 test failed!\n", ret);
- else
- TEST_PASS("ED25519 test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef HAVE_CURVE448
- if ( (ret = curve448_test()) != 0)
- TEST_FAIL("CURVE448 test failed!\n", ret);
- else
- TEST_PASS("CURVE448 test passed!\n");
- #endif
- #ifdef HAVE_ED448
- PRIVATE_KEY_UNLOCK();
- if ( (ret = ed448_test()) != 0)
- TEST_FAIL("ED448 test failed!\n", ret);
- else
- TEST_PASS("ED448 test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef WOLFSSL_HAVE_KYBER
- if ( (ret = kyber_test()) != 0)
- TEST_FAIL("KYBER test failed!\n", ret);
- else
- TEST_PASS("KYBER test passed!\n");
- #endif
- #if defined(WOLFSSL_HAVE_XMSS)
- #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
- if ( (ret = xmss_test_verify_only()) != 0)
- TEST_FAIL("XMSS Vfy test failed!\n", ret);
- else
- TEST_PASS("XMSS Vfy test passed!\n");
- #endif
- #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
- if ( (ret = xmss_test()) != 0)
- TEST_FAIL("XMSS test failed!\n", ret);
- else
- TEST_PASS("XMSS test passed!\n");
- #endif
- #endif /* if defined(WOLFSSL_HAVE_XMSS) */
- #if defined(WOLFSSL_HAVE_LMS)
- #if !defined(WOLFSSL_SMALL_STACK)
- #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
- defined(HAVE_LIBLMS)
- if ( (ret = lms_test_verify_only()) != 0)
- TEST_FAIL("LMS Vfy test failed!\n", ret);
- else
- TEST_PASS("LMS Vfy test passed!\n");
- #endif
- #endif
- #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
- if ( (ret = lms_test()) != 0)
- TEST_FAIL("LMS test failed!\n", ret);
- else
- TEST_PASS("LMS test passed!\n");
- #endif
- #endif /* if defined(WOLFSSL_HAVE_LMS) */
- #ifdef WOLFCRYPT_HAVE_ECCSI
- if ( (ret = eccsi_test()) != 0)
- TEST_FAIL("ECCSI test failed!\n", ret);
- else
- TEST_PASS("ECCSI test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- if ( (ret = sakke_test()) != 0)
- TEST_FAIL("SAKKE test failed!\n", ret);
- else
- TEST_PASS("SAKKE test passed!\n");
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if ( (ret = cmac_test()) != 0)
- TEST_FAIL("CMAC test failed!\n", ret);
- else
- TEST_PASS("CMAC test passed!\n");
- #endif
- #if defined(WOLFSSL_SIPHASH)
- if ( (ret = siphash_test()) != 0)
- TEST_FAIL("SipHash test failed!\n", ret);
- else
- TEST_PASS("SipHash test passed!\n");
- #endif
- #ifdef HAVE_LIBZ
- if ( (ret = compress_test()) != 0)
- TEST_FAIL("COMPRESS test failed!\n", ret);
- else
- TEST_PASS("COMPRESS test passed!\n");
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- if ( (ret = pkcs7encrypted_test()) != 0)
- TEST_FAIL("PKCS7encrypted test failed!\n", ret);
- else
- TEST_PASS("PKCS7encrypted test passed!\n");
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- if ( (ret = pkcs7compressed_test()) != 0)
- TEST_FAIL("PKCS7compressed test failed!\n", ret);
- else
- TEST_PASS("PKCS7compressed test passed!\n");
- #endif
- if ( (ret = pkcs7signed_test()) != 0)
- TEST_FAIL("PKCS7signed test failed!\n", ret);
- else
- TEST_PASS("PKCS7signed test passed!\n");
- if ( (ret = pkcs7enveloped_test()) != 0)
- TEST_FAIL("PKCS7enveloped test failed!\n", ret);
- else
- TEST_PASS("PKCS7enveloped test passed!\n");
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- if ( (ret = pkcs7authenveloped_test()) != 0)
- TEST_FAIL("PKCS7authenveloped test failed!\n", ret);
- else
- TEST_PASS("PKCS7authenveloped test passed!\n");
- #endif
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && \
- ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(USE_FAST_MATH))
- if ( (ret = mp_test()) != 0)
- TEST_FAIL("mp test failed!\n", ret);
- else
- TEST_PASS("mp test passed!\n");
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- if ( (ret = prime_test()) != 0)
- TEST_FAIL("prime test failed!\n", ret);
- else
- TEST_PASS("prime test passed!\n");
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- if ( (ret = berder_test()) != 0)
- TEST_FAIL("ber-der test failed!\n", ret);
- else
- TEST_PASS("ber-der test passed!\n");
- #endif
- if ( (ret = logging_test()) != 0)
- TEST_FAIL("logging test failed!\n", ret);
- else
- TEST_PASS("logging test passed!\n");
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- if ( (ret = time_test()) != 0)
- TEST_FAIL("time test failed!\n", ret);
- else
- TEST_PASS("time test passed!\n");
- #endif
- #if defined(__INCLUDE_NUTTX_CONFIG_H)
- if ((ret = wolfcrypt_mutex_test()) != 0)
- #else
- if ((ret = mutex_test()) != 0)
- #endif
- TEST_FAIL("mutex test failed!\n", ret);
- else
- TEST_PASS("mutex test passed!\n");
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- if ( (ret = memcb_test()) != 0)
- TEST_FAIL("memcb test failed!\n", ret);
- else
- TEST_PASS("memcb test passed!\n");
- #endif
- #ifdef WOLFSSL_CAAM_BLOB
- if ( (ret = blob_test()) != 0)
- TEST_FAIL("blob test failed!\n", ret);
- else
- TEST_PASS("blob test passed!\n");
- #endif
- #if defined(WOLF_CRYPTO_CB) && \
- !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
- defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC))
- if ( (ret = cryptocb_test()) != 0)
- TEST_FAIL("crypto callback test failed!\n", ret);
- else
- TEST_PASS("crypto callback test passed!\n");
- #endif
- #ifdef WOLFSSL_CERT_PIV
- if ( (ret = certpiv_test()) != 0)
- TEST_FAIL("cert piv test failed!\n", ret);
- else
- TEST_PASS("cert piv test passed!\n");
- #endif
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- wc_CryptoCb_CleanupIntelQa(&devId);
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- wc_CryptoCb_CleanupOcteon(&devId);
- #endif
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- wolfAsync_DevClose(&devId);
- #endif
- /* cleanup the thread if fixed point cache is enabled and have thread local */
- #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
- wc_ecc_fp_free();
- #endif
- #ifdef TEST_ALWAYS_RUN_TO_END
- if (last_failed_test_ret != 0)
- ret = last_failed_test_ret;
- #endif
- if (args)
- ((func_args*)args)->return_code = ret;
- /* If hardware acceleration and respective metrics tracked, show results: */
- #ifdef WOLFSSL_HW_METRICS
- #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
- esp_hw_show_mp_metrics();
- #endif
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) && !defined(OPENSSL_EXTRA)
- wolfSSL_SetGlobalHeapHint(NULL);
- #endif
- TEST_PASS("Test complete\n");
- EXIT_TEST(ret);
- } /* end of wolfcrypt_test() */
- #ifndef NO_MAIN_DRIVER
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int myoptind = 0;
- char* myoptarg = NULL;
- #endif
- /* so overall tests can pull in test function */
- #if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE)
- wc_test_ret_t wolf_test_task(void)
- #else
- #ifndef NO_MAIN_FUNCTION
- int main(int argc, char** argv)
- {
- return (int)wolfcrypt_test_main(argc, argv);
- }
- #endif
- wc_test_ret_t wolfcrypt_test_main(int argc, char** argv)
- #endif
- {
- wc_test_ret_t ret;
- func_args args = { 0, 0, 0 };
- #if defined(WOLFSSL_ESPIDF) || defined(WOLFSSL_SE050)
- /* set dummy wallclock time. */
- struct timeval utctime;
- struct timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- settimeofday(&utctime, &tz);
- #endif
- #ifdef WOLFSSL_APACHE_MYNEWT
- #ifdef ARCH_sim
- mcu_sim_parse_args(argc, argv);
- #endif
- sysinit();
- /* set dummy wallclock time. */
- struct os_timeval utctime;
- struct os_timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- os_settimeofday(&utctime, &tz);
- #endif
- #ifdef WOLFSSL_ZEPHYR
- /* set dummy wallclock time. */
- struct timespec utctime;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_nsec = 0;
- clock_settime(CLOCK_REALTIME, &utctime);
- #endif
- #ifdef DEVKITPRO
- void *framebuffer;
- GXRModeObj *rmode = NULL;
- VIDEO_Init();
- WPAD_Init();
- rmode = VIDEO_GetPreferredMode(NULL);
- #pragma GCC diagnostic ignored "-Wbad-function-cast"
- framebuffer = MEM_K0_TO_K1(SYS_AllocateFramebuffer(rmode));
- #pragma GCC diagnostic pop
- console_init(framebuffer,20,20,rmode->fbWidth,rmode->xfbHeight,rmode->fbWidth*VI_DISPLAY_PIX_SZ);
- VIDEO_Configure(rmode);
- VIDEO_SetNextFramebuffer(framebuffer);
- VIDEO_SetBlack(FALSE);
- VIDEO_Flush();
- VIDEO_WaitVSync();
- if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
- #endif
- #ifdef HAVE_WNR
- if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) {
- err_sys("Whitewood netRandom global config failed",
- WC_TEST_RET_ENC_EC(ret));
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- #ifndef WOLFSSL_ESPIDF
- args.argc = argc;
- args.argv = argv;
- #endif
- if ((ret = wolfCrypt_Init()) != 0) {
- printf("wolfCrypt_Init failed %d\n", (int)ret);
- err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret));
- }
- #ifdef HAVE_WC_INTROSPECTION
- printf("Math: %s\n", wc_GetMathInfo());
- #endif
- #ifdef HAVE_STACK_SIZE
- StackSizeCheck(&args, wolfcrypt_test);
- #else
- wolfcrypt_test(&args);
- #endif
- if ((ret = wolfCrypt_Cleanup()) != 0) {
- printf("wolfCrypt_Cleanup failed %d\n", (int)ret);
- err_sys("Error with wolfCrypt_Cleanup!\n", WC_TEST_RET_ENC_EC(ret));
- }
- #ifdef HAVE_WNR
- if ((ret = wc_FreeNetRandom()) < 0)
- err_sys("Failed to free netRandom context",
- WC_TEST_RET_ENC_EC(ret));
- #endif /* HAVE_WNR */
- #ifdef DOLPHIN_EMULATOR
- /* Returning from main panics the emulator. Just hang
- * and let the user force quit the emulator window. */
- printf("args.return_code: %d\n", args.return_code);
- printf("Testing complete. You may close the window now\n");
- while (1);
- #endif
- #if defined(WOLFSSL_ESPIDF)
- /* ESP_LOGI to print takes up a lot less memory than printf */
- ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
- args.return_code);
- #else
- /* gate this for target platforms wishing to avoid printf reference */
- printf("Exiting main with return code: %ld\n", (long int)args.return_code);
- #endif
- return args.return_code;
- } /* wolfcrypt_test_main or wolf_test_task */
- #endif /* NO_MAIN_DRIVER */
- /* helper to save DER, convert to PEM and save PEM */
- #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
- (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- #define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, fD, fP, pT, WC_TEST_RET_LN)
- #else
- #define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, NULL, NULL, pT, WC_TEST_RET_LN)
- #endif
- static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
- const char* fileDer, const char* filePem, int pemType, int calling_line)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- wc_test_ret_t ret;
- XFILE derFile;
- derFile = XFOPEN(fileDer, "wb");
- if (!derFile) {
- return WC_TEST_RET_ENC(calling_line, 0, WC_TEST_RET_TAG_I);
- }
- ret = (int)XFWRITE(der, 1, (size_t)derSz, derFile);
- XFCLOSE(derFile);
- if (ret != derSz) {
- return WC_TEST_RET_ENC(calling_line, 1, WC_TEST_RET_TAG_I);
- }
- #endif
- #ifdef WOLFSSL_DER_TO_PEM
- if (filePem) {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- XFILE pemFile;
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- byte* pem;
- #else
- byte pem[1024];
- #endif
- int pemSz;
- /* calculate PEM size */
- pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, pemType);
- if (pemSz < 0) {
- return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I);
- }
- #ifndef WOLFSSL_NO_MALLOC
- pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I);
- }
- #else
- if (pemSz > (int)sizeof(pem))
- return BAD_FUNC_ARG;
- #endif
- /* Convert to PEM */
- pemSz = wc_DerToPem(der, (word32)derSz, pem, pemSz, pemType);
- if (pemSz < 0) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- pemFile = XFOPEN(filePem, "wb");
- if (!pemFile) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
- }
- ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
- XFCLOSE(pemFile);
- if (ret != pemSz) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
- }
- #endif
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* WOLFSSL_DER_TO_PEM */
- /* suppress unused variable warnings */
- (void)der;
- (void)derSz;
- (void)filePem;
- (void)fileDer;
- (void)pemType;
- (void)calling_line;
- return 0;
- }
- #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
- {
- const char* errStr;
- char out[WOLFSSL_MAX_ERROR_SZ];
- const char* unknownStr = wc_GetErrorString(0);
- #ifdef NO_ERROR_STRINGS
- /* Ensure a valid error code's string matches an invalid code's.
- * The string is that error strings are not available.
- */
- WOLFSSL_ENTER("error_test NO_ERROR_STRINGS");
- errStr = wc_GetErrorString(OPEN_RAN_E);
- wc_ErrorString(OPEN_RAN_E, out);
- if (XSTRCMP(errStr, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XSTRCMP(out, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- #else
- int i;
- int j = 0;
- /* Values that are not or no longer error codes. */
- int missing[] = { -124, -166, -167, -168, -169, 0 };
- /* Check that all errors have a string and it's the same through the two
- * APIs. Check that the values that are not errors map to the unknown
- * string.
- */
- for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (i != missing[j]) {
- if (XSTRCMP(errStr, unknownStr) == 0) {
- WOLFSSL_MSG("errStr unknown");
- return WC_TEST_RET_ENC_NC;
- }
- if (XSTRCMP(out, unknownStr) == 0) {
- WOLFSSL_MSG("out unknown");
- return WC_TEST_RET_ENC_NC;
- }
- if (XSTRCMP(errStr, out) != 0) {
- WOLFSSL_MSG("errStr does not match output");
- return WC_TEST_RET_ENC_NC;
- }
- if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) {
- WOLFSSL_MSG("errStr too long");
- return WC_TEST_RET_ENC_NC;
- }
- }
- else {
- j++;
- if (XSTRCMP(errStr, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XSTRCMP(out, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- }
- /* Check if the next possible value has been given a string. */
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (XSTRCMP(errStr, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XSTRCMP(out, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- return 0;
- }
- #ifndef NO_CODING
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
- WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
- WOLFSSL_SMALL_STACK_STATIC const byte good_spaces[] = " A + G d \0";
- byte out[128];
- word32 outLen;
- #ifdef WOLFSSL_BASE64_ENCODE
- byte data[3];
- word32 dataLen;
- byte longData[79] = { 0 };
- WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA!Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd!AA";
- WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
- WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
- byte goodChar[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789+/;";
- byte charTest[] = "A+Gd\0\0\0";
- int i;
- WOLFSSL_ENTER("base64_test");
- /* Good Base64 encodings. */
- outLen = sizeof(out);
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(goodChar);
- ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (outLen != 64 / 4 * 3)
- return WC_TEST_RET_ENC_NC;
- outLen = sizeof(out);
- ret = Base64_Decode(good_spaces, sizeof(good_spaces), out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Bad parameters. */
- outLen = 1;
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Bad character at each offset 0-3. */
- for (i = 0; i < 4; i++) {
- outLen = sizeof(out);
- ret = Base64_Decode(badSmall + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- ret = Base64_Decode(badLarge + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- /* Invalid character less than 0x2b */
- for (i = 1; i < 0x2b; i++) {
- outLen = sizeof(out);
- charTest[0] = (byte)i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- /* Bad characters in range 0x2b - 0x7a. */
- for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
- outLen = sizeof(out);
- charTest[0] = badChar[i];
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- /* Invalid character greater than 0x7a */
- for (i = 0x7b; i < 0x100; i++) {
- outLen = sizeof(out);
- charTest[0] = (byte)i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- #ifdef WOLFSSL_BASE64_ENCODE
- /* Decode and encode all symbols - non-alphanumeric. */
- dataLen = sizeof(data);
- ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = 7;
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Data that results in an encoding longer than one line. */
- outLen = sizeof(out);
- dataLen = sizeof(longData);
- ret = Base64_Encode(longData, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
- WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
- byte encoded[40];
- word32 encodedLen;
- byte plain[40];
- word32 len;
- WOLFSSL_ENTER("base16_test");
- /* length returned includes null termination */
- encodedLen = sizeof(encoded);
- ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- len = (word32)XSTRLEN((char*)encoded);
- if (len != encodedLen - 1)
- return WC_TEST_RET_ENC_NC;
- len = sizeof(plain);
- ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
- return WC_TEST_RET_ENC_NC;
- if (encodedLen != sizeof(encodedTestData) ||
- XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif /* WOLFSSL_BASE16 */
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
- {
- wc_test_ret_t ret;
- /* ASN1 encoded date buffer */
- WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {
- 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
- 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a
- };
- byte format;
- int length;
- const byte* datePart;
- #ifndef NO_ASN_TIME
- struct tm timearg;
- time_t now;
- #endif
- WOLFSSL_ENTER("asn_test");
- ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
- &length);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_ASN_TIME
- /* Parameter Validation tests. */
- if ((ret = wc_GetTime(NULL, sizeof(now))) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- if ((ret = wc_GetTime(&now, 0)) != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- now = 0;
- if ((ret = wc_GetTime(&now, sizeof(now))) != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (now == 0) {
- printf("RTC/Time not set!\n");
- return WC_TEST_RET_ENC_NC;
- }
- ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* !NO_ASN_TIME */
- return 0;
- }
- #endif /* !NO_ASN */
- #ifdef WOLFSSL_MD2
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
- {
- wc_test_ret_t ret = 0;
- Md2 md2;
- byte hash[MD2_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md2[7];
- int times = sizeof(test_md2) / sizeof(testVector), i;
- WOLFSSL_ENTER("md2_test");
- a.input = "";
- a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
- "\x27\x73";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD2_DIGEST_SIZE;
- b.input = "a";
- b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
- "\xb5\xd1";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD2_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
- "\xd6\xbb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD2_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
- "\x06\xb0";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD2_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
- "\x94\x0b";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD2_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
- "\x38\xcd";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD2_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
- "\xef\xd8";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD2_DIGEST_SIZE;
- test_md2[0] = a;
- test_md2[1] = b;
- test_md2[2] = c;
- test_md2[3] = d;
- test_md2[4] = e;
- test_md2[5] = f;
- test_md2[6] = g;
- wc_InitMd2(&md2);
- for (i = 0; i < times; ++i) {
- wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
- wc_Md2Final(&md2, hash);
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md2Hash((byte*)test_md2[i].input, (word32)test_md2[i].inLen, hash);
- if (ret != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- return 0;
- }
- #endif
- #ifndef NO_MD5
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void)
- {
- wc_test_ret_t ret = 0;
- wc_Md5 md5, md5Copy;
- byte hash[WC_MD5_DIGEST_SIZE];
- byte hashcopy[WC_MD5_DIGEST_SIZE];
- testVector a, b, c, d, e, f;
- testVector test_md5[6];
- int times = sizeof(test_md5) / sizeof(testVector), i;
- WOLFSSL_ENTER("md5_test");
- a.input = "";
- a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
- "\x7e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
- "\x72";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "message digest";
- c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
- "\xd0";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- d.input = "abcdefghijklmnopqrstuvwxyz";
- d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
- "\x3b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_MD5_DIGEST_SIZE;
- e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
- "\x9f";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_MD5_DIGEST_SIZE;
- f.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_MD5_DIGEST_SIZE;
- test_md5[0] = a;
- test_md5[1] = b;
- test_md5[2] = c;
- test_md5[3] = d;
- test_md5[4] = e;
- test_md5[5] = f;
- ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Md5Free(&md5);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
- (word32)test_md5[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Md5GetHash(&md5, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Md5Copy(&md5, &md5Copy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Md5Free(&md5Copy);
- if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Md5SizeSet(&md5, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Md5Free(&md5);
- wc_Md5Free(&md5Copy);
- return ret;
- }
- #endif /* NO_MD5 */
- #ifndef NO_MD4
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
- {
- Md4 md4;
- byte hash[MD4_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md4[7];
- int times = sizeof(test_md4) / sizeof(testVector), i;
- WOLFSSL_ENTER("md4_test");
- a.input = "";
- a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
- "\xc0";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD4_DIGEST_SIZE;
- b.input = "a";
- b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
- "\x24";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD4_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
- "\x9d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD4_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
- "\x4b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD4_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
- "\xa9";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD4_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
- "\xe4";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD4_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
- "\x36";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD4_DIGEST_SIZE;
- test_md4[0] = a;
- test_md4[1] = b;
- test_md4[2] = c;
- test_md4[3] = d;
- test_md4[4] = e;
- test_md4[5] = f;
- test_md4[6] = g;
- wc_InitMd4(&md4);
- for (i = 0; i < times; ++i) {
- wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
- wc_Md4Final(&md4, hash);
- if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif /* NO_MD4 */
- #ifndef NO_SHA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
- {
- wc_test_ret_t ret = 0;
- wc_Sha sha, shaCopy;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte hashcopy[WC_SHA_DIGEST_SIZE];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha_test");
- a.input = "";
- a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
- "\x90\xaf\xd8\x07\x09";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
- "\x6C\x9C\xD0\xD8\x9D";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
- "\xE5\xE5\x46\x70\xF1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa";
- d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
- "\x2A\x25\xEC\x64\x4D";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA_DIGEST_SIZE;
- e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_ShaFree(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_ShaGetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_ShaCopy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_ShaFree(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
- defined(HASH_SIZE_LIMIT)
- const char* large_digest =
- "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
- "\x15\x8c\x6d\xb6";
- #else
- const char* large_digest =
- "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
- "\xc5\xd9\x0a\xac";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
- defined(HASH_SIZE_LIMIT)
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_ShaSizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_ShaFree(&sha);
- wc_ShaFree(&shaCopy);
- return ret;
- }
- #endif /* NO_SHA */
- #ifdef WOLFSSL_RIPEMD
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void)
- {
- RipeMd ripemd;
- wc_test_ret_t ret;
- byte hash[RIPEMD_DIGEST_SIZE];
- testVector a, b, c, d;
- testVector test_ripemd[4];
- int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("ripemd_test");
- a.input = "abc";
- a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
- "\xb0\x87\xf1\x5a\x0b\xfc";
- a.inLen = XSTRLEN(a.input);
- a.outLen = RIPEMD_DIGEST_SIZE;
- b.input = "message digest";
- b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
- "\x5f\xfa\x21\x59\x5f\x36";
- b.inLen = XSTRLEN(b.input);
- b.outLen = RIPEMD_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
- "\xf4\x9a\xda\x62\xeb\x2b";
- c.inLen = XSTRLEN(c.input);
- c.outLen = RIPEMD_DIGEST_SIZE;
- d.input = "12345678901234567890123456789012345678901234567890123456"
- "789012345678901234567890";
- d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
- "\x82\xbf\x63\x32\x6b\xfb";
- d.inLen = XSTRLEN(d.input);
- d.outLen = RIPEMD_DIGEST_SIZE;
- test_ripemd[0] = a;
- test_ripemd[1] = b;
- test_ripemd[2] = c;
- test_ripemd[3] = d;
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
- (word32)test_ripemd[i].inLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- ret = wc_RipeMdFinal(&ripemd, hash);
- if (ret != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif /* WOLFSSL_RIPEMD */
- #ifdef HAVE_BLAKE2
- #define BLAKE2B_TESTS 3
- static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
- {
- {
- 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
- 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
- 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
- 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
- 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
- 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
- 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
- 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
- },
- {
- 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
- 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
- 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
- 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
- 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
- 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
- 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
- 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
- },
- {
- 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
- 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
- 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
- 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
- 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
- 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
- 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
- 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
- }
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void)
- {
- Blake2b b2b;
- byte digest[64];
- byte input[64];
- int i, ret;
- WOLFSSL_ENTER("blake2b_test");
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2B_TESTS; i++) {
- ret = wc_InitBlake2b(&b2b, 64);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2bUpdate(&b2b, input, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2bFinal(&b2b, digest, 64);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2 */
- #ifdef HAVE_BLAKE2S
- #define BLAKE2S_TESTS 3
- static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
- {
- {
- 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
- 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
- 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
- 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
- },
- {
- 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
- 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
- 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
- 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
- },
- {
- 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
- 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
- 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
- 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
- }
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void)
- {
- Blake2s b2s;
- byte digest[32];
- byte input[64];
- int i, ret;
- WOLFSSL_ENTER("blake2s_test");
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2S_TESTS; i++) {
- ret = wc_InitBlake2s(&b2s, 32);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2sUpdate(&b2s, input, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2sFinal(&b2s, digest, 32);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2S */
- #ifdef WOLFSSL_SHA224
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
- {
- wc_Sha224 sha, shaCopy;
- byte hash[WC_SHA224_DIGEST_SIZE];
- byte hashcopy[WC_SHA224_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha224_test");
- a.input = "";
- a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
- "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
- "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
- "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha224Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha224GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha224Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha224Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- exit:
- wc_Sha224Free(&sha);
- wc_Sha224Free(&shaCopy);
- return ret;
- }
- #endif
- #ifndef NO_SHA256
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
- {
- wc_Sha256 sha, shaCopy;
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashcopy[WC_SHA256_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c, d;
- testVector test_sha[4];
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- byte i_hash[WC_SHA256_DIGEST_SIZE];
- byte i_hashcopy[WC_SHA256_DIGEST_SIZE];
- testVector interleave_test_sha[4];
- wc_Sha256 i_sha, i_shaCopy;
- #endif
- #ifndef NO_LARGE_HASH_TEST
- #define LARGE_HASH_TEST_INPUT_SZ 1024
- #ifdef WOLFSSL_SMALL_STACK
- byte *large_input = NULL;
- #else
- byte large_input[LARGE_HASH_TEST_INPUT_SZ];
- #endif
- #endif
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha256_test");
- a.input = "";
- a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
- "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
- "\xb8\x55";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"; /* this is BLOCKSIZE length */
- d.output = "\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52"
- "\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46"
- "\x68\xEB";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- interleave_test_sha[0] = a;
- interleave_test_sha[1] = b;
- interleave_test_sha[2] = c;
- interleave_test_sha[3] = d;
- #endif
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_InitSha256_ex(&i_sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha256Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_InitSha256_ex(&i_shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha256Free(&sha);
- wc_Sha256Free(&i_sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256Update(&i_sha, (byte*)interleave_test_sha[i].input,
- (word32)interleave_test_sha[i].inLen);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #endif
- ret = wc_Sha256GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256GetHash(&i_sha, i_hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha256Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256Copy(&i_sha, &i_shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256Final(&i_sha, i_hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- wc_Sha256Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- wc_Sha256Free(&i_shaCopy);
- #endif
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- if (XMEMCMP(i_hash, interleave_test_sha[i].output,
- WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, i_hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #endif
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- #ifdef HASH_SIZE_LIMIT
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
- "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
- "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
- }
- #endif
- for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Sha256SizeSet(&sha, times * LARGE_HASH_TEST_INPUT_SZ);
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)large_input,
- LARGE_HASH_TEST_INPUT_SZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #undef LARGE_HASH_TEST_INPUT_SZ
- #endif /* NO_LARGE_HASH_TEST */
- #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
- unsigned char data_hb[WC_SHA256_BLOCK_SIZE] = {
- 0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18
- };
- ret = wc_Sha256HashBlock(&sha, data_hb, hash);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- #endif
- exit:
- #if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- wc_Sha256Free(&sha);
- wc_Sha256Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- wc_Sha256Free(&i_sha);
- wc_Sha256Free(&i_shaCopy);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
- {
- /*
- ** See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf
- */
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- wc_Sha512 i_sha, i_shaCopy;
- byte i_hash[WC_SHA512_DIGEST_SIZE];
- byte i_hashcopy[WC_SHA512_DIGEST_SIZE];
- testVector interleave_test_sha[3];
- #endif
- #ifndef NO_LARGE_HASH_TEST
- #define LARGE_HASH_TEST_INPUT_SZ 1024
- #ifdef WOLFSSL_SMALL_STACK
- byte *large_input = NULL;
- #else
- byte large_input[LARGE_HASH_TEST_INPUT_SZ];
- #endif
- #endif
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha512_test");
- a.input = "";
- a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
- "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
- "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
- "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
- "\xf9\x27\xda\x3e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
- "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
- "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
- "\xa5\x4c\xa4\x9f";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- interleave_test_sha[0] = a;
- interleave_test_sha[1] = b;
- interleave_test_sha[2] = c;
- #endif
- ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_InitSha512_ex(&i_sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_InitSha512_ex(&i_shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512Free(&sha);
- wc_Sha512Free(&i_sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512Update(&i_sha, (byte*)interleave_test_sha[i].input,
- (word32)interleave_test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha512GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512GetHash(&i_sha, i_hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha512Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512Copy(&i_sha, &i_shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512Final(&i_sha, i_hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- wc_Sha512Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- wc_Sha512Free(&i_shaCopy);
- #endif
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- if (XMEMCMP(i_hash, interleave_test_sha[i].output,
- WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, i_hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #endif
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- #ifdef HASH_SIZE_LIMIT
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE"
- "\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B"
- "\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95"
- "\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
- "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
- "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
- "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
- }
- #endif
- for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)large_input,
- LARGE_HASH_TEST_INPUT_SZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- #ifndef NO_UNALIGNED_MEMORY_TEST
- /* Unaligned memory access test */
- for (i = 1; i < 16; i++) {
- ret = wc_Sha512Update(&sha, (byte*)large_input + i,
- LARGE_HASH_TEST_INPUT_SZ - i);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Sha512Final(&sha, hash);
- }
- #endif
- } /* END LARGE HASH TEST */
- #undef LARGE_HASH_TEST_INPUT_SZ
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- #if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- wc_Sha512Free(&sha);
- wc_Sha512Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- wc_Sha512Free(&i_sha);
- wc_Sha512Free(&i_shaCopy);
- #endif
- return ret;
- }
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
- {
- /*
- ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
- **
- ** NIST SHA512/224 Document Example:
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_224.pdf
- */
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_224_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_224_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha512_224_test");
- a.input = "";
- a.output = "\x6e\xd0\xdd\x02"
- "\x80\x6f\xa8\x9e" "\x25\xde\x06\x0c"
- "\x19\xd3\xac\x86" "\xca\xbb\x87\xd6"
- "\xa0\xdd\xd0\x5c" "\x33\x3b\x84\xf4";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_224_DIGEST_SIZE;
- /*
- ** See page 1 in above document for the SHA512/224 "abc" test:
- */
- b.input = "abc";
- /*
- ** See page 1 in above document for the SHA512/224 "abc" test digest:
- */
- b.output = "\x46\x34\x27\x0f"
- "\x70\x7b\x6a\x54" "\xda\xae\x75\x30"
- "\x46\x08\x42\xe2" "\x0e\x37\xed\x26"
- "\x5c\xee\xe9\xa4" "\x3e\x89\x24\xaa";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_224_DIGEST_SIZE;
- /*
- ** See page 4 in above for the 2-block test:
- */
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- /*
- ** see page 9 in above document for the 2-block test message digest:
- */
- c.output = "\x23\xfe\xc5\xbb"
- "\x94\xd6\x0b\x23" "\x30\x81\x92\x64"
- "\x0b\x0c\x45\x33" "\x35\xd6\x64\x73"
- "\x4f\xe4\x0e\x72" "\x68\x67\x4a\xf9";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha512_224_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha512_224_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512_224Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_224Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_224GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_224Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha512_224Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\x98\x68\xc3\xd9\xb9\xef\x17\x53"
- "\x43\x66\x0e\x60\xdf\x29\xf8\xef"
- "\x96\xe3\x93\x34\x8c\x6f\xc0\xeb"
- "\x14\x6c\xcf\x6a";
- #else
- const char* large_digest =
- "\x26\x5f\x98\xd1\x76\x49\x71\x4e"
- "\x82\xb7\x9d\x52\x32\x67\x9d\x56"
- "\x91\xf5\x88\xc3\x05\xbb\x3f\x90"
- "\xe2\x4e\x85\x05";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_224Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha512_224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- #ifndef NO_UNALIGNED_MEMORY_TEST
- /* Unaligned memory access test */
- for (i = 1; i < 16; i++) {
- ret = wc_Sha512_224Update(&sha, (byte*)large_input + i,
- (word32)sizeof(large_input) - i);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Sha512_224Final(&sha, hash);
- }
- #endif
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha512_224Free(&sha);
- wc_Sha512_224Free(&shaCopy);
- return ret;
- } /* sha512_224_test */
- #endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
- {
- /*
- ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
- ** NIST SHA512/256 Document Example:
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf
- */
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_256_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_256_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha512_256_test");
- a.input = "";
- a.output = "\xc6\x72\xb8\xd1" "\xef\x56\xed\x28"
- "\xab\x87\xc3\x62" "\x2c\x51\x14\x06"
- "\x9b\xdd\x3a\xd7" "\xb8\xf9\x73\x74"
- "\x98\xd0\xc0\x1e" "\xce\xf0\x96\x7a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_256_DIGEST_SIZE;
- /*
- ** See page 1 of above document for "abc" example:
- */
- b.input = "abc";
- /*
- ** See page 4 of above document for "abc" example digest:
- */
- b.output = "\x53\x04\x8e\x26" "\x81\x94\x1e\xf9"
- "\x9b\x2e\x29\xb7" "\x6b\x4c\x7d\xab"
- "\xe4\xc2\xd0\xc6" "\x34\xfc\x6d\x46"
- "\xe0\xe2\xf1\x31" "\x07\xe7\xaf\x23";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_256_DIGEST_SIZE;
- /*
- ** See page 4 of above document for Two Block Message Sample:
- */
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- /*
- ** See page 10 of above document for Two Block Message Sample digest:
- */
- c.output = "\x39\x28\xe1\x84" "\xfb\x86\x90\xf8"
- "\x40\xda\x39\x88" "\x12\x1d\x31\xbe"
- "\x65\xcb\x9d\x3e" "\xf8\x3e\xe6\x14"
- "\x6f\xea\xc8\x61" "\xe1\x9b\x56\x3a";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha512_256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha512_256_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512_256Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_256Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_256GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_256Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha512_256Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\x49\xcc\xbc\x7a\x93\x0b\x02\xb8"
- "\xad\x9a\x46\x51\x00\x1f\x13\x80"
- "\x35\x84\x36\xf1\xf2\x3c\xeb\xd8"
- "\x41\xd4\x06\x8b\x1d\x19\xad\x72";
- #else
- const char* large_digest =
- "\x7a\xe3\x84\x05\xcb\x06\x22\x08"
- "\x7e\x2c\x65\x89\x1f\x26\x45\xfd"
- "\xad\xbc\x2e\x29\x83\x12\x84\x4b"
- "\xf2\xa0\xde\xbe\x06\x11\xd7\x44";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_256Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha512_256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- #ifndef NO_UNALIGNED_MEMORY_TEST
- /* Unaligned memory access test */
- for (i = 1; i < 16; i++) {
- ret = wc_Sha512_256Update(&sha, (byte*)large_input + i,
- (word32)sizeof(large_input) - i);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Sha512_256Final(&sha, hash);
- }
- #endif
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha512_256Free(&sha);
- wc_Sha512_256Free(&shaCopy);
- return ret;
- } /* sha512_256_test */
- #endif /* !defined(WOLFSSL_NOSHA512_256) && !FIPS ... */
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA384
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
- {
- wc_Sha384 sha, shaCopy;
- byte hash[WC_SHA384_DIGEST_SIZE];
- byte hashcopy[WC_SHA384_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha384_test");
- a.input = "";
- a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
- "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
- "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
- "\x98\xb9\x5b";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha384Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha384GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha384Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha384Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\xB5\xAD\x66\x6F\xD9\x58\x5E\x68\xDD\x5E\x30\xD3\x95\x72\x33\xA4"
- "\xE9\x4B\x99\x3A\xEF\xF8\xE1\xBF\x1F\x05\x32\xAA\x16\x00\x82\xEC"
- "\x15\xDA\xF2\x75\xEE\xE9\x06\xAF\x52\x8A\x5C\xEF\x72\x81\x80\xD6";
- #else
- const char* large_digest =
- "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
- "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
- "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha384Free(&sha);
- wc_Sha384Free(&shaCopy);
- return ret;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static wc_test_ret_t sha3_224_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
- "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
- "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
- "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_224_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
- "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha3_224_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- static wc_test_ret_t sha3_256_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
- "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* test vector with hash of empty string */
- const char* Keccak256EmptyOut =
- "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
- "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
- #endif
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-256_Msg0.pdf
- */
- a.input = "";
- a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
- "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
- "\x43\x4a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
- "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
- "\x15\x32";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
- "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
- "\x33\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_256_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- /* this is a software only variant of SHA3 not supported by external hardware devices */
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* Test for Keccak256 */
- ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_256_Update(&sha, (byte*)"", 0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
- exit:
- wc_Sha3_256_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- #ifndef WOLFSSL_NOSHA3_384
- static wc_test_ret_t sha3_384_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- byte buf[64];
- #ifndef NO_INTM_HASH_TEST
- byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
- #endif
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-384_Msg0.pdf
- */
- a.input = "";
- a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
- "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
- "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
- "\xd5\xf0\x04";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_384_DIGEST_SIZE;
- #if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- /* NIST test vector with a length that is a multiple of 4 */
- b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
- "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
- b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
- "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
- "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
- "\x19\x87\x22";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #else
- b.input = "abc";
- b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
- "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
- "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
- "\x37\x6d\x25";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #endif
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
- "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
- "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
- "\x65\x7c\x22";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_384_DIGEST_SIZE;
- #if defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- test_sha[0] = b; /* hardware acc. pre-Versal can not handle "" string */
- #else
- test_sha[0] = a;
- #endif
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- XMEMCPY(buf, test_sha[i].input, test_sha[i].inLen);
- ret = wc_Sha3_384_Update(&sha, buf,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_INTM_HASH_TEST
- ret = wc_Sha3_384_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_INTM_HASH_TEST
- if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
- "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
- "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha3_384_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_384 */
- #ifndef WOLFSSL_NOSHA3_512
- static wc_test_ret_t sha3_512_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-512_Msg0.pdf
- */
- a.input = "";
- a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
- "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
- "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
- "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
- "\x28\x1d\xcd\x26";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
- "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
- "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
- "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
- "\x4e\xec\x53\xf0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_512_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
- "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
- "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
- "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
- "\x39\xd6\xe7\x5e";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_512_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
- "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
- "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
- "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha3_512_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void)
- {
- wc_test_ret_t ret;
- (void)ret;
- WOLFSSL_ENTER("sha3_test");
- #ifndef WOLFSSL_NOSHA3_224
- if ((ret = sha3_224_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- if ((ret = sha3_256_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- if ((ret = sha3_384_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- if ((ret = sha3_512_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #endif /* WOLFSSL_SHA3 */
- #ifdef WOLFSSL_SHAKE128
- static wc_test_ret_t shake128_absorb_test(wc_Shake* sha, byte *large_input_buf,
- size_t large_input_buf_size)
- {
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- static const char large_digest[] =
- "\x2b\xd1\x69\x9f\xb3\x75\x40\x74\xb8\xb2\xd2\x0b\x92\x47\x9b\xfe"
- "\xc9\x91\x48\xbe\xda\xa4\x09\xd7\x61\x35\x18\x05\x07\x71\xa5\x61"
- "\x4d\xc4\x94\xad\xbe\x04\x7d\xad\x95\x2f\xeb\x2c\xc0\x10\x67\x43"
- "\x40\xf1\x4a\x58\x1c\x54\xfa\x24\x1c\x1a\x4e\x8d\x9b\xbc\xea\xa7"
- "\x32\xf2\x4c\xc7\x86\x05\x36\xdc\xb4\x42\xd8\x35\xd1\xb4\xa2\x79"
- "\xa2\xe6\xee\x67\x4f\xbf\x2a\x93\x41\x88\x25\x56\x29\x90\x1a\x06"
- "\xba\xfe\x9f\xa6\x1a\x74\xe8\x7e\x85\x4a\xc8\x58\x60\xb1\x7b\x18"
- "\xdf\x77\x59\x46\x04\xc1\xff\x4b\x9b\xcb\xad\xfe\x91\x28\xf0\x01"
- "\xc1\x33\xd0\x99\x99\x2e\x0c\x86\x84\x67\x4d\x37\xa4\x42\x45\x10"
- "\xdc\x8f\xdb\x6f\xa6\x9b\xee\x8a\x60\xa5\x1f\x95\x3f\x8f\xf5\x31"
- "\x4b\x1d\x48\x1e\x45\xff\x79\x5c\xbe\x72\xfc\x56\xed\x6d\x1a\x99"
- "\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b"
- "\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41"
- "\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59"
- "\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8"
- "\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86"
- "\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95"
- "\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71"
- "\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26"
- "\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5";
- byte hash[sizeof(large_digest) - 1];
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
- */
- a.input = "";
- a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
- "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
- "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
- "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
- "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
- "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
- "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
- "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
- "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f"
- "\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c"
- "\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c"
- "\xb0\xfc\xa9";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_128_BLOCK_SIZE;
- b.input = "abc";
- b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
- "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
- "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
- "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
- "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
- "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
- "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
- "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
- "\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f"
- "\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e"
- "\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56"
- "\x47\x58\x4e";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_128_BLOCK_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
- "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
- "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
- "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
- "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
- "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
- "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
- "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5"
- "\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c"
- "\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d"
- "\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58"
- "\xb4\xc9\x54";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_128_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
- "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
- "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
- "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
- "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
- "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
- "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
- "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
- "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
- "\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0"
- "\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e"
- "\x55\x4d\x09";
- d.inLen = 32;
- d.outLen = WC_SHA3_128_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
- "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
- "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
- "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
- "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
- "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
- "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
- "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
- "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
- "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
- "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
- "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
- "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
- "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
- "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
- "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d"
- "\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb"
- "\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b"
- "\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47"
- "\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a"
- "\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e"
- "\xd9\xe9\xe6\xf9\xff\xa5";
- e.inLen = 32;
- e.outLen = 2 * WC_SHA3_128_BLOCK_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- for (i = 0; i < times; ++i) {
- ret = wc_InitShake128(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake128_Absorb(sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake128_SqueezeBlocks(sha, hash,
- (word32)test_sha[i].outLen / WC_SHA3_128_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)large_input_buf_size; i++) {
- large_input_buf[i] = (byte)(i & 0xFF);
- }
- ret = wc_InitShake128(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Absorb is non-incremental. */
- ret = wc_Shake128_Absorb(sha, (byte*)large_input_buf,
- (word32)large_input_buf_size);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Able to squeeze out blocks incrementally. */
- ret = wc_Shake128_SqueezeBlocks(sha, hash, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Shake128_SqueezeBlocks(sha, hash,
- ((word32)sizeof(hash) / WC_SHA3_128_BLOCK_SIZE) - 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
- {
- wc_Shake sha;
- byte hash[250];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- #define SHAKE128_LARGE_INPUT_BUFSIZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *large_input = NULL;
- #else
- byte large_input[SHAKE128_LARGE_INPUT_BUFSIZ];
- #endif
- static const char large_digest[] =
- "\x88\xd7\x0e\x86\x46\x72\x6b\x3d\x7d\x22\xe1\xa9\x2d\x02\xdb\x35"
- "\x92\x4f\x1b\x03\x90\xee\xa3\xce\xd1\x3a\x08\x3a\xd7\x4e\x10\xdf"
- "\x09\x67\x33\x35\x4f\xdd\x38\x50\x5b\xcb\x75\xc7\xba\x65\xe5\xe8"
- "\xb8\x76\xde\xc5\xee\xd7\xf1\x65\x93\x4e\x5e\xc4\xb1\xd7\x6b\xee"
- "\x4b\x57\x48\xf5\x38\x49\x9e\x45\xa0\xf7\x32\xe9\x05\x26\x6a\x10"
- "\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74"
- "\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa"
- "\xfa\x1b";
- WOLFSSL_ENTER("shake128_test");
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
- */
- a.input = "";
- a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
- "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
- "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
- "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
- "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
- "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
- "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
- "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = 114;
- b.input = "abc";
- b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
- "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
- "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
- "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
- "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
- "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
- "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
- "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3";
- b.inLen = XSTRLEN(b.input);
- b.outLen = 114;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
- "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
- "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
- "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
- "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
- "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
- "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
- "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa";
- c.inLen = XSTRLEN(c.input);
- c.outLen = 114;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
- "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
- "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
- "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
- "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
- "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
- "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
- "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
- "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
- "\xa1";
- d.inLen = 32;
- d.outLen = 136;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
- "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
- "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
- "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
- "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
- "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
- "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
- "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
- "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
- "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
- "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
- "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
- "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
- "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
- "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
- "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4";
- e.inLen = 32;
- e.outLen = 250;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitShake128(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Shake128_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake128_Final(&sha, hash, (word32)test_sha[i].outLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(SHAKE128_LARGE_INPUT_BUFSIZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- #endif
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < SHAKE128_LARGE_INPUT_BUFSIZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake128_Update(&sha, (byte*)large_input,
- SHAKE128_LARGE_INPUT_BUFSIZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Shake128_Final(&sha, hash, (word32)sizeof(hash));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, sizeof(large_digest) - 1) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- ret = shake128_absorb_test(&sha, large_input, SHAKE128_LARGE_INPUT_BUFSIZ);
- exit:
- wc_Shake128_Free(&sha);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (large_input != NULL)
- XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHAKE256
- static wc_test_ret_t shake256_absorb_test(wc_Shake* sha, byte *large_input_buf,
- size_t large_input_buf_size)
- {
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- static const char large_digest[] =
- "\x21\x25\x8e\xae\x6e\x4f\xa7\xe1\xb9\x6d\xa7\xc9\x7d\x46\x03\x69"
- "\x29\x0d\x81\x49\xba\x5d\xaf\x37\xfd\xeb\x25\x52\x1d\xd9\xbd\x65"
- "\xfa\x99\xb9\xd1\x70\x6b\xeb\xd4\xc1\x2c\xea\x24\x20\x27\xa7\xcd"
- "\xfa\xe1\x81\xd9\xd5\xc1\x1c\xc7\xe9\x70\xc3\xc7\x21\x6f\x32\x22"
- "\xe3\x27\xdb\x58\x5e\xea\x18\x2d\x63\x4d\x14\x6c\x94\xcf\x2b\x7e"
- "\x6e\x2a\x74\xf3\xe0\xac\xb3\xb2\xcc\xef\x38\xe9\xe7\x35\xb3\xc5"
- "\x77\x9d\xff\xe3\x08\x8e\xf8\x2c\x89\xbb\x45\x22\x16\x99\x91\xc0"
- "\xe7\x71\x57\x75\xc5\xb1\xc6\xaf\x27\xcb\x64\x8c\xc4\xee\x3d\x5f"
- "\x4c\x35\xfb\x1c\xf3\xf8\x0e\xfd\x5e\xfc\x07\xd8\x4d\x55\x32\x49"
- "\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93"
- "\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43"
- "\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48"
- "\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08"
- "\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a"
- "\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6"
- "\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44";
- byte hash[sizeof(large_digest) - 1];
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
- */
- a.input = "";
- a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
- "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
- "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
- "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
- "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
- "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
- "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
- "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
- "\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f"
- "\xdd";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_BLOCK_SIZE;
- b.input = "abc";
- b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
- "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
- "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
- "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
- "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
- "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
- "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
- "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
- "\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc"
- "\x29";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_BLOCK_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
- "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
- "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
- "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
- "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
- "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
- "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
- "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b"
- "\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22"
- "\x8d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
- "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
- "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
- "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
- "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
- "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
- "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
- "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
- "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
- "\xc2";
- d.inLen = 32;
- d.outLen = WC_SHA3_256_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
- "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
- "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
- "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
- "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
- "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
- "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
- "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
- "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
- "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
- "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
- "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
- "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
- "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
- "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
- "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4"
- "\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97"
- "\x68\x44";
- e.inLen = 32;
- e.outLen = 2 * WC_SHA3_256_BLOCK_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- for (i = 0; i < times; ++i) {
- ret = wc_InitShake256(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake256_Absorb(sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake256_SqueezeBlocks(sha, hash,
- (word32)test_sha[i].outLen / WC_SHA3_256_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)large_input_buf_size; i++) {
- large_input_buf[i] = (byte)(i & 0xFF);
- }
- ret = wc_InitShake256(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Absorb is non-incremental. */
- ret = wc_Shake256_Absorb(sha, large_input_buf,
- (word32)large_input_buf_size);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Able to squeeze out blocks incrementally. */
- ret = wc_Shake256_SqueezeBlocks(sha, hash, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Shake256_SqueezeBlocks(sha, hash,
- ((word32)sizeof(hash) / WC_SHA3_256_BLOCK_SIZE) - 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
- {
- wc_Shake sha;
- byte hash[250];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- #define SHAKE256_LARGE_INPUT_BUFSIZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *large_input = NULL;
- #else
- byte large_input[SHAKE256_LARGE_INPUT_BUFSIZ];
- #endif
- const char* large_digest =
- "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
- "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
- "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
- "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
- "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
- "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
- "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
- "\xea\x26";
- WOLFSSL_ENTER("shake256_test");
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
- */
- a.input = "";
- a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
- "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
- "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
- "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
- "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
- "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
- "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
- "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
- a.inLen = XSTRLEN(a.input);
- a.outLen = 114;
- b.input = "abc";
- b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
- "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
- "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
- "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
- "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
- "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
- "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
- "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = 114;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
- "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
- "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
- "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
- "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
- "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
- "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
- "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
- c.inLen = XSTRLEN(c.input);
- c.outLen = 114;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
- "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
- "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
- "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
- "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
- "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
- "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
- "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
- "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
- "\xc2";
- d.inLen = 32;
- d.outLen = 136;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
- "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
- "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
- "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
- "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
- "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
- "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
- "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
- "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
- "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
- "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
- "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
- "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
- "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
- "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
- "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
- e.inLen = 32;
- e.outLen = 250;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitShake256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(SHAKE256_LARGE_INPUT_BUFSIZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- #endif
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < SHAKE256_LARGE_INPUT_BUFSIZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)large_input,
- SHAKE256_LARGE_INPUT_BUFSIZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, 114) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- ret = shake256_absorb_test(&sha, large_input, SHAKE256_LARGE_INPUT_BUFSIZ);
- exit:
- wc_Shake256_Free(&sha);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (large_input != NULL)
- XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SM3
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void)
- {
- wc_Sm3 sm3, sm3Copy;
- byte hash[WC_SM3_DIGEST_SIZE];
- byte hashGet[WC_SM3_DIGEST_SIZE];
- byte hashCopy[WC_SM3_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("sm3_test");
- testVector a, b, c;
- testVector test_sm3[3];
- int times = sizeof(test_sm3) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f\x8e\x61\x19\x48\x31\xe8\x1a"
- "\x8f\x22\xbe\xc8\xc7\x28\xfe\xfb\x74\x7e\xd0\x35\xeb\x50\x82"
- "\xaa\x2b";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SM3_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4"
- "\xe2\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b"
- "\xa8\xe0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SM3_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1"
- "\xea\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b"
- "\x8c\x05";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SM3_DIGEST_SIZE;
- test_sm3[0] = a;
- test_sm3[1] = b;
- test_sm3[2] = c;
- ret = wc_InitSm3(&sm3, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSm3(&sm3Copy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sm3Free(&sm3);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Test all the KATs. */
- for (i = 0; i < times; ++i) {
- ret = wc_Sm3Update(&sm3, (byte*)test_sm3[i].input,
- (word32)test_sm3[i].inLen);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- /* Get the final hash but leave ready for more updates. */
- ret = wc_Sm3GetHash(&sm3, hashGet);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Make a copy of the hash. */
- ret = wc_Sm3Copy(&sm3, &sm3Copy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Get the final hash with original. */
- ret = wc_Sm3Final(&sm3, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Get the final hash with copy. */
- ret = wc_Sm3Final(&sm3Copy, hashCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Dispose of copy. */
- wc_Sm3Free(&sm3Copy);
- /* Check hashes match expected. */
- if (XMEMCMP(hash, test_sm3[i].output, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashGet, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashCopy, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- {
- word32 sz;
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\x6c\x42\x57\x64\x8e\x45\xf3\xb6\xc0\x83\xd3\x41\x83\x66\x51\xb4"
- "\x50\xfe\x06\xb5\xb7\x1e\xd5\x0d\x41\xfc\x1e\xe5\xc6\x57\x95\x0f";
- times = 20;
- #else
- const char* large_digest =
- "\x34\x51\x3c\xde\x7c\x30\xb7\xc5\xaa\x97\x3b\xed\xb3\x16\xb9\x76"
- "\x35\x46\x14\x80\x2a\x57\xca\xd9\x48\xf9\x93\xcc\x1f\xdd\xab\x79";
- times = 100;
- #endif
- /* Set large input to something. */
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- /* Hash a large number of times. */
- for (i = 0; i < times; ++i) {
- ret = wc_Sm3Update(&sm3, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- /* Calculate hash and compare to expected. */
- ret = wc_Sm3Final(&sm3, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Check updating with various sizes works. */
- for (sz = 1; sz <= 64; sz++) {
- /* Hash a large number of times. */
- for (i = 0; i < times; ++i) {
- word32 o;
- /* Update sz bytes at a time from large input buffer. */
- for (o = 0; o + sz <= (word32)sizeof(large_input); o += sz) {
- ret = wc_Sm3Update(&sm3, (byte*)(large_input + o), sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(o), exit);
- }
- /* Check for left-overs. */
- if (o < (word32)sizeof(large_input)) {
- ret = wc_Sm3Update(&sm3, (byte*)(large_input + o),
- (word32)sizeof(large_input) - o);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- }
- /* Calculate hash and compare to expected. */
- ret = wc_Sm3Final(&sm3, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
- if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
- }
- }
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sm3Free(&sm3);
- wc_Sm3Free(&sm3Copy);
- return ret;
- }
- #endif
- #ifndef NO_HASH_WRAPPER
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
- {
- wc_HashAlg hash;
- int ret, exp_ret;
- int i, j;
- int digestSz;
- byte data[] = "0123456789abcdef0123456789abcdef0123456";
- byte out[WC_MAX_DIGEST_SIZE];
- byte hashOut[WC_MAX_DIGEST_SIZE];
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- enum wc_HashType hashType;
- #endif
- enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
- WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
- WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
- WC_HASH_TYPE_SHA3_224,
- WC_HASH_TYPE_SHA3_256,
- WC_HASH_TYPE_SHA3_384,
- WC_HASH_TYPE_SHA3_512 };
- enum wc_HashType typesNoImpl[] = {
- #ifdef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifdef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifndef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifdef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifndef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifndef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
- WC_HASH_TYPE_SHA3_224,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
- WC_HASH_TYPE_SHA3_256,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
- WC_HASH_TYPE_SHA3_384,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
- WC_HASH_TYPE_SHA3_512,
- #endif
- WC_HASH_TYPE_NONE
- };
- enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
- enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_NONE };
- WOLFSSL_ENTER("hash_test");
- /* Parameter Validation testing. */
- ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Try invalid hash algorithms. */
- for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
- ret = wc_HashInit(&hash, typesBad[i]);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashFinal(&hash, typesBad[i], out);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_I(i);
- wc_HashFree(&hash, typesBad[i]);
- }
- /* Try valid hash algorithms. */
- for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
- exp_ret = 0;
- if (typesGood[i] == typesNoImpl[j]) {
- /* Recognized but no implementation compiled in. */
- exp_ret = HASH_TYPE_E;
- j++;
- }
- ret = wc_HashInit(&hash, typesGood[i]);
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashFinal(&hash, typesGood[i], out);
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- wc_HashFree(&hash, typesGood[i]);
- digestSz = wc_HashGetDigestSize(typesGood[i]);
- if (exp_ret < 0 && digestSz != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0 && digestSz < 0)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0) {
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
- digestSz - 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_I(i);
- }
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz);
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashGetBlockSize(typesGood[i]);
- if (exp_ret < 0 && ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0 && ret < 0)
- return WC_TEST_RET_ENC_I(i);
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(typesGood[i]);
- if (ret == BAD_FUNC_ARG ||
- (exp_ret == 0 && ret == HASH_TYPE_E) ||
- (exp_ret != 0 && ret != HASH_TYPE_E)) {
- return WC_TEST_RET_ENC_I(i);
- }
- hashType = wc_OidGetHash(ret);
- if (exp_ret == 0 && hashType != typesGood[i])
- return WC_TEST_RET_ENC_I(i);
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- }
- for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
- ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
- if ((ret != BAD_FUNC_ARG) && (ret != BUFFER_E) && (ret != HASH_TYPE_E))
- return WC_TEST_RET_ENC_I(i);
- }
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- hashType = wc_OidGetHash(646); /* Md2h */
- #ifdef WOLFSSL_MD2
- if (hashType != WC_HASH_TYPE_MD2)
- return WC_TEST_RET_ENC_NC;
- #else
- if (hashType != WC_HASH_TYPE_NONE)
- return WC_TEST_RET_ENC_NC;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
- #ifndef NO_MD5
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- hashType = wc_OidGetHash(0);
- if (hashType != WC_HASH_TYPE_NONE)
- return WC_TEST_RET_ENC_NC;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
- #if !defined(NO_MD5) && !defined(NO_SHA)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(NO_CERTS) && !defined(NO_ASN)
- #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = wc_GetCTC_HashOID(MD2);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifndef NO_MD5
- ret = wc_GetCTC_HashOID(WC_MD5);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifndef NO_SHA
- ret = wc_GetCTC_HashOID(WC_SHA);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SHA224
- ret = wc_GetCTC_HashOID(WC_SHA224);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifndef NO_SHA256
- ret = wc_GetCTC_HashOID(WC_SHA256);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SHA384
- ret = wc_GetCTC_HashOID(WC_SHA384);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_GetCTC_HashOID(WC_SHA512);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_GetCTC_HashOID(-1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_HASH_WRAPPER */
- #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS) && \
- defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION >= 5))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
- {
- Hmac hmac;
- byte hash[WC_MD5_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_md5_test");
- /* Following test vectors are from RFC 2202 section 2 */
- a.input = "Hi There";
- a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
- "\x9d";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
- "\x38";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
- "\xf6";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0"
- "\xcd";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_MD5_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1) {
- continue; /* cavium can't handle short keys, fips not allowed */
- }
- #endif
- ret = wc_HmacInit(&hmac, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha_test");
- /* Following test vectors are from RFC 2202 section 3 */
- a.input = "Hi There";
- a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
- "\x8e\xf1\x46\xbe\x00";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
- "\x9c\x25\x9a\x7c\x79";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
- "\x4f\x63\xf1\x75\xd3";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b"
- "\x55\xed\x40\x21\x12";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- #if FIPS_VERSION3_GE(6,0,0)
- int allowShortKeyWithFips = 1;
- #endif
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- #if FIPS_VERSION3_GE(6,0,0)
- if (i == 1) {
- if (ret != HMAC_MIN_KEYLEN_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Now use the ex and allow short keys with FIPS option */
- ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i],
- (word32)XSTRLEN(keys[i]), allowShortKeyWithFips);
- }
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA224_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha224_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
- "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
- "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
- "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA224_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA256_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d, e;
- testVector test_hmac[5];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha256_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
- "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
- "\xcf\xf7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
- "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
- "\x38\x43";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
- "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
- "\x65\xfe";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- d.input = 0;
- d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
- "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
- "\x3e\x46";
- d.inLen = 0;
- d.outLen = WC_SHA256_DIGEST_SIZE;
- e.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- e.output = "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7"
- "\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3"
- "\x7f\x54";
- e.inLen = XSTRLEN(e.input);;
- e.outLen = WC_SHA256_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- test_hmac[4] = e;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
- if (i == 3)
- continue; /* QuickAssist can't handle empty HMAC */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (test_hmac[i].input != NULL) {
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #if FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(21)) != HMAC_KAT_FIPS_E)
- #else
- if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG)
- #endif
- {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA384_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha384_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
- "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
- "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
- "\xfa\x9c\xb6";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
- "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
- "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
- "\xb2\x16\x49";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
- "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
- "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
- "\xa3\x4f\x27";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5"
- "\xb4\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a"
- "\xc4\xc6\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63"
- "\xf4\x49\x52";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA384_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA512_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha512_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
- "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
- "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
- "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
- "\x3a\x12\x68\x54";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
- "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
- "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
- "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
- "\x38\xbc\xe7\x37";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
- "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
- "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
- "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
- "\xe1\x32\x92\xfb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8"
- "\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8"
- "\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d"
- "\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98"
- "\x5d\x78\x65\x98";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA512_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- const char* key[4] =
- {
- "Jefe",
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- const char* input[4] =
- {
- "what do ya want for nothing?",
- "Hi There",
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
- "Big Key Input"
- };
- const int hashType[4] =
- {
- WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
- };
- const int hashSz[4] =
- {
- WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
- WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
- };
- const char* output[16] =
- {
- /* key = jefe, input = what do ya want for nothing? */
- /* HMAC-SHA3-224 */
- "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
- "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
- /* HMAC-SHA3-256 */
- "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
- "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
- /* HMAC-SHA3-384 */
- "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
- "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
- "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
- /* HMAC-SHA3-512 */
- "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
- "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
- "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
- "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
- /* key = 0b..., input = Hi There */
- /* HMAC-SHA3-224 */
- "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
- "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
- /* HMAC-SHA3-256 */
- "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
- "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
- /* HMAC-SHA3-384 */
- "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
- "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
- "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
- /* HMAC-SHA3-512 */
- "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
- "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
- "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
- "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
- /* key = aa..., output = dd... */
- /* HMAC-SHA3-224 */
- "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
- "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
- /* HMAC-SHA3-256 */
- "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
- "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
- /* HMAC-SHA3-384 */
- "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
- "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
- "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
- /* HMAC-SHA3-512 */
- "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
- "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
- "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
- "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
- /* key = big key, input = Big Key Input */
- /* HMAC-SHA3-224 */
- "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
- "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
- /* HMAC-SHA3-256 */
- "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
- "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
- /* HMAC-SHA3-384 */
- "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
- "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
- "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
- /* HMAC-SHA3-512 */
- "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
- "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
- "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
- "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
- };
- int i = 0, iMax = sizeof(input) / sizeof(input[0]),
- j, jMax = sizeof(hashType) / sizeof(hashType[0]);
- int ret;
- WOLFSSL_ENTER("hmac_sha3_test");
- #ifdef HAVE_FIPS
- /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
- * short. Skip it in FIPS builds. */
- i = 1;
- #endif
- for (; i < iMax; i++) {
- for (j = 0; j < jMax; j++) {
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
- (word32)XSTRLEN(key[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)input[i],
- (word32)XSTRLEN(input[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_HmacFree(&hmac);
- if (i > 0)
- continue;
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- ret = wc_HmacSizeByType(hashType[j]);
- if (ret != hashSz[j])
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- }
- }
- return 0;
- }
- #endif
- #ifdef WC_RC2
- typedef struct rc2TestVector {
- const char* input;
- const char* output;
- const char* key; /* Key, variable up to 128 bytes */
- const char* iv; /* IV, 8-bytes */
- int inLen;
- int outLen;
- int keyLen;
- int effectiveKeyBits; /* Up to 1024 bits supported */
- } rc2TestVector;
- static wc_test_ret_t rc2_ecb_test(void)
- {
- wc_test_ret_t ret = 0;
- byte cipher[RC2_BLOCK_SIZE];
- byte plain[RC2_BLOCK_SIZE];
- rc2TestVector a, b, c, d, e, f, g, h;
- rc2TestVector test_rc2[8];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE;
- a.outLen = RC2_BLOCK_SIZE;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE;
- b.outLen = RC2_BLOCK_SIZE;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE;
- c.outLen = RC2_BLOCK_SIZE;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
- d.key = "\x88";
- d.inLen = RC2_BLOCK_SIZE;
- d.outLen = RC2_BLOCK_SIZE;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.inLen = RC2_BLOCK_SIZE;
- e.outLen = RC2_BLOCK_SIZE;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.inLen = RC2_BLOCK_SIZE;
- f.outLen = RC2_BLOCK_SIZE;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.inLen = RC2_BLOCK_SIZE;
- g.outLen = RC2_BLOCK_SIZE;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.inLen = RC2_BLOCK_SIZE;
- h.outLen = RC2_BLOCK_SIZE;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- for (i = 0; i < times; ++i) {
- Rc2 enc;
- XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
- XMEMSET(plain, 0, RC2_BLOCK_SIZE);
- ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
- NULL, test_rc2[i].effectiveKeyBits);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* ECB encrypt */
- ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
- (word32)test_rc2[i].outLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
- return WC_TEST_RET_ENC_NC;
- }
- /* ECB decrypt */
- ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- static wc_test_ret_t rc2_cbc_test(void)
- {
- wc_test_ret_t ret = 0;
- byte cipher[128];
- byte plain[128];
- rc2TestVector a, b, c, d, e, f, g, h, i;
- rc2TestVector test_rc2[9];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
- /* key length = 7, effective key bits = 63 */
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
- "\xF0\x51\x77\x8B\x65\xDB\x13\x57";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE*2;
- a.outLen = RC2_BLOCK_SIZE*2;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- /* key length = 8, effective key bits = 64, all 0xFF */
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
- "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE*2;
- b.outLen = RC2_BLOCK_SIZE*2;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- /* key length = 8, effective key bits = 64 */
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
- "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
- "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE*2;
- c.outLen = RC2_BLOCK_SIZE*2;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- /* key length = 1, effective key bits = 64 */
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
- "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
- d.key = "\x88";
- d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.inLen = RC2_BLOCK_SIZE*2;
- d.outLen = RC2_BLOCK_SIZE*2;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- /* key length = 7, effective key bits = 64 */
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
- "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.inLen = RC2_BLOCK_SIZE*2;
- e.outLen = RC2_BLOCK_SIZE*2;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- /* key length = 16, effective key bits = 64 */
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
- "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.inLen = RC2_BLOCK_SIZE*2;
- f.outLen = RC2_BLOCK_SIZE*2;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- /* key length = 16, effective bits = 128 */
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
- "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.inLen = RC2_BLOCK_SIZE*2;
- g.outLen = RC2_BLOCK_SIZE*2;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- /* key length = 33, effective bits = 129 */
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
- "\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.inLen = RC2_BLOCK_SIZE*2;
- h.outLen = RC2_BLOCK_SIZE*2;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- /* key length = 10, effective bits = 40 */
- i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
- "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
- i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
- "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
- "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
- "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
- i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
- "\x3E\x96";
- i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
- i.inLen = RC2_BLOCK_SIZE*4;
- i.outLen = RC2_BLOCK_SIZE*4;
- i.keyLen = 10;
- i.effectiveKeyBits = 40;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- test_rc2[8] = i;
- for (j = 0; j < times; ++j) {
- Rc2 rc2;
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
- (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
- test_rc2[j].inLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
- return WC_TEST_RET_ENC_NC;
- }
- /* reset IV for decrypt, since overridden by encrypt operation */
- ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void)
- {
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("rc2_test");
- ret = rc2_ecb_test();
- if (ret != 0) {
- return ret;
- }
- return rc2_cbc_test();
- }
- #endif
- #ifndef NO_RC4
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void)
- {
- byte cipher[16];
- byte plain[16];
- wc_test_ret_t ret;
- const char* keys[] =
- {
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xef\x01\x23\x45"
- };
- testVector a, b, c, d;
- testVector test_arc4[4];
- int times = sizeof(test_arc4) / sizeof(testVector), i;
- WOLFSSL_ENTER("arc4_test");
- a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
- c.inLen = 8;
- c.outLen = 8;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
- d.inLen = 10;
- d.outLen = 10;
- test_arc4[0] = a;
- test_arc4[1] = b;
- test_arc4[2] = c;
- test_arc4[3] = d;
- for (i = 0; i < times; ++i) {
- Arc4 enc;
- Arc4 dec;
- int keylen = 8; /* XSTRLEN with key 0x00 not good */
- if (i == 3)
- keylen = 4;
- ret = wc_Arc4Init(&enc, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4Init(&dec, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4SetKey(&enc, (byte*)keys[i], (word32)keylen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4SetKey(&dec, (byte*)keys[i], (word32)keylen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
- (word32)test_arc4[i].outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
- return WC_TEST_RET_ENC_I(i);
- wc_Arc4Free(&enc);
- wc_Arc4Free(&dec);
- }
- return 0;
- }
- #endif
- #ifdef HAVE_CHACHA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
- {
- ChaCha enc;
- ChaCha dec;
- byte cipher[128];
- byte plain[128];
- byte sliver[64];
- byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- word32 keySz = 32;
- wc_test_ret_t ret = 0;
- int i;
- int times = 4;
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- /* 128 bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* keys[] = {key1, key2, key3, key4};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
- #ifndef BENCH_EMBEDDED
- WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
- 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
- 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
- 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
- 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
- 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
- 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
- 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
- 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
- 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
- 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
- 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
- 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
- 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
- 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
- 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
- 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
- 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
- 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
- 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
- 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
- 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
- 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
- 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
- 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
- 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
- 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
- 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
- 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
- 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
- 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
- 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
- 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
- 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
- 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
- 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
- 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
- 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
- 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
- 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
- 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
- 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
- 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
- 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
- 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
- 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
- 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
- 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
- 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
- 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
- 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
- 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
- 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
- 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
- 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
- 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
- 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
- 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
- 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
- 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
- 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
- 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
- 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
- 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
- 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
- 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
- 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
- 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
- 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
- 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
- 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
- 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
- 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
- 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
- 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
- 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
- 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
- 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
- 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
- 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
- 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
- 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
- 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
- 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
- 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
- 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
- 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
- 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
- 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
- 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
- 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
- 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
- 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
- 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
- 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
- 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
- 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
- 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
- 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
- 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
- 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
- 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
- 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
- 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
- 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
- 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
- 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
- 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
- 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
- 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
- };
- #define CHACHA_BIG_TEST_SIZE 1305
- #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
- byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
- #else
- byte* cipher_big;
- byte* plain_big;
- byte* input_big;
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- int block_size;
- #endif /* BENCH_EMBEDDED */
- byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
- byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
- byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
- byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
- byte* test_chacha[4];
- test_chacha[0] = a;
- test_chacha[1] = b;
- test_chacha[2] = c;
- test_chacha[3] = d;
- WOLFSSL_ENTER("chacha_test");
- #ifndef BENCH_EMBEDDED
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher_big == NULL) {
- return MEMORY_E;
- }
- plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (plain_big == NULL) {
- return MEMORY_E;
- }
- input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (input_big == NULL) {
- return MEMORY_E;
- }
- XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- #endif /* BENCH_EMBEDDED */
- for (i = 0; i < times; ++i) {
- if (i < 3) {
- keySz = 32;
- }
- else {
- keySz = 16;
- }
- XMEMCPY(plain, keys[i], keySz);
- XMEMSET(cipher, 0, 32);
- XMEMCPY(cipher + 4, ivs[i], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 0);
- if (ret != 0)
- return ret;
- XMEMCPY(plain, input, 8);
- ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
- ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
- if (ret != 0)
- return ret;
- if (XMEMCMP(test_chacha[i], cipher, 8))
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(plain, input, 8))
- return WC_TEST_RET_ENC_I(i);
- }
- /* test of starting at a different counter
- encrypts all of the information and decrypts starting at 2nd chunk */
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMCPY(cipher + 4, ivs[0], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 1);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
- ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain + 64, sliver, 64))
- return WC_TEST_RET_ENC_NC;
- #ifndef BENCH_EMBEDDED
- /* test of encrypting more data */
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
- ret |= wc_Chacha_Process(&dec, plain_big, cipher_big,
- CHACHA_BIG_TEST_SIZE);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- for (i = 0; i < 18; ++i) {
- /* this will test all paths
- * block sizes: 1 3 7 15 31 63 127 255 511 (i = 0- 8)
- * 2 4 8 16 32 64 128 256 512 (i = 9-17)
- */
- block_size = (2 << (i%9)) - (i<9?1:0);
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , (word32)block_size);
- ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, (word32)block_size);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, block_size))
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(cipher_big, cipher_big_result, block_size))
- return WC_TEST_RET_ENC_I(i);
- }
- /* Streaming test */
- for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
- int j, rem;
- ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- rem = CHACHA_BIG_TEST_SIZE - j;
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- #endif /* BENCH_EMBEDDED */
- return 0;
- }
- #endif /* HAVE_CHACHA */
- #ifdef HAVE_POLY1305
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
- {
- byte tag[16];
- Poly1305 enc;
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
- 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
- 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
- 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
- 0x75,0x70
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
- 0x6c,0x64,0x21
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- byte additional[] =
- {
- 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
- 0xc4,0xc5,0xc6,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
- {
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
- {
- 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
- 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
- {
- 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
- 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
- {
- 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
- 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
- {
- 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
- 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
- {
- 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
- {
- 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
- 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
- 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
- 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
- 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
- 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
- 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
- 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
- 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
- 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
- word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
- sizeof(msg3), sizeof(msg5), sizeof(msg6)};
- const byte* keys[] = {key, key, key2, key2, key5, key};
- const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
- correct6};
- int i;
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("poly1305_test");
- for (i = 0; i < 6; i++) {
- ret = wc_Poly1305SetKey(&enc, keys[i], 32);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Poly1305Final(&enc, tag);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(tag, tests[i], sizeof(tag)))
- return WC_TEST_RET_ENC_I(i);
- }
- /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
- XMEMSET(tag, 0, sizeof(tag));
- ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tag, correct4, sizeof(tag)))
- return WC_TEST_RET_ENC_NC;
- /* Check fail of TLS MAC function if altering additional data */
- XMEMSET(tag, 0, sizeof(tag));
- additional[0]++;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_POLY1305 */
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
- {
- /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
- 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
- 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
- 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
- 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
- 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
- 0x74, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = {
- 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */
- 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
- 0xc4, 0xc5, 0xc6, 0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
- 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
- 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
- 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
- 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
- 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
- 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
- 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
- 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
- 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
- 0x61, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */
- 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
- 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
- };
- /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
- 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
- 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
- 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = {
- 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
- 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
- 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
- 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
- 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
- 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
- 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
- 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
- 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
- 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
- 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
- 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
- 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
- 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
- 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
- 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
- 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
- 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
- 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
- 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
- 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
- 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
- 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
- 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
- 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
- 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
- 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
- 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
- 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
- 0x9d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
- 0x05, 0x06, 0x07, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */
- 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x4e, 0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */
- 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
- 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
- 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
- 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
- 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
- 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
- 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
- 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
- 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
- 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
- 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
- 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
- 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
- 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
- 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
- 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
- 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
- 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
- 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
- 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
- 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
- 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
- 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
- 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
- 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
- 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
- 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
- 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
- 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
- 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
- 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
- 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
- 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
- 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */
- 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
- 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
- };
- byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
- byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
- byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- ChaChaPoly_Aead aead;
- #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
- #define TEST_SMALL_CHACHA_CHUNKS 32
- #else
- #define TEST_SMALL_CHACHA_CHUNKS 64
- #endif
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- word32 testLen;
- #endif
- wc_test_ret_t err;
- WOLFSSL_ENTER("chacha20_poly1305_aead_test");
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Parameter Validation testing */
- /* Encrypt */
- err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1), generatedCiphertext,
- generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, NULL);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- /* Decrypt */
- err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), NULL, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, NULL);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- /* Test #1 */
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
- aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return WC_TEST_RET_ENC_EC(err);
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
- aad1, sizeof(aad1),
- cipher1, sizeof(cipher1),
- authTag1, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test #2 */
- err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
- aad2, sizeof(aad2),
- plaintext2, sizeof(plaintext2),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
- aad2, sizeof(aad2),
- cipher2, sizeof(cipher2),
- authTag2, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* AEAD init/update/final - bad argument tests */
- err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Final(&aead, NULL);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- /* AEAD init/update/final - bad state tests */
- /* clear struct - make valgrind happy to resolve
- "Conditional jump or move depends on uninitialised value(s)".
- The enum is "int" size and aead.state is "byte" */
- /* The wc_ChaCha20Poly1305_Init function does this normally */
- XMEMSET(&aead, 0, sizeof(aead));
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_DATA;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_READY;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 1 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1,
- generatedCiphertext, sizeof(plaintext1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Test 1 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 2 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext,
- sizeof(plaintext2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Test 2 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return WC_TEST_RET_ENC_NC;
- }
- return err;
- }
- #endif /* HAVE_CHACHA && HAVE_POLY1305 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des enc;
- Des dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("des_test");
- ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, sizeof(cipher)))
- return WC_TEST_RET_ENC_NC;
- ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv, sizeof(iv));
- info.ivSz = sizeof(iv);
- info.keySz = sizeof(key);
- info.cipherType = WC_CIPHER_DES;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Test invalid info ptr */
- ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_PWDBASED
- /* Test invalid hash type - only applies to wc_PBKDF1 call */
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_NONE);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* !NO_PWDBASED */
- }
- #endif
- return 0;
- }
- #endif /* !NO_DES3 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des3 enc;
- Des3 dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
- {
- 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
- 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
- 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
- };
- wc_test_ret_t ret;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- size_t i;
- #endif
- WOLFSSL_ENTER("des3_test");
- ret = wc_Des3Init(&enc, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3Init(&dec, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return WC_TEST_RET_ENC_NC;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- /* test the same vectors with using compatibility layer */
- for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){
- DES_key_schedule ks1;
- DES_key_schedule ks2;
- DES_key_schedule ks3;
- DES_cblock iv4;
- byte tmp[sizeof(vector)];
- XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
- XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
- XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(cipher, 0, sizeof(cipher));
- /* Test in-place encrypt/decrypt */
- XMEMCPY(tmp, vector, sizeof(vector));
- /* Use i as the splitter */
- XMEMCPY(iv4, iv3, sizeof(DES_cblock));
- DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
- &iv4, DES_ENCRYPT);
- DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
- &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT);
- XMEMCPY(cipher, tmp, sizeof(cipher));
- XMEMCPY(iv4, iv3, sizeof(DES_cblock));
- DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
- &iv4, DES_DECRYPT);
- DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
- &ks1, &ks2, &ks3, &iv4, DES_DECRYPT);
- XMEMCPY(plain, tmp, sizeof(plain));
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* OPENSSL_EXTRA */
- wc_Des3Free(&enc);
- wc_Des3Free(&dec);
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv3, sizeof(iv3));
- info.ivSz = sizeof(iv3);
- info.keySz = sizeof(key3);
- info.cipherType = WC_CIPHER_DES3;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
- sizeof(key3), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- return 0;
- }
- #endif /* NO_DES3 */
- static const int fiducial1 = WC_TEST_RET_LN; /* source code reference point --
- * see print_fiducials() below.
- */
- #ifndef NO_AES
- #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
- defined(WOLFSSL_AES_XTS)
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- /* pass in the function, key, iv, plain text and expected and this function
- * tests that the encryption and decryption is successful */
- static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
- const byte* iv, const byte* plain, int plainSz,
- const byte* expected, int expectedSz)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = NULL;
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int ctx_inited = 0;
- int idx, cipherSz;
- wc_test_ret_t ret = 0;
- byte* cipher;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
- return MEMORY_E;
- #endif
- cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto EVP_TEST_END;
- }
- /* test encrypt */
- EVP_CIPHER_CTX_init(ctx);
- ctx_inited = 1;
- if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if (XMEMCMP(cipher, expected, plainSz)) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
- ctx_inited = 0;
- if (ret == WOLFSSL_SUCCESS)
- ret = 0;
- else {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- /* test decrypt */
- EVP_CIPHER_CTX_init(ctx);
- ctx_inited = 1;
- if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- EVP_TEST_END:
- if (cipher)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- (void)cipherSz;
- if (ctx_inited) {
- int cleanup_ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
- if (cleanup_ret != WOLFSSL_SUCCESS)
- ret = WC_TEST_RET_ENC_NC;
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0) */
- #endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY && !HAVE_SELFTEST */
- #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
- #ifdef WOLFSSL_AES_OFB
- /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void)
- {
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
- 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
- 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
- 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
- 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
- {
- 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
- 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
- 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
- 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
- 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
- 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
- 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
- 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
- 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
- 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
- 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
- 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
- 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
- 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
- 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
- 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
- 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- #endif /* WOLFSSL_AES_192 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("aesofb_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- XMEMSET(enc, 0, sizeof *enc);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(dec, 0, sizeof *dec);
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
- plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
- cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* multiple blocks at once */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* inline decrypt/encrypt*/
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
- ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* 256 key size test leftover support */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain1, 6))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- out:
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* WOLFSSL_AES_OFB */
- #if defined(WOLFSSL_AES_CFB)
- /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of
- * Operation Methods and Techniques
- */
- static wc_test_ret_t aescfb_test_0(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- wc_test_ret_t ret = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
- 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
- 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 size key test */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
- 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
- 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
- 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
- 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
- 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
- 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
- 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 size key simple test */
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
- 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
- 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
- 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
- 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
- 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
- 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
- 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* test restarting encryption process */
- ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
- msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
- cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- /* test with data left overs, magic lengths are checking near edges */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg3, 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + 4, msg3 + 4, 27))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0))
- static wc_test_ret_t aescfb1_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- wc_test_ret_t ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
- 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
- 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xC0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1_7bit[] =
- {
- 0x1C
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
- 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
- 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
- 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x30
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x80
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
- 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
- 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
- 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
- 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xF7, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x41, 0xC0
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher[0] != cipher1[0])
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (plain[0] != msg1[0])
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 7);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher[0] != cipher1_7bit[0])
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
- sizeof(msg1) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
- cipher, sizeof(msg1));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
- sizeof(msg2) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
- cipher, sizeof(msg2));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
- sizeof(msg3) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
- cipher, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- static wc_test_ret_t aescfb8_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- wc_test_ret_t ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
- 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
- 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0xd2,0x76,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xc9,0x06,0x35
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
- 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
- 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
- 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
- 0xb5,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
- 0x3a,0x60
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
- 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
- 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
- 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
- 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0x1c,0xff,0x95
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0xb9,0x74,0xfa
- };
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
- cipher2, sizeof(msg2));
- if (ret != 0) {
- return ret;
- }
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
- cipher3, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
- #endif /* WOLFSSL_AES_CFB */
- static wc_test_ret_t aes_key_size_test(void)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- #ifndef WOLFSSL_CRYPTOCELL
- byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
- #endif
- byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- byte iv[] = "1234567890abcdef";
- #ifndef HAVE_FIPS
- word32 keySize;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
- /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
- * supported with that FIPS version */
- ret = wc_AesInit(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_AesInit(aes, HEAP_HINT, devId);
- /* 0 check OK for FIPSv1 */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- /* Parameter Validation testing. */
- ret = wc_AesGetKeySize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGetKeySize(aes, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGetKeySize(NULL, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* Crashes in FIPS */
- ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- /* NULL IV indicates to use all zeros IV. */
- ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* CryptoCell handles rounds internally */
- #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
- /* PSA don't use aes->rounds */
- #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_AES)
- /* Force invalid rounds */
- aes->rounds = 16;
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- #endif
- ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key16))
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- #ifndef WOLFSSL_CRYPTOCELL
- /* Cryptocell only supports AES-128 key size */
- ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_192
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key24))
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_256
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key32))
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- #endif /* !WOLFSSL_CRYPTOCELL */
- ret = 0; /* success */
- out:
- wc_AesFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
- /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
- #ifdef WOLFSSL_AES_128
- static wc_test_ret_t aes_xts_128_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
- unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
- #ifdef WOLFSSL_AESXTS_STREAM
- struct XtsAesStreamData stream;
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- #define LARGE_XTS_SZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* large_input = NULL;
- #else
- byte large_input[LARGE_XTS_SZ];
- #endif
- #endif
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
- 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
- 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
- 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
- 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
- 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
- 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
- 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
- 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
- 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
- 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
- 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
- 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
- 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
- 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = {
- 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
- 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
- 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
- };
- #ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
- 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
- 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
- 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
- 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
- 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
- };
- #endif /* HAVE_FIPS */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_128_xts failed!\n");
- goto out;
- }
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, buf, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* fail case with decrypting using wrong key */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* set correct key and retest */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifndef HAVE_FIPS
- /* Test ciphertext stealing in-place. */
- XMEMCPY(buf, p3, sizeof(p3));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #endif /* !HAVE_FIPS */
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- {
- int i;
- int j;
- #ifdef WOLFSSL_AESXTS_STREAM
- int k;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
- #endif
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #ifdef WOLFSSL_AESXTS_STREAM
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- /* first, encrypt block by block then decrypt with a one-shot call. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- /* second, encrypt with a one-shot call then decrypt block by block. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #endif /* WOLFSSL_AESXTS_STREAM */
- }
- #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
- * !WOLFSSL_AFALG
- */
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- static wc_test_ret_t aes_xts_192_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
- unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
- #ifdef WOLFSSL_AESXTS_STREAM
- struct XtsAesStreamData stream;
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- #define LARGE_XTS_SZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* large_input = NULL;
- #else
- byte large_input[LARGE_XTS_SZ];
- #endif
- #endif
- /* 192 bit key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
- 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
- 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
- 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
- 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
- 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4,
- 0xdb, 0x4e, 0xd3, 0x69, 0xdf, 0x8e, 0x3a, 0xe0
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
- 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
- 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
- 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
- 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
- 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
- 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
- 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
- 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
- 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0x6c, 0xa6, 0xb5, 0x73, 0x48, 0xf1, 0x89, 0xfa,
- 0xdd, 0x80, 0x72, 0x1f, 0xb8, 0x56, 0x0c, 0xa2,
- 0x35, 0xd4, 0x08, 0xbf, 0x24, 0xcb, 0xec, 0xdb,
- 0x81, 0xe0, 0xe6, 0x4f, 0x3d, 0x1c, 0x5c, 0x46
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = {
- 0xe9, 0x58, 0xfe, 0xab, 0x66, 0xb4, 0xf1, 0x79,
- 0x91, 0x3f, 0x91, 0xdc, 0x6f, 0xdf, 0xd6, 0xac,
- 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4
- };
- #ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
- 0xa4, 0xf2, 0x71, 0x5d, 0x80, 0x60, 0x68, 0xa0,
- 0x80, 0x61, 0xd7, 0xc1, 0x55, 0xc8, 0x3a, 0x2e,
- 0xd7, 0xf4, 0x62, 0xaf, 0xbd, 0x2d, 0xf9, 0x5f,
- 0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba,
- 0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde
- };
- #endif /* HAVE_FIPS */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, buf, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* fail case with decrypting using wrong key */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* set correct key and retest */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifndef HAVE_FIPS
- /* Test ciphertext stealing in-place. */
- XMEMCPY(buf, p3, sizeof(p3));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #endif /* !HAVE_FIPS */
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- {
- int i;
- int j;
- #ifdef WOLFSSL_AESXTS_STREAM
- int k;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
- #endif
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #ifdef WOLFSSL_AESXTS_STREAM
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- /* first, encrypt block by block then decrypt with a one-shot call. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- /* second, encrypt with a one-shot call then decrypt block by block. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #endif /* WOLFSSL_AESXTS_STREAM */
- }
- #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
- * !WOLFSSL_AFALG
- */
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- static wc_test_ret_t aes_xts_256_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 3];
- unsigned char cipher[AES_BLOCK_SIZE * 3];
- #ifdef WOLFSSL_AESXTS_STREAM
- struct XtsAesStreamData stream;
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- #define LARGE_XTS_SZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* large_input = NULL;
- #else
- byte large_input[LARGE_XTS_SZ];
- #endif
- #endif
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
- 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
- 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
- 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
- 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
- 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
- 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
- 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
- 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
- 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
- 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
- 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
- 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
- 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
- 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
- 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
- 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
- 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
- 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
- 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
- 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
- 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
- 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
- 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
- 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
- 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
- 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
- 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
- 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
- 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
- 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
- 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
- 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_256_xts failed\n");
- goto out;
- }
- #endif
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- {
- int i;
- int j;
- #ifdef WOLFSSL_AESXTS_STREAM
- int k;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
- #endif
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #ifdef WOLFSSL_AESXTS_STREAM
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- /* first, encrypt block by block then decrypt with a one-shot call. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- /* second, encrypt with a one-shot call then decrypt block by block. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #endif /* WOLFSSL_AESXTS_STREAM */
- }
- #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
- * !WOLFSSL_AFALG
- */
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- /* both 128 and 256 bit key test */
- static wc_test_ret_t aes_xts_sector_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
- 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
- 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
- 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
- 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
- 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
- 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
- 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
- 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
- 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
- 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
- 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
- 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
- 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
- };
- word64 s2 = 187;
- #if !defined(BENCH_EMBEDDED) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- /* Sector size for encrypt/decrypt consecutive sectors testcase */
- word32 sectorSz = 512;
- unsigned char data[550];
- WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
- 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
- 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
- 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
- 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
- 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
- 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
- 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
- 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
- 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
- 0xfc, 0xfd, 0xfe, 0xff,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
- 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
- 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
- 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
- 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
- 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
- 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
- 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
- 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
- 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
- 0xfc, 0xfd, 0xfe, 0xff,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
- 0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62,
- 0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9,
- 0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37,
- 0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64,
- 0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80,
- 0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4,
- 0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5,
- 0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83,
- 0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24,
- 0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0,
- 0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95,
- 0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9,
- 0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1,
- 0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87,
- 0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc,
- 0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e,
- 0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9,
- 0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5,
- 0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44,
- 0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4,
- 0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08,
- 0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2,
- 0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81,
- 0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79,
- 0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1,
- 0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74,
- 0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68,
- 0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c,
- 0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd,
- 0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6,
- 0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78,
- 0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b,
- 0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f,
- 0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3,
- 0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5,
- 0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2,
- 0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a,
- 0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63,
- 0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17,
- 0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a,
- 0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5,
- 0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7,
- 0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad,
- 0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde,
- 0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44,
- 0x24, 0xe7, 0x3d, 0x6f
- };
- word64 s3 = 0x000000ffffffffff;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* 256 bit key tests */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(BENCH_EMBEDDED) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- /* encrypt consecutive sectors test */
- XMEMSET(data, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptConsecutiveSectors(aes, data, p3,
- sizeof(p3), s3, sectorSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, data, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decrypt consecutive sectors test */
- XMEMSET(data, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptConsecutiveSectors(aes, data, c3,
- sizeof(c3), s3, sectorSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, data, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* !BENCH_EMBEDDED && (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) */
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- /* testing of bad arguments */
- static wc_test_ret_t aes_xts_args_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- if (wc_AesXtsSetKeyNoInit(NULL, k1, sizeof(k1), AES_ENCRYPTION) == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (wc_AesXtsSetKeyNoInit(aes, NULL, sizeof(k1), AES_ENCRYPTION) == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* encryption operations */
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decryption operations */
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = 0;
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- static wc_test_ret_t aes_cbc_test(void)
- {
- byte cipher[AES_BLOCK_SIZE];
- byte plain[AES_BLOCK_SIZE];
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- /* Parameter Validation testing. */
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_AES_DECRYPT */
- (void)plain;
- return 0;
- }
- #endif
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- static wc_test_ret_t aesecb_test(void)
- {
- wc_test_ret_t ret = 0;
- #if defined(WOLFSSL_AES_256)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain[AES_BLOCK_SIZE * 4];
- #endif /* HAVE_AES_DECRYPT */
- {
- WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #if defined(HAVE_AES_DECRYPT)
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #endif /* HAVE_AES_DECRYPT */
- }
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #ifdef HAVE_AES_DECRYPT
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #endif
- #else
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* HAVE_AES_ECB */
- #ifdef WOLFSSL_AES_COUNTER
- static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
- {
- wc_test_ret_t ret = 0;
- /* test vectors from "Recommendation for Block Cipher Modes of
- * Operation" NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] =
- {
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xfe
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0x0f,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96_2[] =
- {
- 0xff,0xff,0xff,0xf0,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] =
- {
- 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
- 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
- 0x7e,0xad,0xea,0x5c,0xd1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32CipherLong[] =
- {
- 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
- 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
- 0x7e,0xad,0xea,0x5c,0xd1,0xb7,0x98,0xf0,
- 0x22,0x20,0xfe,0x67,0xb0,0x02,0x23,0x50
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32_2CipherLong[] =
- {
- 0x6e,0xa1,0x27,0x4d,0xea,0x20,0x5f,0x39,
- 0x68,0xc8,0xb6,0x78,0xde,0xfc,0x53,0x5c,
- 0x90,0xc8,0xf6,0xc6,0xfa,0xe0,0x7b,0x09,
- 0x7c,0xf8,0x9c,0x6a,0x5a,0xa5,0x17,0x7f,
- 0x03,0x92,0x5f,0x4e,0x85,0xea,0x26,0xc9,
- 0x5a,0xc2,0x74,0xe2,0xbf,0xe4,0x1b,0xd4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64Cipher[] =
- {
- 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
- 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
- 0xae,0x74,0x94,0x72,0x8e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64CipherLong[] =
- {
- 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
- 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
- 0xae,0x74,0x94,0x72,0x8e,0xd0,0x71,0xc0,
- 0x89,0x8a,0xa1,0xb0,0x29,0xa0,0x10,0x9e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64_2CipherLong[] =
- {
- 0x3f,0xe7,0xd5,0xf3,0xfa,0x09,0xfe,0x40,
- 0xa6,0xa1,0x32,0x8b,0x57,0x12,0xb9,0xfa,
- 0xf2,0x2d,0xe4,0x3c,0x66,0x1d,0x0a,0x8e,
- 0x46,0xf8,0x2e,0x33,0xce,0x8d,0x4e,0x3b,
- 0x17,0x67,0x9e,0x9f,0x76,0x9e,0xc2,0x99,
- 0xd5,0xd4,0x71,0xed,0xb4,0x33,0xb2,0xcd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96Cipher[] =
- {
- 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
- 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
- 0x9d,0x77,0xc9,0x5f,0x38
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96CipherLong[] =
- {
- 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
- 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
- 0x9d,0x77,0xc9,0x5f,0x38,0xb5,0x6e,0x44,
- 0x21,0x8e,0xda,0x57,0xe0,0x41,0xc7,0x6a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96_2CipherLong[] =
- {
- 0xc8,0x81,0x1a,0xbe,0xc7,0x5b,0x93,0x6f,
- 0xe6,0x52,0xe4,0xb1,0x2d,0x1c,0x39,0xbc,
- 0xeb,0x82,0x27,0x0a,0x7e,0xa5,0x0e,0x2d,
- 0x32,0xda,0xbe,0x10,0x7a,0x10,0xcc,0xd3,
- 0x6f,0xc6,0x83,0x28,0x05,0x57,0x8a,0x24,
- 0x44,0x76,0x17,0x81,0xb9,0x5c,0x94,0x81
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] =
- {
- 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
- 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
- 0xd3,0xda,0xe1,0x5b,0x04
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
- {
- 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
- 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
- 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
- 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] =
- {
- 0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67,
- 0xc1,0xa7,0x90,0x3b,0x3f,0xdd,0xfa,0x89,
- 0x24,0xdf,0x0c,0x56,0x5c,0xf4,0x2a,0x68,
- 0x97,0x87,0x13,0xb6,0x7a,0xd1,0x24,0xfd,
- 0x4d,0x3f,0x77,0x4a,0xb9,0xe4,0x7d,0xa2,
- 0xdb,0xb9,0x31,0x5e,0xa3,0x11,0x06,0x80
- };
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
- 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
- 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
- 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
- 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
- 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
- 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] =
- {
- 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
- 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
- 0x0c,0x33,0x97,0x06,0xc0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32CipherLong[] =
- {
- 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
- 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
- 0x0c,0x33,0x97,0x06,0xc0,0xbe,0x83,0x87,
- 0xdd,0xd3,0xff,0xd8,0xe4,0x6a,0x5b,0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32_2CipherLong[] =
- {
- 0xf5,0x00,0xa2,0x91,0x54,0xa3,0x76,0xa2,
- 0xdd,0xad,0x16,0x89,0xe5,0xf0,0x1d,0x40,
- 0x84,0xcd,0x74,0x84,0xcb,0x8b,0x9e,0x29,
- 0xa9,0x8a,0x12,0x65,0xa0,0x79,0x5e,0xce,
- 0xd9,0x50,0x65,0x21,0x86,0xb0,0x85,0x0d,
- 0x98,0x2d,0x9a,0x5a,0x11,0xbe,0xa5,0x7f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64Cipher[] =
- {
- 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
- 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
- 0x3d,0xf7,0xb4,0xfd,0x8c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64CipherLong[] =
- {
- 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
- 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
- 0x3d,0xf7,0xb4,0xfd,0x8c,0x55,0x47,0x10,
- 0xd5,0x91,0x35,0xbe,0xd8,0x0d,0xa5,0x9e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64_2CipherLong[] =
- {
- 0x59,0xf1,0xed,0x70,0x62,0x42,0xa8,0x06,
- 0x07,0x36,0xe1,0xc5,0x04,0x79,0xc3,0x9b,
- 0xd1,0x14,0x5c,0xcc,0x6f,0x81,0x5f,0x2f,
- 0xa0,0xde,0xcf,0x61,0x55,0x18,0x7a,0xac,
- 0xb0,0x59,0x37,0x90,0x53,0xb3,0x00,0x88,
- 0xb4,0x49,0x90,0x7b,0x96,0xcd,0xcc,0xc3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96Cipher[] =
- {
- 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
- 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
- 0x47,0xb5,0xf3,0x30,0x3b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96CipherLong[] =
- {
- 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
- 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
- 0x47,0xb5,0xf3,0x30,0x3b,0xef,0xcd,0x80,
- 0xe3,0x61,0x34,0xef,0x4e,0x1b,0x79,0xc1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96_2CipherLong[] =
- {
- 0x3c,0xb2,0xff,0xc0,0x24,0xe1,0xf5,0xc4,
- 0x0f,0xd1,0x0a,0x1b,0xbe,0x1f,0x23,0xa1,
- 0x8e,0xbf,0x2b,0x96,0xb6,0x37,0xc8,0x25,
- 0x06,0x90,0xe2,0xca,0x71,0x24,0x52,0x95,
- 0xaa,0x8c,0x80,0xdf,0xb7,0xd7,0x30,0xb0,
- 0xcc,0x06,0x4f,0x28,0xa2,0x74,0x27,0xf8
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128Cipher[] =
- {
- 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
- 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
- 0x8c,0x68,0xa7,0xd9,0x57
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128CipherLong[] =
- {
- 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
- 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
- 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f,
- 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] =
- {
- 0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0,
- 0xfc,0xbc,0x63,0xdc,0xd9,0x60,0x52,0xb2,
- 0x99,0x2f,0xbb,0x1e,0x00,0xf5,0x9f,0x6d,
- 0xab,0x48,0x0f,0xc6,0x37,0x12,0x56,0xe3,
- 0x12,0x8d,0x31,0xc8,0xea,0xf4,0x41,0x82,
- 0x7a,0x88,0xe0,0xd7,0xf0,0x67,0x03,0xa4
- };
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
- 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
- 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
- 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
- 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
- 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
- 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] =
- {
- 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
- 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
- 0xa2,0x13,0x47,0x74,0xda
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32CipherLong[] =
- {
- 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
- 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
- 0xa2,0x13,0x47,0x74,0xda,0x89,0x77,0x40,
- 0x28,0x9c,0xe8,0x19,0x26,0x32,0xd8,0x1f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32_2CipherLong[] =
- {
- 0xf6,0xd9,0x22,0xc6,0x80,0x29,0xaf,0x14,
- 0x54,0x6c,0x0a,0xce,0x42,0xea,0x3c,0xa1,
- 0x7c,0xeb,0x36,0x0d,0x8e,0xd7,0x8c,0x59,
- 0xa8,0x09,0x9f,0x9e,0xba,0x5b,0x95,0xfa,
- 0x26,0x8c,0x37,0x59,0xf8,0xae,0x8e,0xaa,
- 0x4d,0xe4,0x1c,0xfe,0x51,0xc7,0xb7,0xcc
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64Cipher[] =
- {
- 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
- 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
- 0xd4,0x94,0x4c,0xcd,0x4d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64CipherLong[] =
- {
- 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
- 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
- 0xd4,0x94,0x4c,0xcd,0x4d,0x47,0x5a,0x92,
- 0x26,0x49,0x81,0x7a,0xda,0x36,0x27,0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64_2CipherLong[] =
- {
- 0xf7,0x9c,0xbf,0xf6,0xa2,0xaa,0x8a,0x0a,
- 0x63,0x8a,0x20,0x2f,0x12,0xf1,0x8e,0x49,
- 0x30,0xc0,0x8d,0x5c,0x5f,0x8b,0xbc,0x16,
- 0xdd,0x71,0xee,0x13,0x14,0x7b,0xe1,0x25,
- 0xcb,0x87,0x8a,0xc6,0xdc,0x1d,0x54,0x7a,
- 0xe1,0xe4,0x6f,0x0d,0x95,0x1b,0xd1,0x8b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96Cipher[] =
- {
- 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
- 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
- 0xb8,0x69,0xa1,0x48,0x45
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96CipherLong[] =
- {
- 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
- 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
- 0xb8,0x69,0xa1,0x48,0x45,0xf1,0xc6,0x27,
- 0x36,0xa8,0xb2,0x4b,0x0e,0x62,0x6b,0x72
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96_2CipherLong[] =
- {
- 0xd5,0x56,0x73,0xaa,0xb8,0xe4,0x06,0xf6,
- 0x83,0x45,0x3a,0xb4,0xb9,0x63,0xec,0xad,
- 0x73,0xc5,0xab,0x78,0xb1,0x21,0xab,0xef,
- 0x69,0x15,0xb7,0x0c,0xe9,0xb4,0x3a,0xe7,
- 0xbc,0xc4,0x22,0xbd,0x93,0xba,0x52,0xe0,
- 0x91,0x2f,0x5e,0x8d,0x6d,0x59,0xf7,0xc2
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] =
- {
- 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
- 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
- 0x4b,0x45,0x7c,0xd6,0x8a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
- {
- 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
- 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
- 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
- 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
- };
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] =
- {
- 0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94,
- 0x2b,0x93,0x56,0x13,0x48,0xa0,0x21,0xce,
- 0x95,0x11,0xa3,0x76,0xd6,0x59,0x88,0x42,
- 0x04,0x71,0x69,0x62,0x28,0xb2,0xee,0x9d,
- 0xd5,0xa0,0xea,0xc7,0x37,0x93,0x92,0xc7,
- 0xf2,0xb6,0x8d,0xd9,0x59,0x1a,0xfa,0xbb
- };
- #endif
- #endif
- int i;
- struct {
- const byte* key;
- int keySz;
- const byte* iv;
- const byte* plain;
- int len;
- const byte* cipher;
- } testVec[] = {
- #ifdef WOLFSSL_AES_128
- { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr128Cipher },
- /* and an additional 9 bytes to reuse tmp left buffer */
- { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher },
- /* Counter wrapping */
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
- ctr128Wrap128CipherLong },
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong),
- ctr128Wrap128_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr128Wrap96Cipher), ctr128Wrap96Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr128Wrap96CipherLong),
- ctr128Wrap96CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr128Wrap96_2CipherLong),
- ctr128Wrap96_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr128Wrap64Cipher), ctr128Wrap64Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr128Wrap64CipherLong),
- ctr128Wrap64CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr128Wrap64_2CipherLong),
- ctr128Wrap64_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr128Wrap32Cipher), ctr128Wrap32Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr128Wrap32CipherLong),
- ctr128Wrap32CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr128Wrap32_2CipherLong),
- ctr128Wrap32_2CipherLong },
- #endif
- #endif
- #ifdef WOLFSSL_AES_192
- { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr192Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr192Cipher },
- /* Counter wrapping */
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr192Wrap128CipherLong),
- ctr192Wrap128CipherLong },
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong),
- ctr192Wrap128_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr192Wrap96Cipher), ctr192Wrap96Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr192Wrap96CipherLong),
- ctr192Wrap96CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr192Wrap96_2CipherLong),
- ctr192Wrap96_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr192Wrap64Cipher), ctr192Wrap64Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr192Wrap64CipherLong),
- ctr192Wrap64CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr192Wrap64_2CipherLong),
- ctr192Wrap64_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr192Wrap32Cipher), ctr192Wrap32Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr192Wrap32CipherLong),
- ctr192Wrap32CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr192Wrap32_2CipherLong),
- ctr192Wrap32_2CipherLong },
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr256Cipher },
- /* Counter wrapping */
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
- ctr256Wrap128CipherLong },
- #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong),
- ctr256Wrap128_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr256Wrap96Cipher), ctr256Wrap96Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr256Wrap96CipherLong),
- ctr256Wrap96CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr256Wrap96_2CipherLong),
- ctr256Wrap96_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr256Wrap64Cipher), ctr256Wrap64Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr256Wrap64CipherLong),
- ctr256Wrap64CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr256Wrap64_2CipherLong),
- ctr256Wrap64_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr256Wrap32Cipher), ctr256Wrap32Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr256Wrap32CipherLong),
- ctr256Wrap32CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr256Wrap32_2CipherLong),
- ctr256Wrap32_2CipherLong },
- #endif
- #endif
- };
- #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
- for (i = 0; i < AES_CTR_TEST_LEN; i++) {
- if (testVec[i].key != NULL) {
- ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- /* Ctr only uses encrypt, even on key setup */
- ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- }
- ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, (word32)testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
- if (XMEMCMP(cipher, testVec[i].cipher, (size_t)testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #endif
- }
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- for (i = 0; i < AES_CTR_TEST_LEN; i++) {
- if (testVec[i].key != NULL) {
- ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- /* Ctr only uses encrypt, even on key setup */
- ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- }
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
- if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #endif
- }
- for (i = 0; i < AES_CTR_TEST_LEN; i++) {
- if (testVec[i].key != NULL) {
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- /* Ctr only uses encrypt, even on key setup */
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- }
- ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
- if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #endif
- }
- #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
- out:
- return ret;
- }
- #endif /* WOLFSSL_AES_COUNTER */
- #ifdef HAVE_AES_ECB
- static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
- {
- wc_test_ret_t ret = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = "0123456789abcdef ";
- WOLFSSL_SMALL_STACK_STATIC const byte key_192[] =
- "0123456789abcdef01234567 ";
- WOLFSSL_SMALL_STACK_STATIC const byte key_256[] =
- "0123456789abcdef0123456789abcdef ";
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef ";
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
- 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_128[AES_BLOCK_SIZE] = {
- 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
- 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[AES_BLOCK_SIZE] = {
- 0x06, 0x57, 0xee, 0x78, 0x3f, 0x96, 0x00, 0xb1,
- 0xec, 0x76, 0x94, 0x30, 0x29, 0xbe, 0x15, 0xab
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[AES_BLOCK_SIZE] = {
- 0xcd, 0xf2, 0x81, 0x3e, 0x73, 0x3e, 0xf7, 0x33,
- 0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82
- };
- int i;
- struct {
- const byte* key;
- int keySz;
- const byte* iv;
- const byte* verify;
- } testVec[] = {
- { key_128, 16, iv, verify_ecb_128 },
- { key_192, 24, iv, verify_ecb_192 },
- { key_256, 32, iv, verify_ecb_256 },
- };
- #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
- for (i = 0; i < AES_ECB_TEST_LEN; i++) {
- ret = wc_AesSetKey(enc, testVec[i].key, testVec[i].keySz, testVec[i].iv,
- AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, testVec[i].key, testVec[i].keySz, testVec[i].iv,
- AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, testVec[i].verify, AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!");
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #endif /* HAVE_AES_DECRYPT */
- (void)dec;
- (void)plain;
- }
- out:
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
- {
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
- wc_test_ret_t ret = 0;
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- #ifdef HAVE_RENESAS_SYNC
- const byte *key =
- (byte*)guser_PKCbInfo.wrapped_key_aes128;
- #else
- WOLFSSL_SMALL_STACK_STATIC const
- byte key[] = "0123456789abcdef "; /* align */
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */
- WOLFSSL_ENTER("aes_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \
- defined(WOLFSSL_AES_DIRECT)
- if (enc == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- if (dec == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- #ifdef HAVE_AES_ECB
- ret = aes_ecb_test(enc, dec, cipher, plain);
- if (ret != 0)
- return ret;
- #endif
- ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- WOLFSSL_MSG("failed wc_AesCbcDecrypt");
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- /* skipped because wrapped key use in case of renesas sm */
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #endif /* WOLFSSL_AES_128 */
- #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
- /* "All work and no play makes Jack a dull boy. " */
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
- word32 keySz, msgSz;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((bigCipher == NULL) ||
- (bigPlain == NULL)) {
- if (bigCipher != NULL)
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #else
- byte bigCipher[sizeof(bigMsg)];
- byte bigPlain[sizeof(bigMsg)];
- #endif
- /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
- * message by AES_BLOCK_SIZE for each size of AES key. */
- for (keySz = 16; keySz <= 32; keySz += 8) {
- for (msgSz = AES_BLOCK_SIZE;
- msgSz <= sizeof(bigMsg);
- msgSz += AES_BLOCK_SIZE) {
- XMEMSET(bigCipher, 0, sizeof(bigMsg));
- XMEMSET(bigPlain, 0, sizeof(bigMsg));
- ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
- ret = WC_TEST_RET_ENC_NC;
- break;
- }
- }
- if (ret != 0)
- break;
- }
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
- * message by AES_BLOCK_SIZE for each size of AES key. */
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- for (keySz = 16; keySz <= 32; keySz += 8) {
- for (msgSz = AES_BLOCK_SIZE;
- msgSz <= sizeof(bigMsg);
- msgSz += AES_BLOCK_SIZE) {
- XMEMSET(bigCipher, 0, sizeof(bigMsg));
- XMEMSET(bigPlain, 0, sizeof(bigMsg));
- ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
- ret = WC_TEST_RET_ENC_NC;
- break;
- }
- }
- if (ret != 0)
- break;
- }
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret != 0)
- goto out;
- }
- #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
- /* Test of AES IV state with encrypt/decrypt */
- #if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC)
- {
- /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
- * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
- */
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
- {
- 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
- 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
- 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
- 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
- msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(HAVE_AES_DECRYPT)
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
- verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("wc_AesCbcDecrypt failed plain-msg2 compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
- #endif /* HAVE_AES_CBC */
- #ifdef WOLFSSL_AES_COUNTER
- ret = aesctr_test(enc, dec, cipher, plain);
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_SELFTEST) && \
- (defined(WOLFSSL_LINUXKM) || \
- !defined(HAVE_FIPS) || \
- (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- ret = wc_AesEncryptDirect(enc, cipher, niPlain);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #else
- wc_AesEncryptDirect(enc, cipher, niPlain);
- #endif
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_SELFTEST) && \
- (defined(WOLFSSL_LINUXKM) || \
- !defined(HAVE_FIPS) || \
- (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- ret = wc_AesDecryptDirect(dec, plain, niCipher);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #else
- wc_AesDecryptDirect(dec, plain, niCipher);
- #endif
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- #ifndef HAVE_RENESAS_SYNC
- ret = aes_key_size_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
- !defined(HAVE_RENESAS_SYNC)
- ret = aes_cbc_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = aesecb_test();
- if (ret != 0)
- goto out;
- #endif
- out:
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if (enc_inited)
- wc_AesFree(enc);
- #endif
- (void)cipher;
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- (void)plain;
- #endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
- return ret;
- }
- #if defined(WOLFSSL_AES_CFB)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
- {
- int ret;
- WOLFSSL_ENTER("aes_cfb_test");
- ret = aescfb_test_0();
- if (ret != 0)
- return ret;
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = aescfb1_test();
- if (ret != 0)
- return ret;
- ret = aescfb8_test();
- if (ret != 0)
- return ret;
- #endif
- return 0;
- }
- #endif
- #if defined(WOLFSSL_AES_XTS)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
- {
- int ret = 0;
- WOLFSSL_ENTER("aes_xts_test");
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_128_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_192
- ret = aes_xts_192_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_256
- ret = aes_xts_256_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- ret = aes_xts_sector_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_args_test();
- if (ret != 0)
- return ret;
- #endif
- return 0;
- }
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
- {
- wc_test_ret_t ret = 0;
- #ifdef HAVE_AES_CBC
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain[AES_BLOCK_SIZE];
- #endif
- #ifdef HAVE_AES_DECRYPT
- int dec_inited = 0;
- #endif
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
- * Appendix F.2.3 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
- 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- WOLFSSL_ENTER("aes192_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- WOLFSSL_MSG("failed wc_AesCbcDecrypt plain-msg compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #ifdef HAVE_AES_DECRYPT
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
- {
- #ifdef HAVE_AES_CBC
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- wc_test_ret_t ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
- * Appendix F.2.5 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
- 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
- };
- #ifdef HAVE_RENESAS_SYNC
- byte *key =
- (byte*)guser_PKCbInfo.wrapped_key_aes256;
- int keySz = (256/8);
- #else
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- int keySz = (int)sizeof(key);
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- WOLFSSL_ENTER("aes256_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #ifdef HAVE_AES_DECRYPT
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
- byte* plain, int plainSz, byte* cipher, int cipherSz,
- byte* aad, int aadSz, byte* tag, int tagSz)
- {
- wc_test_ret_t ret;
- int enc_inited = 0, dec_inited = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- byte resultT[AES_BLOCK_SIZE];
- byte resultP[AES_BLOCK_SIZE * 3];
- byte resultC[AES_BLOCK_SIZE * 3];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- ret = wc_AesGcmSetKey(enc, key, (word32)keySz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, ivSz,
- resultT, (word32)tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher != NULL) {
- if (XMEMCMP(cipher, resultC, cipherSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- if (XMEMCMP(tag, resultT, tagSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
- resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher != NULL) {
- if (XMEMCMP(cipher, resultC, cipherSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- if (XMEMCMP(tag, resultT, tagSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmSetKey(dec, key, (word32)keySz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz,
- iv, (word32)ivSz, resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (plain != NULL) {
- if (XMEMCMP(plain, resultP, plainSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
- iv, ivSz, resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (plain != NULL) {
- if (XMEMCMP(plain, resultP, plainSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #endif /* HAVE_AES_DECRYPT */
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (enc_inited)
- wc_AesFree(enc);
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- return ret;
- }
- #endif
- /* tests that only use 12 byte IV and 16 or less byte AAD
- * test vectors are from NIST SP 800-38D
- * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void)
- {
- #ifdef WOLFSSL_AES_128
- byte key1[] = {
- 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
- 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
- };
- byte iv1[] = {
- 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
- 0xe4, 0xed, 0x2f, 0x6d
- };
- ALIGN64 byte plain1[] = {
- 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
- 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
- 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
- 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
- };
- byte aad1[] = {
- 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
- 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
- };
- ALIGN64 byte cipher1[] = {
- 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
- 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
- 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
- 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
- };
- byte tag1[] = {
- 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
- 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
- };
- byte key2[] = {
- 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
- 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
- };
- byte iv2[] = {
- 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
- 0xc9, 0x8a, 0xff, 0xe3
- };
- ALIGN64 byte plain2[] = {
- 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
- 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
- };
- ALIGN64 byte cipher2[] = {
- 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
- 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
- };
- byte tag2[] = {
- 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
- 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
- };
- byte key3[] = {
- 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
- 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
- };
- byte iv3[] = {
- 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
- 0x6a, 0x4b, 0xd5, 0xe1
- };
- byte tag3[] = {
- 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
- 0x11, 0x64, 0xb2, 0xff
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("aesgcm_default_test");
- ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
- plain1, sizeof(plain1), cipher1, sizeof(cipher1),
- aad1, sizeof(aad1), tag1, sizeof(tag1));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
- plain2, sizeof(plain2), cipher2, sizeof(cipher2),
- NULL, 0, tag2, sizeof(tag2));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
- NULL, 0, NULL, 0,
- NULL, 0, tag3, sizeof(tag3));
- if (ret != 0) {
- return ret;
- }
- #endif
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- /*
- * This is Test Case 16 from the document Galois/
- * Counter Mode of Operation (GCM) by McGrew and
- * Viega.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
- 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
- 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
- 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
- 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
- 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
- 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
- 0xba, 0x63, 0x7b, 0x39
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- #ifdef WOLFSSL_AES_256
- #ifdef HAVE_RENESAS_SYNC
- const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
- int k1Sz = (int)(256/8);
- #else
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
- };
- int k1Sz = (int)sizeof(k1);
- #endif
- #endif /* WOLFSSL_AES_256 */
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
- 0xde, 0xca, 0xf8, 0x88
- };
- #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
- 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
- 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
- 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
- 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
- 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
- 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
- 0xbc, 0xc9, 0xf6, 0x62
- };
- #endif /* WOLFSSL_AES_256 || WOLFSSL_AES_192 */
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
- 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
- };
- /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */
- #if !defined(HAVE_FIPS) && \
- !defined(WOLFSSL_PIC32MZ_CRYPT) && \
- !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
- !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_AES) && \
- !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- #define ENABLE_NON_12BYTE_IV_TEST
- #ifdef WOLFSSL_AES_192
- /* Test Case 12, uses same plaintext and AAD data. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
- 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
- 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
- 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
- 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
- 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
- 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
- 0xa6, 0x37, 0xb3, 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
- 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
- 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
- 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
- 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
- 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
- 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
- 0xe9, 0xb7, 0x37, 0x3b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
- 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- /* The following is an interesting test case from the example
- * FIPS test vectors for AES-GCM. IVlen = 1 byte */
- WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
- {
- 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
- 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
- };
- #ifdef HAVE_RENESAS_SYNC
- const byte *k3 =
- (byte*)guser_PKCbInfo.wrapped_key_aes128;
- int k3Sz = (int)(128/8);
- #else
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
- 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
- };
- int k3Sz = (int)sizeof(k3);
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
- 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
- {
- 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
- 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
- {
- 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
- 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- int ivlen;
- #endif
- #endif
- byte resultT[sizeof(t1) + AES_BLOCK_SIZE];
- byte resultP[sizeof(p) + AES_BLOCK_SIZE];
- byte resultC[sizeof(p) + AES_BLOCK_SIZE];
- wc_test_ret_t ret = 0;
- int alen;
- int plen;
- #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- byte buf[sizeof(p) + AES_BLOCK_SIZE];
- byte bufA[sizeof(a) + 1];
- byte *large_aad = (byte*)XMALLOC((size_t)1024 + 16, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
- #if !defined(BENCH_AESGCM_LARGE)
- #define BENCH_AESGCM_LARGE 1024
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- (void)alen;
- (void)plen;
- if ((! large_input) || (! large_output) || (! large_outdec))
- ERROR_OUT(MEMORY_E, out);
- #else
- byte large_input[BENCH_AESGCM_LARGE];
- byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE];
- byte large_outdec[BENCH_AESGCM_LARGE];
- #endif
- XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
- XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
- XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
- #endif
- WOLFSSL_ENTER("aesgcm_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef WOLFSSL_AES_256
- ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t1, resultT, sizeof(t1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
- iv1, sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
- /* Variable IV length test */
- for (ivlen=1; ivlen<k1Sz; ivlen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
- (word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
- (word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
- /* Variable authenticated data length test */
- for (alen=0; alen<(int)sizeof(p); alen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
- sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
- sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- if (! large_aad)
- ERROR_OUT(MEMORY_E, out);
- XMEMSET(large_aad, 0, 1024+16);
- /* Variable authenticated data length test */
- for (alen=0; alen<=1024; alen+=16) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
- sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
- sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- /* Test unaligned memory of all potential arguments */
- ret = wc_AesGcmSetKey(enc, k1, k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- XMEMCPY(&buf[1], p, sizeof(p));
- XMEMCPY(&bufA[1], a, sizeof(a));
- ret = wc_AesGcmEncrypt(enc, &resultC[1], &buf[1], sizeof(p), iv1, sizeof(iv1),
- &resultT[1], sizeof(t1), &bufA[1], sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, &resultC[1], sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t1, &resultT[1], sizeof(t1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmSetKey(dec, k1, k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec, &resultP[1], &resultC[1], sizeof(c1),
- iv1, sizeof(iv1), &resultT[1], sizeof(t1), &bufA[1], sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, &resultP[1], sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* Xilinx Versal */
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef BENCH_AESGCM_LARGE
- /* Variable plain text length test */
- for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- (word32)plen, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- (word32)plen, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #else /* BENCH_AESGCM_LARGE */
- /* Variable plain text length test */
- for (plen=1; plen<(int)sizeof(p); plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* BENCH_AESGCM_LARGE */
- #endif
- #endif /* WOLFSSL_AES_256 */
- /* test with IV != 12 bytes */
- #ifdef ENABLE_NON_12BYTE_IV_TEST
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #ifdef WOLFSSL_AES_192
- wc_AesGcmSetKey(enc, k2, sizeof(k2));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, resultC, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t2, resultT, sizeof(t1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1),
- iv2, sizeof(iv2), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- wc_AesGcmSetKey(enc, k2, (word32)sizeof(k2));
- wc_AesGcmSetKey(dec, k2, (word32)sizeof(k2));
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
- resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(c3, resultC, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t3, resultT, sizeof(t3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
- iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, resultP, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
- wc_AesGcmSetKey(dec, k3, (word32)k3Sz);
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #endif /* WOLFSSL_AES_128 */
- #endif /* ENABLE_NON_12BYTE_IV_TEST */
- #if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_XILINX_CRYPT) && \
- !(defined(WOLF_CRYPTO_CB) && \
- defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT + 1, sizeof(t1) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t1, resultT + 1, sizeof(t1) - 1))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
- iv1, sizeof(iv1), resultT + 1, sizeof(t1) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- /* Test encrypt with internally generated IV */
- #if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \
- && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
- {
- WC_RNG rng;
- byte randIV[12];
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(randIV, 0, sizeof(randIV));
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
- ret = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncrypt_ex(enc,
- resultC, p, sizeof(p),
- randIV, sizeof(randIV),
- resultT, sizeof(t1),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* Check the IV has been set. */
- {
- word32 i, ivSum = 0;
- for (i = 0; i < sizeof(randIV); i++)
- ivSum += randIV[i];
- if (ivSum == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef HAVE_AES_DECRYPT
- wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
- ret = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec,
- resultP, resultC, sizeof(c1),
- randIV, sizeof(randIV),
- resultT, sizeof(t1),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- wc_FreeRng(&rng);
- }
- #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
- #endif /* HAVE_FIPS_VERSION >= 2 */
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef WOLFSSL_AES_256
- #ifdef WOLFSSL_AESGCM_STREAM
- ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* alen is the size to pass in with each update. */
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* plen is the offset into plaintext to update with. */
- for (plen = 0; plen < (int)sizeof(p); plen += alen) {
- int len = sizeof(p) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, (word32)len,
- NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef HAVE_AES_DECRYPT
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* plen is the offset into cipher text to update with. */
- for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
- int len = sizeof(c1) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, (word32)len,
- NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- #ifdef BENCH_AESGCM_LARGE
- /* setup test buffer */
- ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptUpdate(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptUpdate(enc, large_outdec, large_output,
- BENCH_AESGCM_LARGE, a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #endif /* WOLFSSL_AESGCM_STREAM */
- #endif /* WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
- wc_AesFree(enc);
- wc_AesFree(dec);
- ret = 0;
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_output)
- XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_outdec)
- XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #ifdef WOLFSSL_AES_128
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Gmac *gmac;
- #else
- Gmac gmac[1];
- #endif
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
- 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
- 0xe2, 0x8c, 0x8f, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
- {
- 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
- 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
- /* FIPS builds only allow 16-byte auth tags. */
- /* This sample uses a 15-byte auth tag. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
- 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
- 0x1a, 0x60, 0x24, 0xa7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
- {
- 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
- 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
- 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
- };
- #endif
- byte tag[16];
- WOLFSSL_ENTER("gmac_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
- (void)wc_AesInit(&gmac->aes, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k1, sizeof(k1));
- wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
- if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) )
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k2, sizeof(k2));
- wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
- if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
- {
- 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- WC_RNG rng;
- byte iv[12];
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #else
- ret = wc_InitRng(&rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- t1, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- badT, sizeof(badT));
- if (ret != AES_GCM_AUTH_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
- t2, sizeof(t2));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(iv, 0, sizeof(iv));
- ret = wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag), &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_FreeRng(&rng);
- }
- #endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
- #endif /* HAVE_FIPS */
- ret = 0;
- out:
- wc_AesFree(&gmac->aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AESGCM */
- #if defined(HAVE_AESCCM)
- #if defined(WOLFSSL_AES_256)
- static wc_test_ret_t aesccm_256_test(void)
- {
- wc_test_ret_t ret;
- /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */
- WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F,
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte in_nonce[7] = {
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
- WOLFSSL_SMALL_STACK_STATIC const byte in_auth[8] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
- WOLFSSL_SMALL_STACK_STATIC const byte in_plaintext[4] = {
- 0x20, 0x21, 0x22, 0x23};
- WOLFSSL_SMALL_STACK_STATIC const byte exp_ciphertext[4] = {
- 0x8A, 0xB1, 0xA8, 0x74};
- WOLFSSL_SMALL_STACK_STATIC const byte exp_tag[4] = {
- 0x95, 0xFC, 0x08, 0x20};
- byte output[sizeof(in_plaintext)];
- byte atag[sizeof(exp_tag)];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES);
- if (aes == NULL) {
- return MEMORY_E;
- }
- #else
- Aes aes[1];
- #endif
- ret = wc_AesInit(aes, HEAP_HINT, devId);
- if (ret == 0) {
- ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key));
- }
- if (ret == 0) {
- ret = wc_AesCcmEncrypt(aes, output, in_plaintext, sizeof(in_plaintext),
- in_nonce, sizeof(in_nonce),
- atag, sizeof(atag),
- in_auth, sizeof(in_auth));
- }
- /* Verify we produce the proper ciphertext and tag */
- if (ret == 0 &&
- (XMEMCMP(output, exp_ciphertext, sizeof(output)) ||
- XMEMCMP(atag, exp_tag, sizeof(atag)))) {
- ret = WC_TEST_RET_ENC_NC;
- }
- #ifdef HAVE_AES_DECRYPT
- if (ret == 0) {
- /* decrypt inline */
- ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output),
- in_nonce, sizeof(in_nonce),
- atag, sizeof(atag),
- in_auth, sizeof(in_auth));
- }
- /* Verify decryption was successful */
- if (ret == 0 &&
- XMEMCMP(output, in_plaintext, sizeof(output))) {
- ret = WC_TEST_RET_ENC_NC;
- }
- #endif
- wc_AesFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_128)
- static wc_test_ret_t aesccm_128_test(void)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc;
- #else
- Aes enc[1];
- #endif
- /* key */
- WOLFSSL_SMALL_STACK_STATIC const byte k[] =
- {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- /* nonce */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
- 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
- };
- /* plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
- };
- /* plaintext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
- 0x50
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- /* ciphertext */
- WOLFSSL_SMALL_STACK_STATIC const byte c[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
- };
- /* tag - authentication */
- WOLFSSL_SMALL_STACK_STATIC const byte t[] =
- {
- 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
- };
- /* ciphertext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
- 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
- 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
- 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
- 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
- 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
- 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
- 0x0b
- };
- /* tag - authentication - long */
- WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
- {
- 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
- };
- /* tag - authentication - empty plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
- {
- 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
- };
- byte t2[sizeof(t)];
- byte p2[sizeof(p)];
- byte c2[sizeof(c)];
- byte iv2[sizeof(iv)];
- byte pl2[sizeof(pl)];
- byte cl2[sizeof(cl)];
- byte tl2[sizeof(tl)];
- byte t_empty2[sizeof(t_empty)];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- XMEMSET(enc, 0, sizeof *enc); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, p2, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* Test the authentication failure */
- t2[0]++; /* Corrupt the authentication tag. */
- ret = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* Clear c2 to compare against p2. p2 should be set to zero in case of
- * authentication fail. */
- XMEMSET(c2, 0, sizeof(c2));
- if (XMEMCMP(p2, c2, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- wc_AesFree(enc);
- XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- XMEMSET(iv2, 0, sizeof(iv2));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_SELFTEST
- /* selftest build does not have wc_AesCcmSetNonce() or
- * wc_AesCcmEncrypt_ex() */
- ret = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmSetNonce(enc, iv, sizeof(iv));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
- t2, sizeof(t2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(iv, iv2, sizeof(iv2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- /* test fail on invalid IV sizes */
- ret = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, 1, a, sizeof(a));
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cl, cl2, sizeof(cl2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(tl, tl2, sizeof(tl2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pl, pl2, sizeof(pl2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* test empty message as null input or output with nonzero inSz. */
- ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- /* test empty message as null input and output with zero inSz --
- * must either succeed, or fail early with BAD_FUNC_ARG.
- */
- ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (ret != BAD_FUNC_ARG) {
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
- 0 /* inSz */, iv, sizeof(iv), t_empty2,
- sizeof(t_empty2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- }
- /* test empty message as zero-length string -- must work. */
- ret = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv,
- sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- wc_AesFree(enc);
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void)
- {
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("aesccm_test");
- #ifdef WOLFSSL_AES_128
- if (ret == 0)
- ret = aesccm_128_test();
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0)
- ret = aesccm_256_test();
- #endif
- return ret;
- }
- #endif /* HAVE_AESCCM */
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
- {
- typedef struct {
- byte key[AES_256_KEY_SIZE];
- int key_length;
- byte iv[AES_BLOCK_SIZE];
- int iv_length;
- byte aad[AES_BLOCK_SIZE * 2];
- int aad_length;
- byte msg[AES_BLOCK_SIZE * 2];
- int msg_length;
- byte ct[AES_BLOCK_SIZE * 2];
- int ct_length;
- byte tag[AES_BLOCK_SIZE];
- int tag_length;
- int valid;
- } AadVector;
- /* A small selection of Google wycheproof vectors that use vectors
- * from the original paper: eprint.iacr.org/2003/069
- * https://github.com/google/wycheproof/blob/master/testvectors/aes_eax_test.json
- */
- WOLFSSL_SMALL_STACK_STATIC const AadVector vectors[] = {
- /* Vector from paper - empty message with auth data */
- {
- /* key, key length */
- {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
- 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
- /* iv, iv length */
- {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
- 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
- /* aad, aad length */
- {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
- /* msg, msg length */
- {0}, 0,
- /* ct, ct length */
- {0}, 0,
- /* tag, tag length */
- {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2,
- 0x7b, 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
- /* valid */
- 1,
- },
- /* Vector from paper - no auth data, valid auth tag */
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv , iv length */
- {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
- 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
- /* aad, aad length */
- {0}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
- 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
- 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
- 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
- /* tag, tag length */
- {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
- 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
- /* valid */
- 1,
- },
- /* Vector from paper - no auth data with invalid auth tag */
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct , ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- };
- WOLFSSL_SMALL_STACK_STATIC byte ciphertext[sizeof(vectors[0].ct)];
- WOLFSSL_SMALL_STACK_STATIC byte authtag[sizeof(vectors[0].tag)];
- int i;
- int len;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("aes_eax_test");
- for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
- XMEMSET(ciphertext, 0, sizeof(ciphertext));
- len = sizeof(authtag);
- ret = wc_AesEaxEncryptAuth(vectors[i].key, (word32)vectors[i].key_length,
- ciphertext,
- vectors[i].msg, (word32)vectors[i].msg_length,
- vectors[i].iv, (word32)vectors[i].iv_length,
- authtag, (word32)len,
- vectors[i].aad, (word32)vectors[i].aad_length);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* check ciphertext matches vector */
- if (XMEMCMP(ciphertext, vectors[i].ct, (size_t)vectors[i].ct_length)) {
- return WC_TEST_RET_ENC_NC;
- }
- /* check that tag matches vector only for vectors marked as valid */
- ret = XMEMCMP(authtag, vectors[i].tag, len);
- if (vectors[i].valid == 1 && ret != 0 ) {
- return WC_TEST_RET_ENC_NC;
- }
- else if (vectors[i].valid == 0 && ret == 0) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(ciphertext, 0, sizeof(ciphertext));
- ret = wc_AesEaxDecryptAuth(vectors[i].key, (word32)vectors[i].key_length,
- ciphertext,
- vectors[i].ct, (word32)vectors[i].ct_length,
- vectors[i].iv, (word32)vectors[i].iv_length,
- authtag, (word32)len,
- vectors[i].aad, (word32)vectors[i].aad_length);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* check decrypted ciphertext matches vector plaintext */
- if (XMEMCMP(ciphertext, vectors[i].msg, (size_t)vectors[i].msg_length)) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- #endif /* WOLFSSL_AES_EAX */
- #ifdef HAVE_AES_KEYWRAP
- #define MAX_KEYWRAP_TEST_OUTLEN 40
- #define MAX_KEYWRAP_TEST_PLAINLEN 32
- typedef struct keywrapVector {
- const byte* kek;
- const byte* data;
- const byte* verify;
- word32 kekLen;
- word32 dataLen;
- word32 verifyLen;
- } keywrapVector;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
- {
- int wrapSz, plainSz, testSz, i;
- /* test vectors from RFC 3394 (kek, data, verify) */
- #ifdef WOLFSSL_AES_128
- /* Wrap 128 bits of Key Data with a 128-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
- 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
- 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
- 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* Wrap 128 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
- 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
- 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
- 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 128 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
- 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
- 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
- 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
- };
- #endif
- #ifdef WOLFSSL_AES_192
- /* Wrap 192 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
- 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
- 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
- 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
- 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 192 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
- 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
- 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
- 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
- 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
- };
- /* Wrap 256 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
- 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
- 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
- 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
- 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
- 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
- };
- #endif /* WOLFSSL_AES_256 */
- byte output[MAX_KEYWRAP_TEST_OUTLEN];
- byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
- const keywrapVector test_wrap[] =
- {
- #ifdef WOLFSSL_AES_128
- {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
- {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
- #endif
- };
- WOLFSSL_ENTER("aeskeywrap_test");
- testSz = sizeof(test_wrap) / sizeof(keywrapVector);
- XMEMSET(output, 0, sizeof(output));
- XMEMSET(plain, 0, sizeof(plain));
- for (i = 0; i < testSz; i++) {
- wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
- test_wrap[i].data, test_wrap[i].dataLen,
- output, sizeof(output), NULL);
- if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
- return WC_TEST_RET_ENC_NC;
- plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
- output, (word32)wrapSz,
- plain, sizeof(plain), NULL);
- if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif /* HAVE_AES_KEYWRAP */
- #endif /* NO_AES */
- #ifdef HAVE_ARIA
- void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
- {
- #ifndef DEBUG_WOLFSSL
- (void)strName;
- (void)data;
- (void)dataSz;
- #else
- WOLFSSL_MSG_EX("%s (%d):", strName,dataSz);
- WOLFSSL_BUFFER(data,dataSz);
- #endif
- }
- WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
- {
- byte data[] = TEST_STRING;
- word32 dataSz = TEST_STRING_SZ;
- /* Arbitrarily random long key that we will truncate to the right size */
- byte key[] = { 0x1E, 0xCC, 0x95, 0xCB, 0xD3, 0x74, 0x58, 0x4F,
- 0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6,
- 0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF,
- 0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B };
- byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[AES_BLOCK_SIZE];
- word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
- wc_Aria aria;
- int ret = 0;
- WOLFSSL_ENTER("ariagcm_test");
- XMEMSET((void *)&aria, 0, sizeof(aria));
- ret = wc_AriaInitCrypt(&aria, algo);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- ret = wc_AriaSetKey(&aria, key);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- MC_GetObjectValue(aria.hSession, aria.hKey, key, &keySz);
- printOutput("Key", key, keySz);
- WC_RNG rng;
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AriaGcmSetIV(&aria, GCM_NONCE_MID_SZ, NULL, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_FreeRng(&rng);
- printOutput("Plaintext", data, sizeof(data));
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AriaEncrypt(&aria, cipher, data, dataSz,
- (byte *)aria.nonce, aria.nonceSz, ad, adSz,
- authTag, authTagSz);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- printOutput("Ciphertext", cipher, sizeof(cipher));
- printOutput("AuthTag", authTag, sizeof(authTag));
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_AriaDecrypt(&aria, plain, cipher, dataSz,
- (byte *)aria.nonce, aria.nonceSz, ad, adSz,
- authTag, authTagSz);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- printOutput("Plaintext", plain, sizeof(plain));
- if (XMEMCMP(plain, data, dataSz) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC,out);
- out:
- if (ret != 0) { wc_AriaFreeCrypt(&aria); }
- else { ret = wc_AriaFreeCrypt(&aria); }
- return ret;
- }
- #endif /* HAVE_ARIA */
- #ifdef HAVE_CAMELLIA
- enum {
- CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
- };
- typedef struct {
- int type;
- const byte* plaintext;
- const byte* iv;
- const byte* ciphertext;
- const byte* key;
- word32 keySz;
- int errorCode;
- } test_vector_t;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
- {
- /* Camellia ECB Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- /* Camellia ECB Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- /* Test 1: Camellia ECB 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
- 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
- };
- /* Test 2: Camellia ECB 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
- 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
- };
- /* Test 3: Camellia ECB 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
- 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
- };
- /* Camellia CBC Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
- {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- /* Camellia CBC Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- /* Test 4: Camellia-CBC 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
- {
- 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
- 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
- {
- 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
- 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
- };
- /* Test 5: Camellia-CBC 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
- {
- 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
- 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
- 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
- {
- 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
- 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
- };
- /* Test 6: CBC 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
- {
- 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
- 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
- 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
- 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
- {
- 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
- 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
- };
- byte out[CAMELLIA_BLOCK_SIZE];
- Camellia cam;
- WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
- {
- {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
- {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
- {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
- {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
- {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
- {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
- {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
- {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
- {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
- {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
- {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
- {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
- };
- int i, testsSz;
- int ret;
- WOLFSSL_ENTER("camellia_test");
- testsSz = sizeof(testVectors)/sizeof(test_vector_t);
- for (i = 0; i < testsSz; i++) {
- if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
- testVectors[i].iv) != 0)
- return testVectors[i].errorCode;
- switch (testVectors[i].type) {
- case CAM_ECB_ENC:
- ret = wc_CamelliaEncryptDirect(&cam, out,
- testVectors[i].plaintext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_ECB_DEC:
- ret = wc_CamelliaDecryptDirect(&cam, out,
- testVectors[i].ciphertext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_ENC:
- ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_DEC:
- ret = wc_CamelliaCbcDecrypt(&cam, out,
- testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- default:
- break;
- }
- }
- /* Setting the IV and checking it was actually set. */
- ret = wc_CamelliaSetIV(&cam, ivc);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Setting the IV to NULL should be same as all zeros IV */
- ret = wc_CamelliaSetIV(&cam, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- /* First parameter should never be null */
- if (wc_CamelliaSetIV(NULL, NULL) == 0)
- return WC_TEST_RET_ENC_NC;
- /* First parameter should never be null, check it fails */
- if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
- return WC_TEST_RET_ENC_NC;
- /* Key should have a size of 16, 24, or 32 */
- if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_CAMELLIA */
- #ifdef WOLFSSL_SM4
- #ifdef WOLFSSL_SM4_ECB
- static int sm4_ecb_test(void)
- {
- /* draft-ribose-cfrg-sm4-10 A.2.1.1 */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1_ecb[] = {
- 0x5E, 0xC8, 0x14, 0x3D, 0xE5, 0x09, 0xCF, 0xF7,
- 0xB5, 0x17, 0x9F, 0x8F, 0x47, 0x4B, 0x86, 0x19,
- 0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9,
- 0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt with ECB. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4EcbEncrypt(&sm4, enc, p1, sizeof(p1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1_ecb, sizeof(c1_ecb)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4EcbDecrypt(&sm4, dec, enc, sizeof(c1_ecb));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_CBC
- static int sm4_cbc_test(void)
- {
- /* draft-ribose-cfrg-sm4-10 A.2.2.1 */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1_cbc[] = {
- 0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48,
- 0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB,
- 0x4C, 0xB7, 0x01, 0x69, 0x51, 0x90, 0x92, 0x26,
- 0x97, 0x9B, 0x0D, 0x15, 0xDC, 0x6A, 0x8F, 0x6D
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt with CBC. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CbcEncrypt(&sm4, enc, p1, sizeof(p1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CbcDecrypt(&sm4, dec, enc, sizeof(c1_cbc));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Encrypt and decrypt in-place with CBC. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- XMEMCPY(enc, p1, sizeof(p1));
- ret = wc_Sm4CbcEncrypt(&sm4, enc, enc, sizeof(p1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CbcDecrypt(&sm4, enc, enc, sizeof(c1_cbc));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_CTR
- static int sm4_ctr_test(void)
- {
- /* draft-ribose-cfrg-sm4-10 A.2.5.1 */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
- 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2_ctr[] = {
- 0xAC, 0x32, 0x36, 0xCB, 0x97, 0x0C, 0xC2, 0x07,
- 0x91, 0x36, 0x4C, 0x39, 0x5A, 0x13, 0x42, 0xD1,
- 0xA3, 0xCB, 0xC1, 0x87, 0x8C, 0x6F, 0x30, 0xCD,
- 0x07, 0x4C, 0xCE, 0x38, 0x5C, 0xDD, 0x70, 0xC7,
- 0xF2, 0x34, 0xBC, 0x0E, 0x24, 0xC1, 0x19, 0x80,
- 0xFD, 0x12, 0x86, 0x31, 0x0C, 0xE3, 0x7B, 0x92,
- 0x6E, 0x02, 0xFC, 0xD0, 0xFA, 0xA0, 0xBA, 0xF3,
- 0x8B, 0x29, 0x33, 0x85, 0x1D, 0x82, 0x45, 0x14
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- int chunk;
- int i;
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt using encrypt with CTR. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CtrEncrypt(&sm4, enc, p2, sizeof(p2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CtrEncrypt(&sm4, dec, enc, sizeof(c2_ctr));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
- return WC_TEST_RET_ENC_NC;
- for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(chunk);
- XMEMSET(enc, 0, sizeof(enc));
- for (i = 0; i + chunk <= (int)sizeof(p2); i += chunk) {
- ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, chunk);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- if (i < (int)sizeof(p2)) {
- ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, sizeof(p2) - i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(chunk);
- }
- if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
- return WC_TEST_RET_ENC_I(chunk);
- }
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_GCM
- static int sm4_gcm_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
- 0xFF, 0xEE, 0xDD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
- 0x83, 0xb2, 0x91, 0xcf, 0x22, 0xc9, 0x5f, 0x89,
- 0xde, 0x3d, 0x52, 0x8d, 0xd7, 0x13, 0x50, 0x89
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
- 0xff, 0x8b, 0xb2, 0x3b, 0x0a, 0x0a, 0x12, 0xa4,
- 0xa8, 0x4c, 0x4f, 0x67, 0x06, 0x81, 0xbb, 0x88,
- 0x66, 0x17, 0xc7, 0x43, 0xbf, 0xae, 0x41, 0x40,
- 0xec, 0x1e, 0x03, 0x85, 0x2b, 0x56, 0xa8, 0xc0
- };
- /* RFC8998 A.1. */
- WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
- 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
- 0x00, 0x00, 0xAB, 0xCD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
- 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xAB, 0xAD, 0xDA, 0xD2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
- 0x17, 0xF3, 0x99, 0xF0, 0x8C, 0x67, 0xD5, 0xEE,
- 0x19, 0xD0, 0xDC, 0x99, 0x69, 0xC4, 0xBB, 0x7D,
- 0x5F, 0xD4, 0x6F, 0xD3, 0x75, 0x64, 0x89, 0x06,
- 0x91, 0x57, 0xB2, 0x82, 0xBB, 0x20, 0x07, 0x35,
- 0xD8, 0x27, 0x10, 0xCA, 0x5C, 0x22, 0xF0, 0xCC,
- 0xFA, 0x7C, 0xBF, 0x93, 0xD4, 0x96, 0xAC, 0x15,
- 0xA5, 0x68, 0x34, 0xCB, 0xCF, 0x98, 0xC3, 0x97,
- 0xB4, 0x02, 0x4A, 0x26, 0x91, 0x23, 0x3B, 0x8D
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
- 0x83, 0xDE, 0x35, 0x41, 0xE4, 0xC2, 0xB5, 0x81,
- 0x77, 0xE0, 0x65, 0xA9, 0xBF, 0x7B, 0x62, 0xEC
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- byte tag[SM4_BLOCK_SIZE];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt using encrypt with GCM. */
- ret = wc_Sm4GcmSetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4GcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* RFC8998 test vector. */
- ret = wc_Sm4GcmSetKey(&sm4, k2, sizeof(k2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4GcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_CCM
- static int sm4_ccm_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
- 0xFF, 0xEE, 0xDD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
- 0x9a, 0x98, 0x04, 0xb6, 0x0f, 0x19, 0x4a, 0x46,
- 0xba, 0xed, 0xe6, 0x89, 0x69, 0x34, 0xad, 0x61
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
- 0xbd, 0xc0, 0x72, 0x60, 0xda, 0x2d, 0x11, 0xdc,
- 0x66, 0x33, 0xcc, 0xec, 0xb2, 0xf4, 0x53, 0x59,
- 0x9e, 0xb1, 0xb3, 0x6b, 0x1f, 0x1c, 0xfb, 0x29,
- 0xf5, 0x37, 0xfc, 0x00, 0xf2, 0x4e, 0x70, 0x6f
- };
- /* RFC8998 A.1. */
- WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
- 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
- 0x00, 0x00, 0xAB, 0xCD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
- 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xAB, 0xAD, 0xDA, 0xD2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
- 0x48, 0xAF, 0x93, 0x50, 0x1F, 0xA6, 0x2A, 0xDB,
- 0xCD, 0x41, 0x4C, 0xCE, 0x60, 0x34, 0xD8, 0x95,
- 0xDD, 0xA1, 0xBF, 0x8F, 0x13, 0x2F, 0x04, 0x20,
- 0x98, 0x66, 0x15, 0x72, 0xE7, 0x48, 0x30, 0x94,
- 0xFD, 0x12, 0xE5, 0x18, 0xCE, 0x06, 0x2C, 0x98,
- 0xAC, 0xEE, 0x28, 0xD9, 0x5D, 0xF4, 0x41, 0x6B,
- 0xED, 0x31, 0xA2, 0xF0, 0x44, 0x76, 0xC1, 0x8B,
- 0xB4, 0x0C, 0x84, 0xA7, 0x4B, 0x97, 0xDC, 0x5B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
- 0x16, 0x84, 0x2D, 0x4F, 0xA1, 0x86, 0xF5, 0x6A,
- 0xB3, 0x32, 0x56, 0x97, 0x1F, 0xA1, 0x10, 0xF4
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- byte tag[SM4_BLOCK_SIZE];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt using encrypt with CCM. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* RFC8998 test vector. */
- ret = wc_Sm4SetKey(&sm4, k2, sizeof(k2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_ENTER("sm4_test");
- #ifdef WOLFSSL_SM4_ECB
- ret = sm4_ecb_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_CBC
- ret = sm4_cbc_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_CTR
- ret = sm4_ctr_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_GCM
- ret = sm4_gcm_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_CCM
- ret = sm4_ccm_test();
- if (ret != 0)
- return ret;
- #endif
- return 0;
- }
- #endif
- #ifdef HAVE_XCHACHA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
- 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
- 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
- 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
- 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
- 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
- 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
- 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
- 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
- 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
- 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
- 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
- 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
- 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
- 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
- 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
- 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
- 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
- };
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
- 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
- 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
- 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
- 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
- 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
- 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
- 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
- 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
- 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
- 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
- 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
- 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
- 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
- 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
- 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
- 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
- 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
- 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
- };
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_ENTER("XChaCha_test");
- if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #else
- struct ChaCha chacha[1];
- byte buf1[sizeof Plaintext];
- byte buf2[sizeof Plaintext];
- WOLFSSL_ENTER("XChaCha_test");
- #endif
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (chacha)
- XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- if (buf1)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf2)
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_XCHACHA */
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
- 0x74, 0x2e }; /* t. */
- WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
- 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
- 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
- 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
- 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
- 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
- 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
- 0xb5, 0x2e };
- WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
- 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
- };
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_ENTER("XChaCha20Poly1305_test");
- if ((buf1 == NULL) || (buf2 == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #else
- byte buf1[sizeof Ciphertext + sizeof Tag];
- byte buf2[sizeof Plaintext];
- WOLFSSL_ENTER("XChaCha20Poly1305_test");
- #endif
- ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
- Plaintext, sizeof Plaintext,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
- buf1, sizeof Ciphertext + sizeof Tag,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (buf1 != NULL)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf2 != NULL)
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
- #ifndef WC_NO_RNG
- static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
- {
- byte block[32];
- wc_test_ret_t ret;
- int i;
- XMEMSET(block, 0, sizeof(block));
- ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
- if (ret != 0) {
- ret = 1;
- goto exit;
- }
- /* Check for 0's */
- for (i=0; i<(int)sizeof(block); i++) {
- if (block[i] == 0) {
- ret++;
- }
- }
- /* All zeros count check */
- if (ret >= (int)sizeof(block)) {
- ret = 2;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, block);
- if (ret != 0) {
- ret = 3;
- goto exit;
- }
- /* Parameter validation testing. */
- ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = 4;
- goto exit;
- }
- ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = 5;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(NULL, block);
- if (ret != BAD_FUNC_ARG) {
- ret = 6;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = 7;
- goto exit;
- }
- ret = 0;
- exit:
- if (ret != 0)
- ret = errorOffset - (ret * 1000000);
- return ret;
- }
- static wc_test_ret_t random_rng_test(void)
- {
- WC_RNG localRng;
- WC_RNG* rng;
- wc_test_ret_t ret;
- rng = &localRng;
- /* Test stack based RNG. */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
- /* Make sure and free RNG */
- wc_FreeRng(rng);
- if (ret != 0)
- return ret;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
- {
- byte nonce[8] = { 0 };
- /* Test dynamic RNG */
- rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
- if (rng == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
- wc_rng_free(rng);
- rng = NULL;
- if (ret != 0)
- return ret;
- /* Test dynamic RNG using extended API */
- ret = wc_rng_new_ex(&rng, nonce, (word32)sizeof(nonce),
- HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
- wc_rng_free(rng);
- if (ret != 0)
- return ret;
- }
- #endif
- return ret;
- }
- #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- #ifdef WC_RNG_SEED_CB
- static int seed_cb(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- (void)os;
- /* Known answer test. Set the seed to the same value every time. */
- for (i = 0; i < sz; i++)
- output[i] = (byte)i;
- return 0;
- }
- static wc_test_ret_t rng_seed_test(void)
- {
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const byte check[] =
- {
- 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
- 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
- 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
- 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
- };
- #else
- /* FIPS uses a longer seed, so different check value. */
- WOLFSSL_SMALL_STACK_STATIC const byte check[] =
- {
- 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
- 0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2,
- 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
- 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
- };
- #endif
- byte output[WC_SHA256_DIGEST_SIZE];
- WC_RNG rng;
- wc_test_ret_t ret;
- ret = wc_SetSeed_Cb(seed_cb);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output));
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = XMEMCMP(output, check, sizeof(output));
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- ret = wc_FreeRng(&rng);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_SetSeed_Cb(wc_GenerateSeed);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- out:
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
- {
- 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
- 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
- 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
- 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
- {
- 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
- 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
- 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
- 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
- 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
- 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
- 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
- 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
- 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
- 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
- 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
- {
- 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
- 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
- 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
- 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
- {
- 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
- 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
- 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
- {
- 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
- 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
- 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
- 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
- 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
- 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
- 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
- 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
- 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
- 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
- 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
- };
- byte output[WC_SHA256_DIGEST_SIZE * 4];
- wc_test_ret_t ret;
- WOLFSSL_ENTER("random_test");
- ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
- output, sizeof(output));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
- test2EntropyB, sizeof(test2EntropyB),
- output, sizeof(output));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Basic RNG generate block test */
- if ((ret = random_rng_test()) != 0)
- return ret;
- /* Test the seed check function. */
- #if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- {
- word32 i, outputSz;
- /* Repeat the same byte over and over. Should fail. */
- outputSz = sizeof(output);
- XMEMSET(output, 1, outputSz);
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- /* Every byte of the entropy scratch is different,
- * entropy is a single byte that shouldn't match. */
- outputSz = (sizeof(output) / 2) + 1;
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outputSz = sizeof(output);
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- /* Test the seed callback. */
- #ifdef WC_RNG_SEED_CB
- if ((ret = rng_seed_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
- {
- WOLFSSL_ENTER("random_test");
- /* Basic RNG generate block test */
- return random_rng_test();
- }
- #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
- #endif /* WC_NO_RNG */
- #ifndef MEM_TEST_SZ
- #define MEM_TEST_SZ 1024
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- static int simple_mem_test(int sz)
- {
- int ret = 0;
- byte* b;
- int i;
- b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- return WC_TEST_RET_ENC_NC;
- }
- /* utilize memory */
- for (i = 0; i < sz; i++) {
- b[i] = (byte)i;
- }
- /* read back and verify */
- for (i = 0; i < sz; i++) {
- if (b[i] != (byte)i) {
- ret = WC_TEST_RET_ENC_NC;
- break;
- }
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- /* If successful, returns the first letter of the byte array `in`.
- **
- ** This is a deceptively simple test of a read-only embedded Linux file system.
- ** (e.g CFLAGS `-mfdpic` and `-mforce-l32`) for Xtensa Linux ESP32. When the
- ** `-mforce-l32` is missing, access to `in` will fail with Illegal Instruction.
- ** Const is on read-only memory-mapped file system, *not* loaded in app memory.
- **
- ** Edit with caution. See PR #6523. */
- static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ)
- {
- wc_test_ret_t ret = 0;
- volatile word32 j = (word32)-1; /* must be volatile to properly detect error */
- ret = (wc_test_ret_t)*in; /* accessed *in value. */
- (void)ret;
- j = *outJ; /* Found index to use in const array. */
- if (j == 0) {
- #ifdef WOLFSSL_DEBUG
- printf("Testing const byte ptr reference...\n");
- #endif
- /* although j is zero, in[0] does not detect the Illegal instruction */
- ret = in[j]; /* The big test: can we actually access the `in` data? */
- }
- else {
- ret = WC_TEST_RET_ENC_I(j);
- }
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
- {
- wc_test_ret_t ret = 0;
- word32 j = 0; /* used in embedded const pointer test */
- WOLFSSL_ENTER("memory_test");
- #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
- int i;
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- word32 size[] = { WOLFMEM_BUCKETS };
- word32 dist[] = { WOLFMEM_DIST };
- byte buffer[30000]; /* make large enough to involve many bucket sizes */
- int pad = -(int)((wc_ptr_t)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
- /* pad to account for if head of buffer is not at set memory
- * alignment when tests are ran */
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- /* check macro settings */
- if (sizeof(size)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
- return WC_TEST_RET_ENC_NC;
- }
- if (sizeof(dist)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
- return WC_TEST_RET_ENC_NC;
- }
- if (WOLFMEM_DEF_BUCKETS > WOLFMEM_MAX_BUCKETS) {
- return WC_TEST_RET_ENC_NC;
- }
- for (i = 0; i < WOLFMEM_DEF_BUCKETS; i++) {
- if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
- /* each element in array should be divisible by alignment size */
- return WC_TEST_RET_ENC_NC;
- }
- }
- for (i = 1; i < WOLFMEM_DEF_BUCKETS; i++) {
- if (size[i - 1] >= size[i]) {
- return WC_TEST_RET_ENC_NC; /* sizes should be in increasing order */
- }
- }
- #ifndef WOLFSSL_STATIC_MEMORY_LEAN
- /* check that padding size returned is possible */
- if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
- return WC_TEST_RET_ENC_NC; /* no room for wc_Memory struct */
- }
- ret = wolfSSL_MemoryPaddingSz();
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
- return WC_TEST_RET_ENC_NC; /* not aligned! */
- }
- /* check function to return optimum buffer size (rounded down) */
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
- return WC_TEST_RET_ENC_NC; /* not aligned! */
- }
- if ((unsigned int)ret > sizeof(buffer)) {
- return WC_TEST_RET_ENC_NC; /* did not round down as expected */
- }
- if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
- return WC_TEST_RET_ENC_NC; /* return value changed when using suggested
- * value
- */
- }
- ret = wolfSSL_MemoryPaddingSz();
- ret += pad; /* add space that is going to be needed if buffer not aligned */
- if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
- (ret + (int)size[0])) {
- return WC_TEST_RET_ENC_NC; /* did not round down to nearest bucket
- * value
- */
- }
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
- if ((ret - pad) < 0) {
- return WC_TEST_RET_ENC_NC;
- }
- if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
- return WC_TEST_RET_ENC_NC; /* not even chunks of memory for IO size */
- }
- if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
- return WC_TEST_RET_ENC_NC; /* memory not aligned */
- }
- /* check for passing bad or unknown arguments to functions */
- if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
- return WC_TEST_RET_ENC_NC;
- }
- if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
- return WC_TEST_RET_ENC_NC; /* should round to 0
- since struct + bucket will not fit */
- }
- #endif
- (void)pad;
- (void)dist; /* avoid static analysis warning of variable not used */
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- /* simple test */
- ret = simple_mem_test(MEM_TEST_SZ);
- if (ret != 0)
- return ret;
- #endif
- #ifdef COMPLEX_MEM_TEST
- /* test various size blocks */
- for (i = 1; i < MEM_TEST_SZ; i*=2) {
- ret = simple_mem_test(i);
- if (ret != 0)
- return ret;
- }
- #endif
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) && defined(XREALLOC)
- /* realloc test */
- {
- byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef WOLFSSL_NO_REALLOC
- byte *c = NULL;
- if (b) {
- c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (c)
- b = c;
- }
- #endif
- if (b)
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((b == NULL)
- #ifndef WOLFSSL_NO_REALLOC
- || (c == NULL)
- #endif
- ) {
- return WC_TEST_RET_ENC_ERRNO;
- }
- }
- #endif
- if (ret == 0) {
- /* This test is only interesting on embedded R/O Flash systems */
- if (const_byte_ptr_test(const_byte_array, &j) != CBPTR_EXPECTED) {
- ret = 1;
- }
- }
- return ret;
- }
- #ifndef NO_FILESYSTEM
- /* Cert Paths */
- #ifdef FREESCALE_MQX
- #define CERT_PREFIX "a:\\"
- #define CERT_PATH_SEP "\\"
- #elif defined(WOLFSSL_uTKERNEL2)
- #define CERT_PREFIX "/uda/"
- #define CERT_PATH_SEP "/"
- #elif defined(_WIN32_WCE)
- #define CERT_PREFIX "\\windows\\"
- #define CERT_PATH_SEP "\\"
- #endif
- #ifndef CERT_PREFIX
- #define CERT_PREFIX "./"
- #endif
- #ifndef CERT_PATH_SEP
- #define CERT_PATH_SEP "/"
- #endif
- #ifndef CERT_WRITE_TEMP_DIR
- #define CERT_WRITE_TEMP_DIR CERT_PREFIX
- #endif
- #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
- /* Generated Test Certs */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- static const char* clientKey = CERT_ROOT "client-key.der";
- static const char* clientCert = CERT_ROOT "client-cert.der";
- #ifdef WOLFSSL_CERT_EXT
- static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
- static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
- #ifdef WOLFSSL_CERT_GEN
- static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
- #endif
- #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
- static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
- #endif
- #ifdef HAVE_PKCS7
- static const char* rsaServerCertDerFile =
- CERT_ROOT "server-cert.der";
- static const char* rsaServerKeyDerFile =
- CERT_ROOT "server-key.der";
- #endif
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #if !defined(NO_ASN) && !defined(NO_DH)
- static const char* dhParamsFile = CERT_ROOT "dh2048.der";
- #endif
- #endif
- #if !defined(NO_ASN) && !defined(NO_DH)
- #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- #if !defined(USE_CERT_BUFFERS_2048)
- static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
- static const char* dhKeyPubFile = CERT_ROOT "statickeys/dh-ffdhe2048-pub.der";
- #endif
- #endif
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- #ifndef NO_DSA
- static const char* dsaKey = CERT_ROOT "dsa2048.der";
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
- #ifdef HAVE_ECC
- /* cert files to be used in rsa cert gen test, check if RSA enabled */
- #ifdef HAVE_ECC_KEY_IMPORT
- static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
- #endif
- #endif
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
- #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) && \
- !defined(NO_ECC_SECP)
- #ifndef NO_RSA
- static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
- #endif
- #ifndef NO_ASN_TIME
- static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
- static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- static const char* eccCaKey384File =
- CERT_ROOT "ca-ecc384-key.der";
- static const char* eccCaCert384File =
- CERT_ROOT "ca-ecc384-cert.pem";
- #endif
- #endif
- #endif
- #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
- static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
- static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
- #endif
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd25519Cert =
- CERT_ROOT "ed25519/server-ed25519.der";
- static const char* caEd25519Cert =
- CERT_ROOT "ed25519/ca-ed25519.der";
- #endif
- #endif
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd448Cert =
- CERT_ROOT "ed448/server-ed448.der";
- static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
- #endif
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- static const char* certExtNc =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nc.der";
- static const char* certExtIa =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-ia.der";
- static const char* certExtNct =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nct.der";
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- static const char* certBadNegInt =
- CERT_ROOT "test" CERT_PATH_SEP "cert-bad-neg-int.der";
- #endif
- static const char* certBadOid =
- CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der";
- #ifndef WOLFSSL_NO_ASN_STRICT
- static const char* certBadUtf8 =
- CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der";
- #endif
- #endif
- #ifndef NO_WRITE_TEMP_FILES
- #ifdef HAVE_ECC
- #ifndef NO_ECC_SECP
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
- static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
- static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
- static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
- #endif
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ASN_CRYPT)
- static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
- static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
- static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
- #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
- #endif
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
- static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
- static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
- static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
- #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
- static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
- static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
- #endif
- #endif
- #endif /* !NO_RSA */
- #if !defined(NO_RSA) || !defined(NO_DSA)
- #ifdef WOLFSSL_KEY_GEN
- static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
- static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
- #endif
- #endif
- #endif /* !NO_WRITE_TEMP_FILES */
- #endif /* !NO_FILESYSTEM */
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- static CertName certDefaultName;
- static void initDefaultName(void)
- {
- #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
- NameAttrib* n;
- #endif
- XMEMCPY(certDefaultName.country, "US", sizeof("US"));
- certDefaultName.countryEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
- certDefaultName.stateEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St"));
- certDefaultName.streetEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
- certDefaultName.localityEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
- certDefaultName.surEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
- certDefaultName.orgEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
- certDefaultName.unitEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
- certDefaultName.commonNameEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
- certDefaultName.serialDevEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456"));
- certDefaultName.postalCodeEnc = CTC_PRINTABLE;
- #ifdef WOLFSSL_CERT_EXT
- XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
- certDefaultName.busCatEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.joiSt, "US", sizeof("US"));
- certDefaultName.joiStEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon"));
- certDefaultName.joiCEnc = CTC_PRINTABLE;
- #endif
- XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
- XMEMCPY(certDefaultName.userId, "TestUserID", sizeof("TestUserID"));
- certDefaultName.userIdEnc = CTC_PRINTABLE;
- #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
- /* test having additional OUs and setting DC */
- n = &certDefaultName.name[0];
- n->id = ASN_ORGUNIT_NAME;
- n->type = CTC_UTF8;
- n->sz = XSTRLEN("Development-2");
- XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
- #if CTC_MAX_ATTRIB > 3
- n = &certDefaultName.name[1];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = XSTRLEN("com");
- XMEMCPY(n->value, "com", sizeof("com"));
- n = &certDefaultName.name[2];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = XSTRLEN("wolfssl");
- XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
- #endif
- #endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */
- #ifdef WOLFSSL_CUSTOM_OID
- /* TODO: Add test case for custom OID's */
- #endif
- }
- #ifdef WOLFSSL_CERT_EXT
- #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
- defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
- "digitalSignature,nonRepudiation";
- #endif
- #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_ASN_TIME)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
- "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
- #endif
- #endif /* WOLFSSL_CERT_EXT */
- #endif /* WOLFSSL_CERT_GEN */
- #ifndef NO_RSA
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- static const byte minSerial[] = { 0x02, 0x01, 0x01 };
- static const byte minName[] = { 0x30, 0x00 };
- static const byte nameBad[] = {
- 0x30, 0x08,
- 0x31, 0x06,
- 0x30, 0x04,
- 0x06, 0x02,
- 0x55, 0x04,
- };
- static const byte minDates[] = {
- 0x30, 0x1e,
- 0x17, 0x0d,
- 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a,
- 0x17, 0x0d,
- 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a
- };
- static const byte minPubKey[] = {
- 0x30, 0x1c,
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01,
- 0x05, 0x00,
- 0x03, 0x0b,
- 0x00, 0x30, 0x08,
- 0x02, 0x01,
- 0x03,
- 0x02, 0x03,
- 0x01, 0x00, 0x01
- };
- static const byte minSigAlg[] = {
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x0b,
- 0x05, 0x00
- };
- static const byte minSig[] = {
- 0x03, 0x01,
- 0x00
- };
- static int add_seq(byte* certData, int offset, byte* data, byte length)
- {
- XMEMMOVE(certData + offset + 2, data, length);
- certData[offset++] = 0x30;
- certData[offset++] = length;
- return offset + length;
- }
- static int add_data(byte* certData, int offset, const byte* data, byte length)
- {
- XMEMCPY(certData + offset, data, length);
- return offset + length;
- }
- static wc_test_ret_t cert_asn1_test(void)
- {
- wc_test_ret_t ret;
- int len[3];
- DecodedCert cert;
- byte certData[114];
- byte* badCert = NULL;
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
- len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Minimal good certificate */
- InitDecodedCert(&cert, certData, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* Bad issuer name */
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
- len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
- len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Put data into allocated buffer to allow access error checking. */
- badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XMEMCPY(badCert, certData, len[0]);
- InitDecodedCert(&cert, badCert, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != ASN_PARSE_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- badCert = NULL;
- ret = 0;
- done:
- if (badCert != NULL)
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- static wc_test_ret_t cert_load_bad(const char* fname, byte* tmp, int err)
- {
- wc_test_ret_t ret;
- DecodedCert cert;
- XFILE file;
- size_t bytes;
- if ((fname == NULL) || (tmp == NULL)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- file = XFOPEN(fname, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != err) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- ret = 0;
- done:
- return ret;
- }
- static wc_test_ret_t cert_bad_asn1_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* tmp;
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- if (ret == 0) {
- /* Serial number: 0xff 0xa8. 0xff and top bit set on next byte invalid.
- */
- ret = cert_load_bad(certBadNegInt, tmp, ASN_EXPECT_0_E);
- }
- #endif
- if (ret == 0) {
- /* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */
- ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E);
- }
- #ifndef WOLFSSL_NO_ASN_STRICT
- if (ret == 0) {
- /* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set.
- */
- ret = cert_load_bad(certBadUtf8, tmp, ASN_PARSE_E);
- }
- #endif
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
- {
- #if !defined(NO_FILESYSTEM)
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("cert_test");
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- /* Certificate with Name Constraints extension. */
- file = XFOPEN(certExtNc, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- FreeDecodedCert(&cert);
- /* Certificate with Inhibit Any Policy extension. */
- file = XFOPEN(certExtIa, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- FreeDecodedCert(&cert);
- /* Certificate with Netscape Certificate Type extension. */
- file = XFOPEN(certExtNct, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #else
- if (ret != ASN_CRIT_EXT_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- ret = 0;
- #endif
- done:
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !NO_FILESYSTEM */
- if (ret == 0)
- ret = cert_asn1_test();
- if (ret == 0)
- ret = cert_bad_asn1_test();
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
- {
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- wc_test_ret_t ret;
- /* created from rsa_test : othercert.der */
- byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- /* created from rsa_test : othercert.der */
- byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
- "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
- #ifdef HAVE_ECC
- /* created from ecc_test_cert_gen : certecc.der */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Authority key id from ./certs/ca-ecc384-cert.pem */
- byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
- "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
- #else
- /* Authority key id from ./certs/ca-ecc-cert.pem */
- byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
- "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
- #endif
- #endif /* HAVE_ECC */
- /* created from rsa_test : cert.der */
- byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- WOLFSSL_ENTER("certext_test");
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- /* load othercert.der (Cert signed by an authority) */
- file = XFOPEN(otherCertDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- return WC_TEST_RET_ENC_ERRNO;
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check the SKID from a RSA certificate */
- if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the AKID from an RSA certificate */
- if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the Key Usage from an RSA certificate */
- if (!cert.extKeyUsageSet)
- return WC_TEST_RET_ENC_NC;
- if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
- return WC_TEST_RET_ENC_NC;
- /* check the CA Basic Constraints from an RSA certificate */
- if (cert.isCA)
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 1)
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return WC_TEST_RET_ENC_NC;
- #endif
- FreeDecodedCert(&cert);
- #ifdef HAVE_ECC
- /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
- file = XFOPEN(certEccDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- return WC_TEST_RET_ENC_ERRNO;
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check the SKID from a ECC certificate - generated dynamically */
- /* check the AKID from an ECC certificate */
- if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the Key Usage from an ECC certificate */
- if (!cert.extKeyUsageSet)
- return WC_TEST_RET_ENC_NC;
- if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
- return WC_TEST_RET_ENC_NC;
- /* check the CA Basic Constraints from an ECC certificate */
- if (cert.isCA)
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
- return WC_TEST_RET_ENC_NC;
- #endif
- FreeDecodedCert(&cert);
- #endif /* HAVE_ECC */
- /* load cert.der (self signed certificate) */
- file = XFOPEN(certDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- return WC_TEST_RET_ENC_ERRNO;
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check the SKID from a CA certificate */
- if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the AKID from an CA certificate */
- if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the Key Usage from CA certificate */
- if (!cert.extKeyUsageSet)
- return WC_TEST_RET_ENC_NC;
- if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
- return WC_TEST_RET_ENC_NC;
- /* check the CA Basic Constraints CA certificate */
- if (!cert.isCA)
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
- return WC_TEST_RET_ENC_NC;
- #endif
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
- !NO_FILESYSTEM && WOLFSSL_CERT_GEN */
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
- {
- wc_test_ret_t ret = 0;
- Cert cert;
- FILE* file;
- byte* der;
- word32 derSz;
- WOLFSSL_ENTER("decodedCertCache_test");
- derSz = FOURK_BUF;
- der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- ret = WC_TEST_RET_ENC_NC;
- if (ret == 0) {
- /* load cert.der */
- file = XFOPEN(certDerFile, "rb");
- if (file != NULL) {
- derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (derSz == 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- else
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- if (ret == 0) {
- ret = wc_InitCert_ex(&cert, HEAP_HINT, devId);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectRaw(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectRaw(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerRaw(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerRaw(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #ifdef WOLFSSL_ALT_NAMES
- if (ret == 0) {
- ret = wc_SetAltNamesBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetAltNamesBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetDatesBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetDatesBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromCert(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_NC;
- }
- wc_SetCert_Free(&cert);
- if (ret == 0) {
- if(cert.decodedCert != NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
- #define RSA_TEST_BYTES 512 /* up to 4096-bit key */
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static wc_test_ret_t rsa_flatten_test(RsaKey* key)
- {
- wc_test_ret_t ret;
- byte e[RSA_TEST_BYTES];
- byte n[RSA_TEST_BYTES];
- word32 eSz = sizeof(e);
- word32 nSz = sizeof(n);
- /* Parameter Validation testing. */
- ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- eSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- eSz = sizeof(e);
- nSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* NO_ASN */
- #if !defined(HAVE_FIPS) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static wc_test_ret_t rsa_export_key_test(RsaKey* key)
- {
- wc_test_ret_t ret;
- byte e[3];
- word32 eSz = sizeof(e);
- byte n[RSA_TEST_BYTES];
- word32 nSz = sizeof(n);
- byte d[RSA_TEST_BYTES];
- word32 dSz = sizeof(d);
- byte p[RSA_TEST_BYTES/2];
- word32 pSz = sizeof(p);
- byte q[RSA_TEST_BYTES/2];
- word32 qSz = sizeof(q);
- word32 zero = 0;
- ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef NO_SIG_WRAPPER
- static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20,
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[RSA_TEST_BYTES];
- /* Parameter Validation testing. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)modLen;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, NULL, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, NULL, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, 0, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, NULL);
- #if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
- /* blinding / rng handled with hardware acceleration */
- if (ret != 0)
- #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- /* async may not require RNG */
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- if (ret != NO_VALID_DEVID)
- #else
- if (ret != 0 && ret != MISSING_RNG_E)
- #endif
- #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
- /* FIPS140 implementation does not do blinding */
- if (ret != 0)
- #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
- if (ret != SIG_TYPE_E)
- #elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050)
- /* RNG is handled by hardware */
- if (ret != 0)
- #else
- if (ret != MISSING_RNG_E)
- #endif
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = 0;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, 0, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, NULL, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef HAVE_ECC
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
- if (ret != SIG_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- return 0;
- #endif
- /* Use APIs. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
- if (ret != modLen)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
- if (ret != modLen)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)ret;
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- XMEMSET(out, 0, sizeof(out));
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Wrong signature type. */
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check hash functions */
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- (void)hash;
- (void)hashEnc;
- #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
- return 0;
- }
- #endif /* !NO_SIG_WRAPPER */
- #ifdef WC_RSA_NONBLOCK
- static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
- word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- int count;
- int signSz = 0;
- RsaNb nb;
- byte* inlinePlain = NULL;
- /* Enable non-blocking RSA mode - provide context */
- ret = wc_RsaSetNonBlock(key, &nb);
- if (ret != 0)
- return ret;
- #ifdef WC_RSA_NONBLOCK_TIME
- /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */
- ret = wc_RsaSetNonBlockTime(key, 8, 3100);
- if (ret != 0)
- return ret;
- #endif
- count = 0;
- do {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("RSA non-block sign: %d times\n", count);
- #endif
- signSz = ret;
- /* Test non-blocking verify */
- XMEMSET(plain, 0, plainSz);
- count = 0;
- do {
- ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("RSA non-block verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Test inline non-blocking verify */
- count = 0;
- do {
- ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("RSA non-block inline verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Disabling non-block RSA mode */
- ret = wc_RsaSetNonBlock(key, NULL);
- (void)count;
- return 0;
- }
- #endif
- #if !defined(NO_ASN)
- static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
- {
- wc_test_ret_t ret;
- word32 inSz;
- word32 inOutIdx;
- WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
- WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
- 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
- 0x30, 0x1a, 0x30, 0x18,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
- 0x30, 0x1b, 0x30, 0x19,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
- 0x30, 0x16, 0x30, 0x14,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
- 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
- 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
- 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
- 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
- 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
- 0x30, 0x17, 0x30, 0x15,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Parameter Validation testing. */
- ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
- #if defined(USE_INTEGER_HEAP_MATH)
- if (ret != 0)
- #else
- if (ret != ASN_GETINT_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
- #if defined(USE_INTEGER_HEAP_MATH)
- if (ret != 0)
- #else
- if (ret != ASN_GETINT_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Use API. */
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Parameter Validation testing. */
- inSz = sizeof(good);
- ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Use good data and offset to bad data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId);
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- #ifndef WOLFSSL_NO_DECODE_EXTRA
- if (ret != ASN_PARSE_E)
- #else
- if (ret != ASN_RSA_KEY_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Try different bad data. */
- inSz = sizeof(badAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNotBitString);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
- if (ret != ASN_BITSTR_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badBitStringLen);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNoSeq);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNoObj);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badIntN);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNotIntE);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* TODO: Shouldn't pass as the sequence length is too small. */
- inSz = sizeof(badLength);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
- #ifndef WOLFSSL_ASN_TEMPLATE
- if (ret != 0)
- #else
- if (ret != ASN_PARSE_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* TODO: Shouldn't ignore object id's data. */
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- inSz = sizeof(badBitStrNoZero);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Valid data cases. */
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- inSz = sizeof(goodAlgId);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- inSz = sizeof(goodAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- done:
- wc_FreeRsaKey(keyPub);
- return ret;
- }
- #endif
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
- {
- byte digest[WC_MAX_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- const char inStr[] = TEST_STRING;
- word32 inLen = (word32)TEST_STRING_SZ;
- word32 outSz;
- word32 plainSz;
- word32 digestSz;
- int i, j;
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- int k, l;
- #endif
- #ifndef WOLFSSL_SE050
- int len;
- #endif
- byte* plain;
- int mgf[] = {
- #ifndef NO_SHA
- WC_MGF1SHA1,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_MGF1SHA224,
- #endif
- WC_MGF1SHA256,
- #ifdef WOLFSSL_SHA384
- WC_MGF1SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_MGF1SHA512
- #endif
- };
- enum wc_HashType hash[] = {
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- WC_HASH_TYPE_SHA256,
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- };
- WC_DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || sig == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_pss);
- #endif
- XMEMCPY(in, inStr, inLen);
- /* Test all combinations of hash and MGF. */
- for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
- /* Calculate hash of message. */
- ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- digestSz = (word32)wc_HashGetDigestSize(hash[j]);
- #ifdef WOLFSSL_SE050
- /* SE050 only supports MGF matched to same hash type */
- i = j;
- #else
- for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
- #endif
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
- hash[j], mgf[i], -1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- outSz = (word32)ret;
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
- mgf[i], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- plainSz = (word32)ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz,
- hash[j], -1, wc_RsaEncryptSize(key)*8, HEAP_HINT);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
- for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
- if (i == k && j == l)
- continue;
- XMEMCPY(sig, out, outSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
- (byte**)&plain, hash[l], mgf[k], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret >= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- }
- }
- #endif
- #ifndef WOLFSSL_SE050
- } /* end mgf for loop */
- #endif
- }
- /* SE050 generates salts internally only of hash length */
- #ifndef WOLFSSL_SE050
- /* Test that a salt length of zero works. */
- digestSz = (word32)wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], 0, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- outSz = (word32)ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- plainSz = (word32)ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, sig, plainSz,
- hash[0], 0, 0, HEAP_HINT);
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- plainSz = (word32)ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], 0);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], 0, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- 0, 0, HEAP_HINT);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- /* Test bad salt lengths in various APIs. */
- digestSz = (word32)wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], len, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], digestSz + 1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
- mgf[0], -2, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- digestSz + 1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- TEST_SLEEP();
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- len, 0, HEAP_HINT);
- #endif
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #ifndef WOLFSSL_PSS_LONG_SALT
- len = (int)(digestSz + 1);
- #else
- len = (int)(plainSz - digestSz - 1);
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len, 0);
- if (ret != BAD_PADDING_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- len, 0, HEAP_HINT);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #endif
- ret = 0;
- #endif /* WOLFSSL_SE050 */
- exit_rsa_pss:
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- return ret;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
- #endif
- #ifdef WC_RSA_NO_PADDING
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
- {
- WC_RNG rng;
- byte* tmp = NULL;
- size_t bytes;
- wc_test_ret_t ret;
- word32 inLen = 0;
- word32 idx = 0;
- word32 outSz = RSA_TEST_BYTES;
- word32 plainSz = RSA_TEST_BYTES;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- WC_DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(key, RsaKey, 1, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WOLFSSL_ENTER("rsa_no_pad_test");
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (key == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
- #endif
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof(RsaKey));
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open clientKey, Please run from wolfSSL home dir",
- WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
- #else
- /* No key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- /* after loading in key use tmp as the test buffer */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- inLen = (word32)wc_RsaEncryptSize(key);
- outSz = inLen;
- plainSz = inLen;
- XMEMSET(tmp, 7, inLen);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
- RSA_PRIVATE_ENCRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- /* encrypted result should not be the same as input */
- if (XMEMCMP(out, tmp, inLen) == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- /* decrypt with public key and compare result */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(NULL, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* test some bad arguments */
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != LENGTH_ONLY_E || plainSz != inLen) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_nopadding:
- wc_FreeRsaKey(key);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WC_FREE_VAR(key, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WC_RSA_NO_PADDING */
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
- {
- byte* tmp = NULL;
- size_t bytes;
- wc_test_ret_t ret;
- word32 inLen = 0;
- #ifndef NO_ASN
- word32 idx = 0;
- #endif
- word32 outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- word32 plainSz = RSA_TEST_BYTES;
- #endif
- #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
- !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #endif
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (out == NULL
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- || plain == NULL
- #endif
- ) {
- ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
- }
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
- }
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
- #else
- /* No key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
- #endif /* USE_CERT_BUFFERS */
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- key->n.dp[0] &= (mp_digit)-2;
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- /* after loading in key use tmp as the test buffer */
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM))) && \
- !defined(WOLFSSL_XILINX_CRYPT)
- /* The ARM64_ASM code that was FIPS validated did not return these expected
- * failure codes. These tests cases were added after the assembly was
- * in-lined in the module and validated, these tests will be available in
- * the 140-3 module */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- inLen = 32;
- outSz = wc_RsaEncryptSize(key);
- XMEMSET(tmp, 7, plainSz);
- ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(key, rng);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_even_mod:
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WC_FREE_VAR(out, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_FREE_VAR(plain, HEAP_HINT);
- #endif
- (void)out;
- (void)outSz;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- (void)plain;
- (void)plainSz;
- #endif
- (void)inLen;
- (void)rng;
- return ret;
- }
- #endif /* WOLFSSL_HAVE_SP_RSA */
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- wc_test_ret_t ret;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE file3;
- #endif
- #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
- struct tm beforeTime;
- struct tm afterTime;
- #endif
- const byte mySerial[8] = {1,2,3,4,5,6,7,8};
- (void)keypub;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (caKey == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #ifdef WOLFSSL_TEST_CERT
- if (decode == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- /* self signed */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
- myCert->serialSz = (int)sizeof(mySerial);
- myCert->isCA = 1;
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- /* add AKID from the Public Key */
- ret = wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert,"cRLSign,keyCertSign");
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- const char unique[] = "2.16.840.1.111111.100.1.10.1";
- ret = wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
- HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- certSz = (int)ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- /* Setup Certificate */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
- /* Get CA Cert for testing */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- bytes3 = sizeof_ca_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- bytes3 = sizeof_ca_cert_der_2048;
- #else
- file3 = XFOPEN(rsaCaCertDerFile, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- #if defined(WOLFSSL_ALT_NAMES)
- #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
- !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
- ret = wc_SetAltNames(myCert, rsaCaCertFile);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- /* get alt names from der */
- ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* get dates from der */
- ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_ASN_TIME
- ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- #endif /* WOLFSSL_ALT_NAMES */
- #endif /* WOLFSSL_ALT_NAMES || HAVE_PKCS7 */
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb =1;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
- if (certSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
- caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = (int)ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- #if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
- defined(WOLFSSL_CERT_GEN)
- /* Make Cert / Sign example for ECC cert and RSA CA */
- static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- ecc_key caEccKey[1];
- ecc_key caEccKeyPub[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
- || !defined(USE_CERT_BUFFERS_256)
- #ifndef NO_FILESYSTEM
- XFILE file3;
- #endif
- #endif
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- )
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* Get Cert Key */
- #if defined(USE_CERT_BUFFERS_256)
- {
- XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
- bytes3 = sizeof_ecc_key_pub_der_256;
- }
- #elif !defined(NO_FILESYSTEM)
- {
- file3 = XFOPEN(eccKeyPubFileDer, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- #else
- {
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(1)");
- ERROR_OUT(ASN_PARSE_E, exit_rsa);
- }
- #endif
- ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- idx3 = 0;
- ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* Setup Certificate */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert, certKeyUsage);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
- if (certSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = (int)ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, 0);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKeyPub != NULL) {
- wc_ecc_free(caEccKeyPub);
- XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- wc_ecc_free(caEccKey);
- wc_ecc_free(caEccKeyPub);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- myCert = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
- #ifdef WOLFSSL_KEY_GEN
- static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey genKey[1];
- #endif
- wc_test_ret_t ret;
- #ifndef WOLFSSL_NO_MALLOC
- byte* der = NULL;
- #else
- byte der[1024];
- #endif
- #ifndef WOLFSSL_CRYPTOCELL
- word32 idx = 0;
- #endif
- int derSz = 0;
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
- int keySz = 1024;
- #else
- int keySz = 2048;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (! genKey)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(genKey, 0, sizeof *genKey);
- ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifdef HAVE_FIPS
- for (;;) {
- #endif
- ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #ifdef HAVE_FIPS
- if (ret == PRIME_GEN_E)
- continue;
- break;
- }
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #ifdef WOLFSSL_RSA_KEY_CHECK
- ret = wc_CheckRsaKey(genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- #endif
- derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- PRIVATEKEY_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- wc_FreeRsaKey(genKey);
- ret = wc_InitRsaKey(genKey, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef WOLFSSL_CRYPTOCELL
- idx = 0;
- /* The private key part of the key gen pairs from cryptocell can't be exported */
- ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, (word32)derSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CRYPTOCELL */
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (genKey) {
- wc_FreeRsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeRsaKey(genKey);
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- if (der != NULL) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif
- return ret;
- }
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- word32 idx = 0;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- byte* res = NULL;
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMCPY(in, inStr, inLen);
- #ifndef NO_SHA
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* NO_SHA */
- #endif
- #ifndef NO_SHA256
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (ret != (int)inLen) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* check fails if not using the same optional label */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
- /* label is unused in cryptocell and SE050 so it won't detect decrypt error
- * due to label */
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* in this case decrypt should fail */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- /* check using optional label with encrypt/decrypt */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef NO_SHA
- /* check fail using mismatch hash algorithms */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
- in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* should fail */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- #endif /* NO_SHA */
- #endif /* NO_SHA256 */
- #ifdef WOLFSSL_SHA512
- /* Check valid RSA key size is used while using hash length of SHA512
- If key size is less than (hash length * 2) + 2 then is invalid use
- and test, since OAEP padding requires this.
- BAD_FUNC_ARG is returned when this case is not met */
- if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- }
- #endif /* WOLFSSL_SHA512 */
- /* check using pkcsv15 padding with _ex API */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- exit_rsa:
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- (void)idx;
- (void)inStr;
- (void)res;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
- {
- wc_test_ret_t ret;
- size_t bytes;
- WC_RNG rng;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* tmp = NULL;
- byte* der = NULL;
- RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey key[1];
- byte tmp[FOURK_BUF];
- #endif
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey keypub[1];
- #endif
- #endif
- word32 idx = 0;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- byte* res = NULL;
- #ifndef NO_SIG_WRAPPER
- int modLen;
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #ifdef WOLFSSL_TEST_CERT
- XFILE file2;
- #endif
- #endif
- #ifdef WOLFSSL_TEST_CERT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DecodedCert cert[1];
- #endif
- #ifndef NO_ASN_TIME
- struct tm timearg;
- const byte* date;
- byte dateFormat;
- int dateLength;
- #endif
- #endif
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WOLFSSL_ENTER("rsa_test");
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMCPY(in, inStr, inLen);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof *key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- XMEMSET(keypub, 0, sizeof *keypub);
- #endif
- #if !defined(NO_ASN)
- ret = rsa_decode_test(key);
- if (ret != 0)
- ERROR_OUT(ret, exit_rsa);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- bytes = (size_t)sizeof_client_key_der_3072;
- if (bytes < (size_t)sizeof_client_cert_der_3072)
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- bytes = (size_t)sizeof_client_key_der_4096;
- if (bytes < (size_t)sizeof_client_cert_der_4096)
- bytes = (size_t)sizeof_client_cert_der_4096;
- #else
- bytes = FOURK_BUF;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #else
- /* No key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SIG_WRAPPER
- modLen = wc_RsaEncryptSize(key);
- #endif
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- #ifndef NO_SIG_WRAPPER
- ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef WC_RSA_NONBLOCK
- ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #ifdef WC_RSA_BLINDING
- {
- wc_test_ret_t tmpret = ret;
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = tmpret;
- }
- #endif
- idx = (word32)ret; /* save off encrypted length */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (ret != (int)inLen) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #elif defined(WOLFSSL_PUBLIC_MP)
- {
- static const byte signature_2048[] = {
- 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
- 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
- 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
- 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
- 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
- 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
- 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
- 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
- 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
- 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
- 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
- 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
- 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
- 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
- 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
- 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
- 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
- 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
- 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
- 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
- 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
- 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
- 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
- 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
- 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
- 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
- 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
- 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
- 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
- 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
- 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
- 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
- };
- ret = sizeof(signature_2048);
- XMEMCPY(out, signature_2048, ret);
- }
- #endif
- #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
- ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
- defined(WOLFSSL_PUBLIC_MP)) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- idx = (word32)ret;
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #ifndef WOLFSSL_RSA_VERIFY_INLINE
- #if defined(WOLFSSL_CRYPTOCELL)
- /*
- Cryptocell requires the input data and signature byte array to verify.
- first argument must be the input data
- second argument must be the length of input data
- third argument must be the signature byte array or the output from
- wc_RsaSSL_Sign()
- fourth argument must be the length of the signature byte array
- */
- ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
- #else
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
- #endif /* WOLFSSL_CRYPTOCELL */
- #else
- byte* dec = NULL;
- ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
- if (ret > 0) {
- XMEMCPY(plain, dec, ret);
- }
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, (size_t)ret)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- ret = rsa_oaep_padding_test(key, &rng);
- if (ret != 0)
- return ret;
- #endif /* !HAVE_FIPS */
- #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #if !defined(HAVE_FIPS) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_export_key_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_flatten_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
- !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- (void)clientCert;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- #if defined(WOLFSSL_MDK_ARM)
- #define sizeof(s) XSTRLEN((char *)(s))
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
- bytes = (size_t)sizeof_client_cert_der_4096;
- #elif !defined(NO_FILESYSTEM)
- file2 = XFOPEN(clientCert, "rb");
- if (!file2) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file2);
- XFCLOSE(file2);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- #endif
- #ifdef sizeof
- #undef sizeof
- #endif
- InitDecodedCert(cert, tmp, (word32)bytes, NULL);
- ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #ifndef NO_ASN_TIME
- ret = wc_GetDateInfo(cert->afterDate, cert->afterDateLen, &date,
- &dateFormat, &dateLength);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #endif
- FreeDecodedCert(cert);
- #endif /* WOLFSSL_TEST_CERT */
- #ifdef WOLFSSL_CERT_EXT
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- bytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- bytes = sizeof_client_keypub_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
- bytes = sizeof_client_keypub_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
- bytes = sizeof_client_keypub_der_4096;
- #else
- file = XFOPEN(clientKeyPub, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-keyPub.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(keypub, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- idx = 0;
- ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_KEY_GEN
- ret = rsa_keygen_test(&rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- /* Make Cert / Sign example for RSA cert and RSA CA */
- ret = rsa_certgen_test(key, keypub, &rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP)
- ret = rsa_ecc_certgen_test(&rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
- {
- Cert *req;
- int derSz;
- #ifndef WOLFSSL_SMALL_STACK
- byte* der = NULL;
- #endif
- req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (! req)
- ERROR_OUT(MEMORY_E, exit_rsa);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- ret = wc_InitCert_ex(req, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- req->version = 0;
- req->isCA = 1;
- XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
- XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
- #ifndef NO_SHA256
- req->sigType = CTC_SHA256wRSA;
- #else
- req->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Key Usage */
- ret = wc_SetKeyUsage(req, certKeyUsage2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Extended Key Usage */
- ret = wc_SetExtKeyUsage(req,
- "serverAuth,clientAuth,codeSigning,"
- "emailProtection,timeStamping,OCSPSigning");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifdef WOLFSSL_EKU_OID
- {
- WOLFSSL_SMALL_STACK_STATIC const char unique[] =
- "2.16.840.1.111111.100.1.10.1";
- ret = wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
- HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- #ifdef WOLFSSL_CERT_EXT
- /* Try again with "any" flag set, will override all others */
- ret = wc_SetExtKeyUsage(req, "any");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
- key, NULL, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- derSz = (int)ret;
- ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
- CERTREQ_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- /* Test getting the size of the buffer without providing the buffer.
- * derSz is set to the "largest buffer" we are willing to allocate. */
- derSz = wc_MakeCertReq(req, NULL, 10000, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif /* WOLFSSL_CERT_GEN */
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- ret = rsa_pss_test(&rng, key);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- /* New key to be loaded in rsa_even_mod_test(). */
- if (key != NULL)
- #endif
- wc_FreeRsaKey(key);
- /* New key to be loaded in rsa_even_mod_test(). */
- ret = rsa_even_mod_test(&rng, key);
- #endif
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_FreeRsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub != NULL) {
- wc_FreeRsaKey(keypub);
- XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert != NULL)
- XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_FreeRsaKey(key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- wc_FreeRsaKey(keypub);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- wc_FreeRng(&rng);
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- (void)res;
- (void)bytes;
- (void)idx;
- (void)in;
- (void)out;
- (void)plain;
- (void)idx;
- (void)inStr;
- (void)inLen;
- (void)outSz;
- (void)plainSz;
- /* ret can be greater then 0 with certgen but all negative values should
- * be returned and treated as an error */
- if (ret >= 0) {
- return 0;
- }
- else {
- return ret;
- }
- }
- #endif /* !NO_RSA */
- #ifndef NO_DH
- static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
- {
- wc_test_ret_t ret = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DhKey key[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
- 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
- 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
- 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
- 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
- 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
- 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
- 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
- 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
- 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
- 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
- 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
- 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
- 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
- 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
- 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
- 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
- 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
- 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
- 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
- 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
- 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
- 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
- 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
- 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
- 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
- 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
- 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
- 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
- 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
- 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
- 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
- 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
- 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
- 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
- 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
- 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
- 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
- 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
- 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
- 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
- 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
- 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
- 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
- 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
- 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
- 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
- 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
- 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
- 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
- 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
- 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
- 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
- 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
- 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
- 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
- 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
- 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
- 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
- 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
- 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
- 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
- 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
- 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
- 0x00,
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- byte priv[256];
- byte pub[256];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_gen_test);
- #endif
- /* Parameter Validation testing. */
- ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- /* Use API. */
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- #ifndef HAVE_SELFTEST
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- /* Taint the public key so the check fails. */
- pub[0]++;
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_CMP_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- #ifdef WOLFSSL_KEY_GEN
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateParams(rng, 2048, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- #endif /* WOLFSSL_KEY_GEN */
- #endif /* HAVE_SELFTEST */
- ret = 0;
- exit_gen_test:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- #endif
- return ret;
- }
- static wc_test_ret_t dh_generate_test(WC_RNG *rng)
- {
- wc_test_ret_t ret = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DhKey *smallKey = NULL;
- #else
- DhKey smallKey[1];
- #endif
- byte p[2] = { 1, 7 }; /* 263 in decimal */
- byte g[2] = { 0, 2 };
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
- #ifdef WOLFSSL_DH_CONST
- /* the table for constant DH lookup will round to the lowest byte size 21 */
- byte priv[21];
- byte pub[21];
- #else
- byte priv[2];
- byte pub[2];
- #endif
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #endif
- int smallKey_inited = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- smallKey_inited = 1;
- /* Parameter Validation testing. */
- ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeDhKey(NULL);
- ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
- /* Use API. */
- ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #else
- (void)rng;
- #if defined(HAVE_FIPS) || !defined(WOLFSSL_NO_DH186)
- ret = 0;
- #endif
- #endif
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_NO_DH186)
- {
- byte priv[260];
- byte pub[260];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- /* test odd ball param generation with DH */
- wc_FreeDhKey(smallKey);
- ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateParams(rng, 2056, smallKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- #endif /* !HAVE_FIPS and WOLFSSL_NO_DH186 */
- exit_gen_test:
- if (smallKey_inited)
- wc_FreeDhKey(smallKey);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (smallKey != NULL)
- XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- typedef struct dh_pubvalue_test {
- const byte* data;
- word32 len;
- } dh_pubvalue_test;
- static wc_test_ret_t dh_test_check_pubvalue(void)
- {
- wc_test_ret_t ret;
- word32 i;
- WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
- const dh_pubvalue_test dh_pubval_fail[] = {
- { prime, sizeof(prime) },
- { pubValZero, sizeof(pubValZero) },
- { pubValZeroLong, sizeof(pubValZeroLong) },
- { pubValOne, sizeof(pubValOne) },
- { pubValOneLong, sizeof(pubValOneLong) },
- { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
- { pubValPrimeLong, sizeof(pubValPrimeLong) },
- { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
- { pubValTooBig0, sizeof(pubValTooBig0) },
- { pubValTooBig1, sizeof(pubValTooBig1) },
- { pubValTooLong, sizeof(pubValTooLong) },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
- const dh_pubvalue_test dh_pubval_pass[] = {
- { pubValTwo, sizeof(pubValTwo) },
- { pubValTwoLong, sizeof(pubValTwoLong) },
- { pubValGood, sizeof(pubValGood) },
- { pubValGoodLen, sizeof(pubValGoodLen) },
- { pubValGoodLong, sizeof(pubValGoodLong) },
- };
- for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
- dh_pubval_fail[i].len);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_I(i);
- }
- for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
- dh_pubval_pass[i].len);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif
- #if defined(HAVE_FFDHE)
- #if defined(HAVE_FFDHE_4096)
- #define MAX_DH_PRIV_SZ 39
- #define MAX_DH_KEY_SZ 512
- #elif defined(HAVE_FFDHE_3072)
- #define MAX_DH_PRIV_SZ 34
- #define MAX_DH_KEY_SZ 384
- #else
- #define MAX_DH_PRIV_SZ 29
- #define MAX_DH_KEY_SZ 256
- #endif
- #ifndef WC_NO_RNG
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
- #ifdef HAVE_PUBLIC_FFDHE
- static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
- #else
- static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
- #endif
- {
- wc_test_ret_t ret;
- word32 privSz, pubSz, privSz2, pubSz2;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte priv[MAX_DH_PRIV_SZ];
- byte pub[MAX_DH_KEY_SZ];
- byte priv2[MAX_DH_PRIV_SZ];
- byte pub2[MAX_DH_KEY_SZ];
- byte agree[MAX_DH_KEY_SZ];
- byte agree2[MAX_DH_KEY_SZ];
- DhKey key[1];
- DhKey key2[1];
- #endif
- word32 agreeSz = MAX_DH_KEY_SZ;
- word32 agreeSz2 = MAX_DH_KEY_SZ;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((priv == NULL) ||
- (pub == NULL) ||
- (priv2 == NULL) ||
- (pub2 == NULL) ||
- (agree == NULL) ||
- (agree2 == NULL) ||
- (key == NULL) ||
- (key2 == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- pubSz = MAX_DH_KEY_SZ;
- pubSz2 = MAX_DH_KEY_SZ;
- #ifdef HAVE_PUBLIC_FFDHE
- privSz = MAX_DH_PRIV_SZ;
- privSz2 = MAX_DH_PRIV_SZ;
- #else
- privSz = wc_DhGetNamedKeyMinSize(name);
- privSz2 = privSz;
- #endif
- XMEMSET(key, 0, sizeof(*key));
- XMEMSET(key2, 0, sizeof(*key2));
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_PUBLIC_FFDHE
- ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
- #else
- ret = wc_DhSetNamedKey(key, name);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_PUBLIC_FFDHE
- ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
- params->g_len);
- #else
- ret = wc_DhSetNamedKey(key2, name);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
- !defined(HAVE_INTEL_QA)
- /* Make p even */
- key->p.dp[0] &= (mp_digit)-2;
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #ifndef HAVE_SELFTEST
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_CMP_E &&
- ret != ASYNC_OP_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- /* Getting here means success - set ret to 0. */
- ret = 0;
- #endif /* (SP DH or Fast Math) and not Intel QuickAssist */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
- !defined(WC_NO_RNG)
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- wc_FreeDhKey(key2);
- #endif
- return ret;
- }
- #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_FFDHE */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
- {
- wc_test_ret_t ret;
- word32 bytes;
- word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
- #ifndef WC_NO_RNG
- WC_RNG rng;
- int rngInit = 0;
- #endif
- int keyInit = 0, key2Init = 0;
- #define DH_TEST_TMP_SIZE 1024
- #if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define DH_TEST_BUF_SIZE 256
- #else
- #define DH_TEST_BUF_SIZE 512
- #endif
- #ifndef WC_NO_RNG
- word32 agreeSz = DH_TEST_BUF_SIZE;
- word32 agreeSz2 = DH_TEST_BUF_SIZE;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DhKey key[1];
- DhKey key2[1];
- byte tmp[DH_TEST_TMP_SIZE];
- #endif
- #ifndef WC_NO_RNG
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
- agree == NULL || agree2 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- byte priv[DH_TEST_BUF_SIZE];
- byte pub[DH_TEST_BUF_SIZE];
- byte priv2[DH_TEST_BUF_SIZE];
- byte pub2[DH_TEST_BUF_SIZE];
- byte agree[DH_TEST_BUF_SIZE];
- byte agree2[DH_TEST_BUF_SIZE];
- #endif
- #endif /* !WC_NO_RNG */
- WOLFSSL_ENTER("dh_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL || key2 == NULL || tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
- bytes = (size_t)sizeof_dh_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
- bytes = (size_t)sizeof_dh_key_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
- bytes = (size_t)sizeof_dh_key_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
- bytes = (size_t)sizeof_dh_key_der_4096;
- #elif defined(NO_ASN)
- /* don't use file, no DER parsing */
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(dhParamsFile, "rb");
- if (! file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- /* No DH key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* USE_CERT_BUFFERS */
- (void)idx;
- (void)tmp;
- (void)bytes;
- pubSz = DH_TEST_BUF_SIZE;
- pubSz2 = DH_TEST_BUF_SIZE;
- privSz = DH_TEST_BUF_SIZE;
- privSz2 = DH_TEST_BUF_SIZE;
- #ifndef WC_NO_RNG
- XMEMSET(&rng, 0, sizeof(rng));
- #endif
- /* Use API for coverage. */
- ret = wc_InitDhKey(key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- keyInit = 1;
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- key2Init = 1;
- #ifdef NO_ASN
- #ifndef WOLFSSL_SP_MATH
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #else
- ret = wc_DhSetKey(key, dh2048_p, sizeof(dh2048_p), dh2048_g,
- sizeof(dh2048_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhSetKey(key2, dh2048_p, sizeof(dh2048_p), dh2048_g,
- sizeof(dh2048_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #else
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- idx = 0;
- ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- rngInit = 1;
- ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* !WC_NO_RNG */
- #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = wc_DhCheckPrivKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhCheckPrivKey(key, priv, privSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- {
- word32 pSz, qSz, gSz;
- ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- /* Test DH key import / export */
- #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef NO_ASN
- {
- /* DH Private - Key Export / Import */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *tmp2;
- #else
- byte tmp2[DH_TEST_TMP_SIZE];
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_ffdhe_statickey_der_2048, sizeof_dh_ffdhe_statickey_der_2048);
- bytes = sizeof_dh_ffdhe_statickey_der_2048;
- #else
- XFILE file = XFOPEN(dhKeyFile, "rb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp2 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- idx = 0;
- XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
- /* Import DH Private key as DER */
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret == 0) {
- /* Export as DER */
- idx = DH_TEST_TMP_SIZE;
- ret = wc_DhPrivKeyToDer(key, tmp2, &idx);
- }
- /* Verify export matches original */
- if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- /* DH Public Key - Export / Import */
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_ffdhe_pub_statickey_der_2048, sizeof_dh_ffdhe_pub_statickey_der_2048);
- bytes = sizeof_dh_ffdhe_pub_statickey_der_2048;
- #else
- file = XFOPEN(dhKeyPubFile, "rb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- /* for HAVE_WOLF_BIGINT prevent leak */
- wc_FreeDhKey(key);
- (void)wc_InitDhKey_ex(key, HEAP_HINT, devId);
- idx = 0;
- XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
- /* Import DH Public key as DER */
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret == 0) {
- /* Export as DER */
- idx = DH_TEST_TMP_SIZE;
- ret = wc_DhPubKeyToDer(key, tmp2, &idx);
- }
- /* Verify export matches original */
- if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- #else
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* !NO_ASN */
- privSz = DH_TEST_BUF_SIZE;
- pubSz = DH_TEST_BUF_SIZE;
- ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */
- #ifndef WC_NO_RNG
- ret = dh_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(ret, done);
- ret = dh_fips_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(ret, done);
- #endif /* !WC_NO_RNG */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = dh_test_check_pubvalue();
- if (ret != 0)
- ERROR_OUT(ret, done);
- #endif
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
- /* RNG with DH and SP_ASM code not supported in the in-lined FIPS ASM code,
- * this will be available for testing in the 140-3 module */
- #ifndef WC_NO_RNG
- /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
- #ifdef HAVE_FFDHE_2048
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_2048);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifdef HAVE_FFDHE_3072
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_3072);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifdef HAVE_FFDHE_4096
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_4096);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */
- wc_FreeDhKey(key);
- keyInit = 0;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
- /* Test Check Key */
- ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
- NULL, 0, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
- #endif
- done:
- #ifndef WC_NO_RNG
- if (rngInit)
- wc_FreeRng(&rng);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- if (keyInit)
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- if (key2Init)
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- if (keyInit)
- wc_FreeDhKey(key);
- if (key2Init)
- wc_FreeDhKey(key2);
- #endif
- (void)privSz;
- (void)pubSz;
- (void)pubSz2;
- (void)privSz2;
- return ret;
- #undef DH_TEST_BUF_SIZE
- #undef DH_TEST_TMP_SIZE
- }
- #endif /* NO_DH */
- #ifndef NO_DSA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
- {
- wc_test_ret_t ret = 0;
- int answer;
- word32 bytes;
- word32 idx = 0;
- WC_RNG rng;
- int rng_inited = 0;
- wc_Sha sha;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte signature[40];
- int key_inited = 0;
- #ifdef WOLFSSL_KEY_GEN
- byte* der = 0;
- int derIn_inited = 0;
- int genKey_inited = 0;
- #endif
- #define DSA_TEST_TMP_SIZE 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *tmp = (byte *)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *key = (DsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_KEY_GEN
- DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_ENTER("dsa_test");
- if ((tmp == NULL) ||
- (key == NULL)
- #ifdef WOLFSSL_KEY_GEN
- || (derIn == NULL)
- || (genKey == NULL)
- #endif
- ) {
- ret = WC_TEST_RET_ENC_NC;
- goto out;
- }
- #else
- byte tmp[1024];
- DsaKey key[1];
- #ifdef WOLFSSL_KEY_GEN
- DsaKey derIn[1];
- DsaKey genKey[1];
- #endif
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- {
- XFILE file = XFOPEN(dsaKey, "rb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_ShaUpdate(&sha, tmp, bytes);
- wc_ShaFinal(&sha, hash);
- wc_ShaFree(&sha);
- ret = wc_InitDsaKey(key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- key_inited = 1;
- ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- rng_inited = 1;
- ret = wc_DsaSign(hash, signature, key, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_DsaVerify(hash, signature, key, &answer);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (answer != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- wc_FreeDsaKey(key);
- key_inited = 0;
- ret = wc_InitDsaKey_h(key, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- key_inited = 1;
- #ifdef WOLFSSL_KEY_GEN
- {
- int derSz = 0;
- ret = wc_InitDsaKey(genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- genKey_inited = 1;
- ret = wc_MakeDsaParameters(&rng, 1024, genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_MakeDsaKey(&rng, genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), out);
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- DSA_PRIVATEKEY_TYPE);
- if (ret != 0)
- goto out;
- ret = wc_InitDsaKey(derIn);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- derIn_inited = 1;
- idx = 0;
- ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, (word32)derSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif /* WOLFSSL_KEY_GEN */
- out:
- #ifdef WOLFSSL_KEY_GEN
- if (der)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key) {
- if (key_inited)
- wc_FreeDsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_KEY_GEN
- if (derIn) {
- if (derIn_inited)
- wc_FreeDsaKey(derIn);
- XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (genKey) {
- if (genKey_inited)
- wc_FreeDsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (key_inited)
- wc_FreeDsaKey(key);
- #ifdef WOLFSSL_KEY_GEN
- if (derIn_inited)
- wc_FreeDsaKey(derIn);
- if (genKey_inited)
- wc_FreeDsaKey(genKey);
- #endif
- #endif
- if (rng_inited)
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* NO_DSA */
- #ifdef WOLFCRYPT_HAVE_SRP
- static wc_test_ret_t generate_random_salt(byte *buf, word32 size)
- {
- wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
- WC_RNG rng;
- if(NULL == buf || !size)
- return WC_TEST_RET_ENC_NC;
- if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
- ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
- wc_FreeRng(&rng);
- }
- return ret;
- }
- static wc_test_ret_t srp_test_digest(SrpType dgstType)
- {
- wc_test_ret_t r;
- byte clientPubKey[192]; /* A */
- byte serverPubKey[192]; /* B */
- word32 clientPubKeySz = 192;
- word32 serverPubKeySz = 192;
- byte username[] = "user";
- word32 usernameSz = 4;
- byte password[] = "password";
- word32 passwordSz = 8;
- WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
- 0xfc, 0x58, 0x7a, 0x8a, 0x70, 0xfb, 0x5a, 0x9a,
- 0x5d, 0x39, 0x48, 0xbf, 0x1c, 0x46, 0xd8, 0x3b,
- 0x7a, 0xe9, 0x1f, 0x85, 0x36, 0x18, 0xc4, 0x35,
- 0x3f, 0xf8, 0x8a, 0x8f, 0x8c, 0x10, 0x2e, 0x01,
- 0x58, 0x1d, 0x41, 0xcb, 0xc4, 0x47, 0xa8, 0xaf,
- 0x9a, 0x6f, 0x58, 0x14, 0xa4, 0x68, 0xf0, 0x9c,
- 0xa6, 0xe7, 0xbf, 0x0d, 0xe9, 0x62, 0x0b, 0xd7,
- 0x26, 0x46, 0x5b, 0x27, 0xcb, 0x4c, 0xf9, 0x7e,
- 0x1e, 0x8b, 0xe6, 0xdd, 0x29, 0xb7, 0xb7, 0x15,
- 0x2e, 0xcf, 0x23, 0xa6, 0x4b, 0x97, 0x9f, 0x89,
- 0xd4, 0x86, 0xc4, 0x90, 0x63, 0x92, 0xf4, 0x30,
- 0x26, 0x69, 0x48, 0x9d, 0x7a, 0x4f, 0xad, 0xb5,
- 0x6a, 0x51, 0xad, 0xeb, 0xf9, 0x90, 0x31, 0x77,
- 0x53, 0x30, 0x2a, 0x85, 0xf7, 0x11, 0x21, 0x0c,
- 0xb8, 0x4b, 0x56, 0x03, 0x5e, 0xbb, 0x25, 0x33,
- 0x7c, 0xd9, 0x5a, 0xd1, 0x5c, 0xb2, 0xd4, 0x53,
- 0xc5, 0x16, 0x68, 0xf0, 0xdf, 0x48, 0x55, 0x3e,
- 0xd4, 0x59, 0x87, 0x64, 0x59, 0xaa, 0x39, 0x01,
- 0x45, 0x89, 0x9c, 0x72, 0xff, 0xdd, 0x8f, 0x6d,
- 0xa0, 0x42, 0xbc, 0x6f, 0x6e, 0x62, 0x18, 0x2d,
- 0x50, 0xe8, 0x18, 0x97, 0x87, 0xfc, 0xef, 0x1f,
- 0xf5, 0x53, 0x68, 0xe8, 0x49, 0xd1, 0xa2, 0xe8,
- 0xb9, 0x26, 0x03, 0xba, 0xb5, 0x58, 0x6f, 0x6c,
- 0x8b, 0x08, 0xa1, 0x7b, 0x6f, 0x42, 0xc9, 0x53
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x02
- };
- byte salt[10];
- byte verifier[192];
- word32 v_size = sizeof(verifier);
- word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
- word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
- byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
- if ((cli == NULL) ||
- (srv == NULL) ||
- (clientProof == NULL) ||
- (serverProof == NULL)) {
- r = WC_TEST_RET_ENC_NC;
- goto out;
- }
- #else
- Srp cli[1], srv[1];
- byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
- byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
- #endif
- /* set as 0's so if second init on srv not called SrpTerm is not on
- * garbage values */
- XMEMSET(srv, 0, sizeof *srv);
- XMEMSET(cli, 0, sizeof *cli);
- /* generating random salt */
- r = generate_random_salt(salt, sizeof(salt));
- /* client knows username and password. */
- /* server knows N, g, salt and verifier. */
- if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId);
- if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
- /* loading N, g and salt in advance to generate the verifier. */
- if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
- if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
- /* client sends username to server */
- if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId);
- if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
- if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
- if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
- /* server sends N, g, salt and B to client */
- if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
- if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
- /* client sends A and M1 to server */
- if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
- if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
- /* server sends M2 to client */
- if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
- wc_SrpTerm(cli);
- wc_SrpTerm(srv);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- out:
- if (cli)
- XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (srv)
- XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (clientProof)
- XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (serverProof)
- XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return r;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_ENTER("srp_test");
- #ifndef NO_SHA
- ret = srp_test_digest(SRP_TYPE_SHA);
- if (ret != 0)
- return ret;
- #endif
- #ifndef NO_SHA256
- ret = srp_test_digest(SRP_TYPE_SHA256);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA384
- ret = srp_test_digest(SRP_TYPE_SHA384);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = srp_test_digest(SRP_TYPE_SHA512);
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_SRP */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- static wc_test_ret_t openssl_aes_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- int i;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 32)
- return 3408;
- EVP_CIPHER_CTX_cleanup(en);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 18)
- return 3427;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(de);
- /* test with encrypting/decrypting more than 16 bytes at once */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 17) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[17] , 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 32)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- /* final call on non block size should fail */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17], 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17+1], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 18)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- /* test byte by byte decrypt */
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- plain[i] = i;
- }
- EVP_CIPHER_CTX_cleanup(de);
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != AES_BLOCK_SIZE * 3)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != sizeof(plain))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
- if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
- (byte*)cipher + i, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen > 0) {
- int j;
- total += outlen;
- for (j = 0; j < total; j++) {
- if (plain[j] != j) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- }
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != AES_BLOCK_SIZE * 3) {
- return WC_TEST_RET_ENC_NC;
- }
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- if (plain[i] != i) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- EVP_CIPHER_CTX_cleanup(de);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- /* set buffers to be exact size to catch potential over read/write */
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- #define EVP_TEST_BUF_SZ 18
- #define EVP_TEST_BUF_PAD 32
- byte cipher[EVP_TEST_BUF_SZ];
- byte plain [EVP_TEST_BUF_SZ];
- byte padded[EVP_TEST_BUF_PAD];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- /* should fail here */
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- /* turn padding back on and do successful encrypt */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 32)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
- EVP_CIPHER_CTX_cleanup(en);
- /* test out of bounds read on buffers w/o padding during decryption */
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
- EVP_TEST_BUF_SZ) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- /* should fail since not using padding */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(de);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
- EVP_TEST_BUF_PAD) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(de);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- { /* evp_cipher test: EVP_aes_128_cbc */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(ctx);
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(ctx);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_en == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_de == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* HAVE_AES_COUNTER */
- #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
- #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- AES_KEY enc[1];
- AES_KEY dec[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
- };
- byte cipher[AES_BLOCK_SIZE * 2];
- byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
- int num = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc == NULL) || (dec == NULL))
- return MEMORY_E;
- #endif
- XMEMCPY(iv, setIv, sizeof(setIv));
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
- wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
- return WC_TEST_RET_ENC_NC;
- if (num != 15) /* should have used 15 of the 16 bytes */
- return WC_TEST_RET_ENC_NC;
- wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
- cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- return WC_TEST_RET_ENC_NC;
- if (num != 0)
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- }
- #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
- #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
- return 0;
- }
- #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- EVP_MD_CTX *md_ctx = (EVP_MD_CTX *)XMALLOC(sizeof(EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
- #else
- EVP_MD_CTX md_ctx[1];
- #endif
- testVector a, b, c, d, e, f;
- byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
- #ifdef WOLFSSL_SMALL_STACK
- if (md_ctx == NULL)
- return WC_TEST_RET_ENC_EC(MEMORY_E);
- #endif
- WOLFSSL_ENTER("openssl_test");
- a.inLen = 0;
- b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
- (void)a;
- (void)b;
- (void)c;
- (void)d;
- (void)e;
- (void)f;
- /* test malloc / free , 10 is an arbitrary amount of memory chosen */
- {
- byte* p;
- p = (byte*)CRYPTO_malloc(10, "", 0);
- if (p == NULL) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(p, 0, 10);
- CRYPTO_free(p, "", 0);
- }
- #ifndef NO_MD5
- a.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_md5());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* NO_MD5 */
- #ifndef NO_SHA
- b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha1());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hash, b.output, b.outLen) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* NO_SHA */
- #ifdef WOLFSSL_SHA224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
- "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA224_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_SHA224 */
- #ifndef NO_SHA256
- d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA256_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* !NO_SHA256 */
- #ifdef WOLFSSL_SHA384
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA384_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x23\xfe\xc5\xbb\x94\xd6\x0b\x23\x30\x81\x92\x64\x0b\x0c\x45"
- "\x33\x35\xd6\x64\x73\x4f\xe4\x0e\x72\x68\x67\x4a\xf9";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_224_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha512_224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x39\x28\xe1\x84\xfb\x86\x90\xf8\x40\xda\x39\x88\x12\x1d\x31"
- "\xbe\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14\x6f\xea\xc8\x61\xe1\x9b"
- "\x56\x3a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_256_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha512_256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
- "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_224_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
- "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
- "\x1d\x18";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA3_256_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
- "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
- "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
- "\xaa\x7f\xc7";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_384_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #ifndef WOLFSSL_NOSHA3_512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
- "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
- "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
- "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
- "\xf2\x1d\xd1\x85";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA3_512_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL);
- md_ctx = NULL;
- #endif
- #ifndef WC_NO_RNG
- if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifndef NO_MD5
- c.input = "what do ya want for nothing?";
- c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
- "\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)
- /* Expect failure with MD5 + HMAC when using FIPS 140-3. */
- if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
- hash, 0) != NULL)
- #else
- if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
- hash, 0) == NULL ||
- XMEMCMP(hash, c.output, c.outLen) != 0)
- #endif
- {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* NO_MD5 */
- #ifndef NO_DES3
- { /* des test */
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- const_DES_cblock key = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- DES_cblock iv = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- DES_key_schedule sched;
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- DES_key_sched(&key, &sched);
- DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
- DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* test changing iv */
- DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
- DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- } /* end des test */
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- if ((ret = openssl_aes_test()) != 0) {
- return ret;
- }
- #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
- { /* evp_cipher test: EVP_aes_128_cbc */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int idx, cipherSz, plainSz;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
- 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
- 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
- return WC_TEST_RET_ENC_NC;
- /* check partial decrypt (not enough padding for full block) */
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- /* this test should fail... not enough padding for full block */
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
- ret = WOLFSSL_SUCCESS;
- else
- ret = WC_TEST_RET_ENC_NC;
- }
- else
- ret = WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return ret;
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
- return WC_TEST_RET_ENC_NC;
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, plain, cipher, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
- #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- printf("openSSL extra test\n") ;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_en == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_de == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(p_en);
- EVP_CIPHER_CTX_cleanup(p_de);
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* HAVE_AES_COUNTER */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- /* openSSL compatibility, if(inlen == 0)return 1; */
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 0) != 1)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 32)
- return WC_TEST_RET_ENC_NC;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 18)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- total = 0;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 32)
- return 3438;
- total = 0;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 18)
- return 3447;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_key_length(NULL) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_mode(NULL) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv);
- if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
- EVP_CIPHER_CTX_set_flags(en, 42);
- if (en->flags != 42)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #endif /* ifndef NO_AES */
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_SHA256) && !defined(NO_SHA)
- WOLFSSL_EVP_MD_CTX* ctx;
- WOLFSSL_EVP_MD_CTX* ctx2;
- WOLFSSL_ENTER("openSSL_evpMD_test");
- ctx = EVP_MD_CTX_create();
- ctx2 = EVP_MD_CTX_create();
- ret = EVP_DigestInit(ctx, EVP_sha256());
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_DigestInit(ctx, EVP_sha1());
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_add_digest(NULL) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (wolfSSL_EVP_add_cipher(NULL) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = 0; /* got to success state without jumping to end with a fail */
- openSSL_evpMD_test_done:
- EVP_MD_CTX_destroy(ctx);
- EVP_MD_CTX_destroy(ctx2);
- #endif /* NO_SHA256 */
- return ret;
- }
- #ifdef DEBUG_SIGN
- static void show(const char *title, const char *p, unsigned int s) {
- char* i;
- printf("%s: ", title);
- for (i = p;
- i < p + s;
- printf("%c", *i), i++);
- printf("\n");
- }
- #else
- #define show(a,b,c) WC_DO_NOTHING
- #endif
- #define FOURK_BUFF 4096
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_RSA) && !defined(NO_SHA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa = NULL;
- RSA *pubRsa = NULL;
- EVP_PKEY *prvPkey = NULL;
- EVP_PKEY *pubPkey = NULL;
- EVP_PKEY_CTX *enc = NULL;
- EVP_PKEY_CTX *dec = NULL;
- byte in[] = TEST_STRING;
- byte out[256];
- size_t outlen;
- size_t keySz;
- byte plain[256];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- WOLFSSL_ENTER("openssl_pkey0_test");
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- if (prvBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- if (pubBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- printf("error with RSA_new\n");
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- keySz = (size_t)RSA_size(pubRsa);
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- printf("error with PKEY_new\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if(ret != 2){
- printf("error with PKEY_set1_RSA\n");
- ret = WC_TEST_RET_ENC_I(ret);
- goto openssl_pkey0_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvPkey, NULL);
- enc = EVP_PKEY_CTX_new(pubPkey, NULL);
- if((dec == NULL)||(enc==NULL)){
- printf("error with EVP_PKEY_CTX_new\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- /* RSA_PKCS1_OAEP_PADDING test */
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- printf("first set rsa padding error\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- printf("second set rsa padding error\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- printf("third set rsa padding error\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- #endif
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- ret = 0; /* made it to this point without error then set success */
- openssl_pkey0_test_done:
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- EVP_PKEY_CTX_free(dec);
- EVP_PKEY_CTX_free(enc);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* NO_RSA */
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
- EVP_PKEY_CTX* dec = NULL;
- EVP_PKEY_CTX* enc = NULL;
- EVP_PKEY* pubKey = NULL;
- EVP_PKEY* prvKey = NULL;
- X509* x509 = NULL;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
- const unsigned char* clikey;
- long cliKeySz;
- size_t outlen;
- int keyLenBits = 2048;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((tmp == NULL) ||
- (cipher == NULL) ||
- (plain == NULL)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- #else
- unsigned char tmp[FOURK_BUF];
- unsigned char cipher[RSA_TEST_BYTES];
- unsigned char plain[RSA_TEST_BYTES];
- #endif
- WOLFSSL_ENTER("openssl_pkey1_test");
- #if defined(USE_CERT_BUFFERS_1024)
- XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
- cliKeySz = (long)sizeof_client_key_der_1024;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
- sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
- keyLenBits = 1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
- cliKeySz = (long)sizeof_client_key_der_2048;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
- sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
- cliKeySz = (long)sizeof_client_key_der_3072;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
- sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
- keyLenBits = 3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
- cliKeySz = (long)sizeof_client_key_der_4096;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
- sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
- keyLenBits = 4096;
- #else
- {
- XFILE f;
- f = XFOPEN(clientKey, "rb");
- if (!f) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey1_test_done;
- }
- cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
- XFCLOSE(f);
- if (cliKeySz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, openssl_pkey1_test_done);
- }
- /* using existing wolfSSL api to get public and private key */
- x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
- #endif /* USE_CERT_BUFFERS */
- clikey = tmp;
- if ((prvKey = EVP_PKEY_new()) == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey1_test_done;
- }
- EVP_PKEY_free(prvKey);
- prvKey = NULL;
- if (x509 == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- pubKey = X509_get_pubkey(x509);
- if (pubKey == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
- if (prvKey == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
- if (EVP_PKEY_bits(prvKey) != keyLenBits) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvKey, NULL);
- enc = EVP_PKEY_CTX_new(pubKey, NULL);
- if (dec == NULL || enc == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_decrypt_init(dec) != 1) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_encrypt_init(enc) != 1) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey1_test_done;
- }
- #endif
- XMEMSET(cipher, 0, RSA_TEST_BYTES);
- outlen = (size_t)(keyLenBits/8);
- if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey1_test_done;
- }
- XMEMSET(plain, 0, RSA_TEST_BYTES);
- if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- openssl_pkey1_test_done:
- if (pubKey != NULL) {
- EVP_PKEY_free(pubKey);
- }
- if (prvKey != NULL) {
- EVP_PKEY_free(prvKey);
- }
- if (dec != NULL) {
- EVP_PKEY_CTX_free(dec);
- }
- if (enc != NULL) {
- EVP_PKEY_CTX_free(enc);
- }
- if (x509 != NULL) {
- X509_free(x509);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher != NULL)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (plain != NULL)
- XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
- {
- #if !defined(NO_RSA) && !defined(NO_SHA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa;
- RSA *pubRsa;
- EVP_PKEY *prvPkey;
- EVP_PKEY *pubPkey;
- EVP_MD_CTX* sign;
- EVP_MD_CTX* verf;
- char msg[] = "see spot run";
- unsigned char sig[256];
- unsigned int sigSz;
- const void* pt;
- unsigned int count;
- wc_test_ret_t ret, ret1, ret2;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- WOLFSSL_ENTER("openssl_evpSig_test");
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- if (prvBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- if (pubBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("ERROR with RSA_new", WC_TEST_RET_ENC_NC);
- return WC_TEST_RET_ENC_NC;
- }
- ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- printf("error with RSA_LoadDer_ex\n");
- return WC_TEST_RET_ENC_NC;
- }
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with KEY_new\n");
- return WC_TEST_RET_ENC_NC;
- }
- ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if((ret1 != 1) || (ret2 != 1)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with EVP_PKEY_set1_RSA\n");
- return WC_TEST_RET_ENC_NC;
- }
- /****************** sign and verify *******************/
- sign = EVP_MD_CTX_create();
- verf = EVP_MD_CTX_create();
- if((sign == NULL)||(verf == NULL)){
- printf("error with EVP_MD_CTX_create\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return WC_TEST_RET_ENC_NC;
- }
- ret = EVP_SignInit(sign, EVP_sha1());
- if (ret != SSL_SUCCESS){
- printf("error with EVP_SignInit\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return WC_TEST_RET_ENC_NC;
- }
- count = sizeof(msg);
- show("message = ", (char *)msg, count);
- /* sign */
- XMEMSET(sig, 0, sizeof(sig));
- pt = (const void*)msg;
- ret1 = EVP_SignUpdate(sign, pt, count);
- ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_MD_CTX_create\n");
- return WC_TEST_RET_ENC_NC;
- }
- show("signature = ", (char *)sig, sigSz);
- /* verify */
- pt = (const void*)msg;
- ret1 = EVP_VerifyInit(verf, EVP_sha1());
- ret2 = EVP_VerifyUpdate(verf, pt, count);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_Verify\n");
- return WC_TEST_RET_ENC_NC;
- }
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_VerifyFinal\n");
- return WC_TEST_RET_ENC_NC;
- }
- /* expect fail without update */
- EVP_VerifyInit(verf, EVP_sha1());
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("EVP_VerifyInit without update not detected\n");
- return WC_TEST_RET_ENC_NC;
- }
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- #endif /* NO_RSA */
- return 0;
- }
- #endif /* OPENSSL_EXTRA */
- #ifndef NO_PWDBASED
- #ifdef HAVE_SCRYPT
- /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
- {
- #ifdef HAVE_FIPS
- /* RFC 7914 test vector keys are too short for FIPS. */
- #else
- wc_test_ret_t ret;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
- 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
- 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
- 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
- 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
- 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
- 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
- 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
- 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
- };
- #if !defined(BENCH_EMBEDDED)
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
- 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
- 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
- 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
- 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
- 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
- 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
- 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
- };
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
- 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
- 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
- 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
- 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
- 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
- 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
- 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
- };
- #endif
- #ifdef SCRYPT_TEST_ALL
- /* Test case is very slow.
- * Use for confirmation after code change or new platform.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
- 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
- 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
- 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
- 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
- 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
- 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
- 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
- };
- #endif
- WOLFSSL_ENTER("scrypt_test");
- ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
- return WC_TEST_RET_ENC_NC;
- #if !defined(BENCH_EMBEDDED)
- ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
- sizeof(verify2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- /* Test case with parallel overflowing */
- ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
- sizeof(verify1));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Don't run these test on embedded, since they use large mallocs */
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
- return WC_TEST_RET_ENC_NC;
- #ifdef SCRYPT_TEST_ALL
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #else
- #ifdef SCRYPT_TEST_ALL
- (void)verify4;
- #endif
- #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
- #if !defined(BENCH_EMBEDDED)
- ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
- 8, 16, sizeof(verify2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #endif /* !HAVE_FIPS */
- return 0;
- }
- #endif
- #ifdef HAVE_PKCS12
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
- 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
- WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
- 0x00, 0x67, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
- 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
- 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
- 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
- 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
- };
- int id = 1;
- int kLen = 24;
- int iterations = 1;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("pkcs12_pbkdf_test");
- ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify, kLen) != 0)
- return WC_TEST_RET_ENC_NC;
- iterations = 1000;
- ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id, HEAP_HINT);
- if (ret < 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify2, 24) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_PKCS12 */
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
- {
- char passwd[] = "passwordpassword";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
- 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 2048;
- int kLen = 24;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
- 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("pbkdf2_test");
- ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
- salt, (int)sizeof(salt), iterations,
- kLen, WC_SHA256, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
- {
- char passwd[] = "password";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 1000;
- int kLen = 16;
- byte derived[16];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
- 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("pbkdf1_test");
- ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
- (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
- HEAP_HINT);
- if (ret != 0)
- return ret;
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
- {
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("pwdbased_test");
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- ret = pbkdf1_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- ret = pbkdf2_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_PKCS12
- ret = pkcs12_pbkdf_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_SCRYPT
- ret = scrypt_test();
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* NO_PWDBASED */
- #if defined(USE_CERT_BUFFERS_2048) && \
- defined(HAVE_PKCS12) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
- !defined(NO_CERTS) && !defined(NO_DES3)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
- {
- wc_test_ret_t ret = 0;
- WC_PKCS12* pkcs12 = NULL;
- /* Gen vars */
- byte* pkcs12der = NULL;
- int pkcs12derSz = 0;
- WC_DerCertList derCaList = {
- (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL
- };
- char* pass = (char*)"wolfSSL test";
- /* Parsing vars */
- WC_DerCertList* derCaListOut = NULL;
- byte* keyDer = NULL;
- byte* certDer = NULL;
- word32 keySz;
- word32 certSz;
- WOLFSSL_ENTER("pkcs12_test");
- pkcs12 = wc_PKCS12_create(pass, (word32)XSTRLEN(pass),
- (char*)"friendlyName" /* not used currently */,
- (byte*)server_key_der_2048, sizeof_server_key_der_2048,
- (byte*)server_cert_der_2048, sizeof_server_cert_der_2048,
- &derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100,
- 0 /* not used currently */, HEAP_HINT);
- if (pkcs12 == NULL) {
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- goto out;
- }
- ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz);
- if (ret != LENGTH_ONLY_E) {
- if (ret == 0)
- ret = WC_TEST_RET_ENC_NC;
- else
- ret = WC_TEST_RET_ENC_I(ret);
- goto out;
- }
- pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- if (pkcs12der == NULL) {
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- goto out;
- }
- {
- /* Use tmp pointer to avoid advancing pkcs12der */
- byte* tmp = pkcs12der;
- ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz);
- if (ret <= 0) {
- if (ret == 0)
- ret = WC_TEST_RET_ENC_NC;
- else
- ret = WC_TEST_RET_ENC_I(ret);
- goto out;
- }
- }
- wc_PKCS12_free(pkcs12);
- pkcs12 = wc_PKCS12_new_ex(HEAP_HINT);
- if (pkcs12 == NULL) {
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- goto out;
- }
- /* convert the DER file into an internal structure */
- ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto out;
- }
- /* parse the internal structure into its parts */
- ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz,
- &certDer, &certSz, &derCaListOut);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto out;
- }
- if (keyDer == NULL || certDer == NULL || derCaListOut == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto out;
- }
- out:
- if (derCaListOut)
- wc_FreeCertList(derCaListOut, HEAP_HINT);
- XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- if (pkcs12)
- wc_PKCS12_free(pkcs12);
- XFREE(pkcs12der, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- return ret;
- }
- #endif
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
- defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
- defined(WOLFSSL_AFALG_XILINX_RSA)
- /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
- static wc_test_ret_t hkdf_test(void)
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
- #endif
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_SHA) || !defined(NO_SHA256)
- int L;
- byte okm1[42];
- byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
- #ifndef HAVE_FIPS
- byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c };
- byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9 };
- #endif
- #ifndef NO_SHA
- byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
- 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
- 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
- 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
- 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
- 0x49, 0x18 };
- #ifndef HAVE_FIPS
- byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
- 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
- 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
- 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
- 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
- 0xf8, 0x96 };
- #endif
- #endif /* !NO_SHA */
- #ifndef NO_SHA256
- byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
- 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
- 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
- 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
- 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
- 0x96, 0xc8 };
- #ifndef HAVE_FIPS
- byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
- 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
- 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
- 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
- 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
- 0x58, 0x65 };
- #endif
- #endif /* !NO_SHA256 */
- WOLFSSL_ENTER("hkdf_test");
- XMEMSET(okm1, 0, sizeof(okm1));
- L = (int)sizeof(okm1);
- #ifndef NO_SHA
- ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
- okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res1, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- L = (int)sizeof(okm1);
- ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1),
- info1, (word32)sizeof(info1), okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res2, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_FIPS */
- #endif /* !NO_SHA */
- #ifndef NO_SHA256
- ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
- okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res3, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1),
- salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res4, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_FIPS */
- #endif /* !NO_SHA256 */
- #endif /* !NO_SHA || !NO_SHA256 */
- return ret;
- }
- #endif /* HAVE_HKDF */
- #ifdef WOLFSSL_WOLFSSH
- typedef struct {
- byte hashId;
- byte keyId;
- const byte* k;
- word32 kSz;
- const byte* h;
- word32 hSz;
- const byte* sessionId;
- word32 sessionIdSz;
- const byte* expectedKey;
- word32 expectedKeySz;
- } SshKdfTestVector;
- /** Test Vector Set #3: SHA-256 **/
- static const byte sshKdfTvSet3k[] = {
- 0x6A, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
- 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
- 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C,
- 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22,
- 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE,
- 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76,
- 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75,
- 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0,
- 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3,
- 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E,
- 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56,
- 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C,
- 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63,
- 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF,
- 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81,
- 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD,
- 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC,
- 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78,
- 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA,
- 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24,
- 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3,
- 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60,
- 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE,
- 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04,
- 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7,
- 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE,
- 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD,
- 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F,
- 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F,
- 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22,
- 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56,
- 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22
- };
- static const byte sshKdfTvSet3h[] = {
- 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
- 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
- 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
- 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
- };
- static const byte sshKdfTvSet3sid[] = {
- 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
- 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
- 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
- 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
- };
- static const byte sshKdfTvSet3a[] = {
- 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61,
- 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9
- };
- static const byte sshKdfTvSet3b[] = {
- 0x3F, 0x6F, 0xD2, 0x06, 0x5E, 0xEB, 0x2B, 0x0B,
- 0x1D, 0x93, 0x19, 0x5A, 0x1F, 0xED, 0x48, 0xA5
- };
- static const byte sshKdfTvSet3c[] = {
- 0xC3, 0x54, 0x71, 0x03, 0x4E, 0x6F, 0xD6, 0x54,
- 0x76, 0x13, 0x17, 0x8E, 0x23, 0x43, 0x5F, 0x21
- };
- static const byte sshKdfTvSet3d[] = {
- 0x7E, 0x9D, 0x79, 0x03, 0x20, 0x90, 0xD9, 0x9F,
- 0x98, 0xB0, 0x15, 0x63, 0x4D, 0xD9, 0xF4, 0x62
- };
- static const byte sshKdfTvSet3e[] = {
- 0x24, 0xEE, 0x55, 0x9A, 0xD7, 0xCE, 0x71, 0x2B,
- 0x68, 0x5D, 0x0B, 0x22, 0x71, 0xE4, 0x43, 0xC1,
- 0x7A, 0xB1, 0xD1, 0xDC, 0xEB, 0x5A, 0x36, 0x05,
- 0x69, 0xD2, 0x5D, 0x5D, 0xC2, 0x43, 0x00, 0x2F
- };
- static const byte sshKdfTvSet3f[] = {
- 0xC3, 0x41, 0x9C, 0x2B, 0x96, 0x62, 0x35, 0x86,
- 0x9D, 0x71, 0x4B, 0xA5, 0xAC, 0x48, 0xDD, 0xB7,
- 0xD9, 0xE3, 0x5C, 0x8C, 0x19, 0xAA, 0xC7, 0x34,
- 0x22, 0x33, 0x7A, 0x37, 0x34, 0x53, 0x60, 0x7E
- };
- static const SshKdfTestVector sshKdfTestVectors[] = {
- {WC_HASH_TYPE_SHA256, 'A',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3a, sizeof(sshKdfTvSet3a)},
- {WC_HASH_TYPE_SHA256, 'B',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3b, sizeof(sshKdfTvSet3b)},
- {WC_HASH_TYPE_SHA256, 'C',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3c, sizeof(sshKdfTvSet3c)},
- {WC_HASH_TYPE_SHA256, 'D',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3d, sizeof(sshKdfTvSet3d)},
- {WC_HASH_TYPE_SHA256, 'E',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3e, sizeof(sshKdfTvSet3e)},
- {WC_HASH_TYPE_SHA256, 'F',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3f, sizeof(sshKdfTvSet3f)},
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
- {
- byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
- word32 i;
- word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
- const SshKdfTestVector* tv = NULL;
- wc_test_ret_t result = 0;
- WOLFSSL_ENTER("sshkdf_test");
- /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
- for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
- result = wc_SSH_KDF(tv->hashId, tv->keyId,
- cKey, tv->expectedKeySz,
- tv->k, tv->kSz, tv->h, tv->hSz,
- tv->sessionId, tv->sessionIdSz);
- if (result != 0) {
- printf("KDF: Could not derive key.\n");
- result = WC_TEST_RET_ENC_EC(result);
- }
- else {
- if (XMEMCMP(cKey, tv->expectedKey, tv->expectedKeySz) != 0) {
- printf("KDF: Calculated Key does not match Expected Key.\n");
- result = WC_TEST_RET_ENC_EC(result);
- }
- }
- if (result != 0) break;
- }
- return result;
- }
- #endif /* WOLFSSL_WOLFSSH */
- #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- #define DIGL 12
- #define SECL 48
- #define LBSL 63
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void)
- {
- int ret;
- byte dig[DIGL] = {0};
- byte secret[SECL] = {
- 0x10, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c,
- 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f,
- 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71,
- 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8,
- 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99,
- 0x9d, 0xfc, 0x47
- };
- byte lablSd[LBSL] = {
- 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69,
- 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba,
- 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43,
- 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e,
- 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a,
- 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf,
- 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43
- };
- byte expected[DIGL] = {
- 0xee, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a,
- 0xbe, 0xda, 0xc1, 0xf6
- };
- int digL = DIGL;
- int secL = SECL;
- int lblsdL = LBSL;
- int hash_type = sha384_mac;
- ret = wc_PRF(dig, (word32)digL, secret, secL, lablSd, lblsdL, hash_type,
- HEAP_HINT, INVALID_DEVID);
- if (ret != 0) {
- printf("Failed w/ code: %d\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(expected, dig, DIGL) != 0) {
- printf("Got unexpected digest\n");
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */
- #ifdef WOLFSSL_HAVE_PRF
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
- {
- const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089"
- "4E6C2E6C34A165B24540E2970875D641"
- "2AA6515871B389B4C199BB8389C71CED";
- const char* helloRandom = "162B81EDFBEAE4F25240320B87E7651C"
- "865564191DD782DB0B9ECA275FBA1BB9"
- "5A1DA3DF436D68DA86C5E7B4B4A36E46"
- "B977C61767983A31BE270D74517BD0F6";
- const char* masterSecret = "EB38B8D89B98B1C266DE44BB3CA14E83"
- "C32F009F9955B1D994E61D3C51EE8760"
- "90B4EF89CC7AF42F46E72201BFCC7977";
- const char* label = "master secret";
- byte pms[48] = {0};
- byte seed[64] = {0};
- byte ms[48] = {0};
- byte result[48] = {0};
- word32 pmsSz = (word32)sizeof(pms);
- word32 seedSz = (word32)sizeof(seed);
- word32 msSz = (word32)sizeof(ms);
- int ret;
- ret = Base16_Decode((const byte*)preMasterSecret,
- (word32)XSTRLEN(preMasterSecret), pms, &pmsSz);
- if (ret != 0)
- return ret;
- ret = Base16_Decode((const byte*)helloRandom,
- (word32)XSTRLEN(helloRandom), seed, &seedSz);
- if (ret != 0)
- return ret;
- ret = Base16_Decode((const byte*)masterSecret,
- (word32)XSTRLEN(masterSecret), ms, &msSz);
- if (ret != 0)
- return ret;
- ret = wc_PRF_TLS(result, msSz, pms, pmsSz,
- (const byte*)label, (word32)XSTRLEN(label), seed, seedSz,
- 1, sha256_mac, NULL, INVALID_DEVID);
- if (ret != 0) {
- if (ret == FIPS_PRIVATE_KEY_LOCKED_E) {
- printf(" wc_PRF_TLSv12: Private key locked.\n");
- }
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(result, ms, msSz) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* WOLFSSL_BASE16 */
- #endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
- #endif /* WOLFSSL_HAVE_PRF */
- #ifdef WOLFSSL_TLS13
- #define TLSV13_PSK_DHE_SZ 40
- typedef struct {
- enum wc_HashType hashAlg;
- word32 pskSz;
- word32 dheSz;
- byte psk[TLSV13_PSK_DHE_SZ];
- byte dhe[TLSV13_PSK_DHE_SZ];
- byte hashHello1[WC_MAX_DIGEST_SIZE];
- byte hashHello2[WC_MAX_DIGEST_SIZE];
- byte hashFinished1[WC_MAX_DIGEST_SIZE];
- byte hashFinished2[WC_MAX_DIGEST_SIZE];
- /* Expected */
- byte clientEarlyTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte earlyExporterMasterSecret[WC_MAX_DIGEST_SIZE];
- byte clientHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte serverHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte clientApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte serverApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte exporterMasterSecret[WC_MAX_DIGEST_SIZE];
- byte resumptionMasterSecret[WC_MAX_DIGEST_SIZE];
- } Tls13KdfTestVector;
- /* The following tests come from the CAVP test vectors we used for
- * our FIPS validation. The hash values used are the components from
- * the test hashed together. hashHello1 is the hash of the
- * clientHelloRandom value of the test vector. hashHello2 is the hash
- * of the clientHelloRandom and serverHelloRandom values from the test
- * vector. hashFinished1 is clientHelloRandom, serverHelloRandom, and
- * serverFinishedRandom. hashFinished2 is clientHelloRandom,
- * serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom
- * hashed together. */
- static const Tls13KdfTestVector tls13KdfTestVectors[] = {
- { /* 1 */
- WC_HASH_TYPE_SHA256, 35, 35,
- { /* PSK */
- 0x7b, 0xf1, 0x05, 0x31, 0x36, 0xfa, 0x03, 0xdc,
- 0x31, 0x97, 0x88, 0x04, 0x9c, 0xbc, 0xee, 0xf7,
- 0x8d, 0x84, 0x95, 0x26, 0xaf, 0x1d, 0x68, 0xb0,
- 0x60, 0x7a, 0xcc, 0x4f, 0xc1, 0xd3, 0xa1, 0x68,
- 0x7f, 0x6d, 0xbe
- },
- { /* DHE */
- 0x6e, 0xa1, 0x77, 0xab, 0x2f, 0x43, 0xd2, 0x4b,
- 0xe5, 0xa1, 0x09, 0xe0, 0x7a, 0xd0, 0x01, 0x35,
- 0x8d, 0xf8, 0xf2, 0x5c, 0x91, 0x02, 0xb0, 0x6c,
- 0x3f, 0xeb, 0xee, 0xa4, 0x42, 0x19, 0xce, 0xdc,
- 0x81, 0x26, 0x40
- },
- { /* Hello 1 */
- 0xd9, 0x4b, 0xe4, 0x17, 0xef, 0x58, 0x73, 0x7d,
- 0x28, 0x3d, 0xf0, 0xcc, 0x05, 0x03, 0xaf, 0xac,
- 0x3d, 0x92, 0x79, 0x48, 0xe8, 0x8c, 0xdb, 0xce,
- 0x95, 0x82, 0x21, 0x31, 0x7b, 0x61, 0xd7, 0xc6
- },
- { /* Hello 2 */
- 0xb7, 0x7f, 0x29, 0x91, 0xa4, 0x8b, 0x34, 0xdb,
- 0xbd, 0xc7, 0x54, 0x1c, 0x3b, 0x86, 0xa3, 0x69,
- 0xfe, 0x26, 0xe4, 0x7b, 0xac, 0x57, 0x71, 0xb3,
- 0x32, 0x97, 0xed, 0xd2, 0x0e, 0x95, 0xb8, 0x63
- },
- { /* Finished 1 */
- 0x65, 0xdb, 0x6d, 0x71, 0x71, 0xd0, 0xd8, 0x49,
- 0xd0, 0x3c, 0x8e, 0x2b, 0x24, 0xdf, 0xc2, 0xe9,
- 0xd6, 0xfd, 0xea, 0x04, 0x95, 0x7c, 0xf0, 0x7e,
- 0x57, 0x74, 0x7c, 0xdd, 0xa3, 0x0b, 0x2b, 0x36
- },
- { /* Finished 2 */
- 0x28, 0xf2, 0xf2, 0x79, 0xcf, 0x20, 0x52, 0x90,
- 0x1d, 0x91, 0x05, 0xad, 0x44, 0x26, 0x23, 0x96,
- 0x32, 0xce, 0xec, 0x61, 0xd1, 0xbf, 0x00, 0x48,
- 0x4a, 0xa5, 0x60, 0xcc, 0x28, 0xb5, 0x8d, 0x98
- },
- { /* Client Early Traffic Secret */
- 0x07, 0x14, 0x6a, 0x26, 0x5b, 0x6c, 0x7f, 0x4d, 0x6b, 0x47, 0x3f, 0xd5,
- 0x03, 0x1d, 0xd2, 0x23, 0x3d, 0x89, 0x3e, 0xc6, 0x51, 0xd1, 0xac, 0xf8,
- 0x28, 0xae, 0x4b, 0x76, 0xc8, 0x10, 0x7e, 0xdd
- },
- { /* Early Exporter Master Secret */
- 0xb8, 0xd3, 0x25, 0x7e, 0x2d, 0x41, 0x7b, 0xcb, 0x5e, 0x82, 0x49, 0xf5,
- 0x51, 0x3d, 0xb7, 0x59, 0x32, 0xb3, 0xdf, 0x99, 0x4e, 0x04, 0x69, 0xc6,
- 0x96, 0x8e, 0xe6, 0x3d, 0x91, 0xe4, 0x81, 0x11
- },
- { /* Client Handshake Traffic Secret */
- 0xd9, 0x3b, 0x54, 0xe2, 0xb0, 0xd1, 0x85, 0xf0, 0xfd, 0xf3, 0x48, 0x4a,
- 0xf8, 0x0b, 0xa5, 0xdc, 0x4c, 0x37, 0xcb, 0xd4, 0x20, 0xaf, 0x60, 0xc7,
- 0xd5, 0x50, 0x5d, 0x0c, 0x77, 0x3b, 0x6f, 0xd2
- },
- { /* Server Handshake Traffic Secret */
- 0x4d, 0x40, 0x2b, 0xd2, 0x8c, 0x33, 0x90, 0x39, 0x67, 0x67, 0x05, 0xf7,
- 0x5d, 0x37, 0x1e, 0xdc, 0x4a, 0x70, 0x6b, 0x9e, 0xf8, 0x06, 0x61, 0x89,
- 0x70, 0xe1, 0x3d, 0x36, 0xad, 0x88, 0x7e, 0x5b
- },
- { /* Client Application Traffic Secret */
- 0x74, 0x6e, 0xa0, 0x13, 0x18, 0x34, 0x48, 0x4d, 0x23, 0x31, 0xf1, 0xf9,
- 0xee, 0x44, 0x6d, 0xad, 0xc1, 0xad, 0x92, 0x73, 0xca, 0x27, 0x16, 0x91,
- 0xa2, 0x50, 0x9a, 0xfc, 0xec, 0xf0, 0x6b, 0x24
- },
- { /* Server Application Traffic Secret */
- 0x89, 0x18, 0x7e, 0x34, 0x8d, 0xfc, 0x14, 0xb1, 0x4f, 0x21, 0xd8, 0x29,
- 0xdb, 0x9b, 0xfb, 0x55, 0xcf, 0xa1, 0x4f, 0x95, 0xf8, 0xe0, 0xb0, 0x83,
- 0xd5, 0x34, 0x9e, 0x0b, 0x83, 0x37, 0x42, 0x93
- },
- { /* Exporter Master Secret */
- 0x7d, 0xc8, 0x88, 0x46, 0xd5, 0x57, 0x15, 0xb6, 0x24, 0x25, 0x92, 0x61,
- 0xb1, 0x18, 0x86, 0x2a, 0x6d, 0xa5, 0x84, 0xeb, 0x59, 0xdf, 0x13, 0xbd,
- 0x73, 0xaa, 0x5d, 0x65, 0xab, 0xd9, 0xb4, 0x56
- },
- { /* Resumption Master Secret */
- 0x20, 0xb7, 0xd0, 0xe3, 0x82, 0x01, 0xa1, 0x04, 0xb8, 0x13, 0x29, 0xed,
- 0x35, 0xe4, 0x2f, 0xbf, 0x58, 0x23, 0x7f, 0x21, 0xdb, 0x9f, 0xf8, 0xe0,
- 0xe8, 0xe4, 0xab, 0xc4, 0xa1, 0x61, 0xb9, 0xbb
- }
- },
- { /* 6 */
- WC_HASH_TYPE_SHA256, 0, 33,
- { 0 }, /* PSK */
- { /* DHE */
- 0x7a, 0x46, 0x8c, 0x5a, 0xd1, 0x8e, 0x95, 0xba,
- 0x61, 0xe6, 0x6f, 0xe6, 0x76, 0x0c, 0x20, 0x43,
- 0x16, 0x82, 0x15, 0xfe, 0x54, 0xa3, 0xc7, 0xfd,
- 0x3b, 0x2c, 0x88, 0xb4, 0xd3, 0x42, 0x70, 0x12,
- 0x18
- },
- { /* Hello 1 */
- 0x63, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3,
- 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6,
- 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb,
- 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b
- },
- { /* Hello 2 */
- 0xea, 0xfe, 0x9e, 0x8e, 0xff, 0x1f, 0x6f, 0x43,
- 0xf9, 0x5d, 0xfd, 0xbf, 0xe2, 0x5f, 0x02, 0x2f,
- 0x6d, 0x47, 0x60, 0x9a, 0x48, 0x9a, 0x75, 0xfb,
- 0xb5, 0x4a, 0xbf, 0x9c, 0x4e, 0xff, 0xbf, 0x0b
- },
- { /* Finished 1 */
- 0xca, 0x25, 0xb3, 0x53, 0x8e, 0x6d, 0xc3, 0x36,
- 0x17, 0x30, 0x07, 0xdf, 0x0d, 0xd7, 0x79, 0xb0,
- 0x7f, 0xcb, 0xbe, 0x7a, 0xbc, 0x2d, 0x9f, 0x2d,
- 0x94, 0x44, 0x94, 0xe6, 0xa4, 0xf3, 0xe8, 0x53
- },
- { /* Finished 2 */
- 0x2e, 0xa6, 0x5a, 0xaf, 0xb5, 0xba, 0x9f, 0x2f,
- 0x74, 0x83, 0x5d, 0xbf, 0x86, 0xa4, 0xa6, 0xf6,
- 0xb9, 0x89, 0xdf, 0x17, 0xe1, 0xa8, 0x14, 0xc0,
- 0xe1, 0x50, 0xfa, 0xec, 0xfa, 0xae, 0x8b, 0x7b
- },
- {
- 0x20, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72,
- 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4,
- 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3
- },
- {
- 0x68, 0x10, 0x20, 0xd1, 0x5e, 0xfc, 0x0c, 0x53, 0x85, 0xbb, 0xdb, 0x18,
- 0xa8, 0x78, 0xf1, 0x2b, 0x13, 0xba, 0x64, 0x1d, 0xe7, 0x09, 0xbe, 0x13,
- 0x49, 0x26, 0xf9, 0x98, 0x56, 0xf1, 0x43, 0xfb
- },
- {
- 0x24, 0x35, 0x3e, 0x10, 0x6f, 0x39, 0x50, 0xd6, 0xa2, 0x12, 0x99, 0xf2,
- 0xd5, 0xf5, 0x19, 0xf5, 0x84, 0xed, 0xee, 0x78, 0x2a, 0xa6, 0xfa, 0x3d,
- 0x06, 0xa8, 0xa7, 0x5d, 0x97, 0x78, 0xd6, 0x58
- },
- {
- 0xf4, 0x57, 0xac, 0x24, 0x7a, 0xfb, 0x7c, 0x3b, 0xb6, 0x39, 0x17, 0x14,
- 0xd9, 0xd4, 0x58, 0x4d, 0x46, 0xd5, 0x1b, 0xde, 0xf7, 0x9d, 0x06, 0xee,
- 0x8d, 0x1a, 0x2c, 0x25, 0x6d, 0x64, 0xde, 0x89
- },
- {
- 0xb6, 0x00, 0xce, 0x63, 0xed, 0x65, 0x8b, 0x66, 0x66, 0x42, 0xc6, 0xbd,
- 0x89, 0xc4, 0x71, 0x6f, 0xce, 0x28, 0xb2, 0xac, 0x97, 0x07, 0x5b, 0xea,
- 0xb8, 0x1d, 0x4c, 0xeb, 0x9e, 0x71, 0x07, 0x8f
- },
- {
- 0xf8, 0x92, 0xc8, 0xba, 0xe7, 0x83, 0xfe, 0x68, 0xe4, 0xd6, 0x5e, 0xcb,
- 0xb3, 0xef, 0x49, 0xd0, 0xe7, 0xb1, 0xac, 0xcb, 0x39, 0x19, 0xfd, 0xa7,
- 0xf7, 0xca, 0xab, 0x1e, 0x42, 0x14, 0xd8, 0xe7
- },
- {
- 0x32, 0x4a, 0x1a, 0xad, 0xe2, 0xbb, 0x55, 0x8a, 0xdd, 0xe9, 0xa5, 0x2a,
- 0x46, 0x5e, 0x6c, 0x83, 0x66, 0x27, 0x27, 0x94, 0xdd, 0x68, 0x59, 0xa0,
- 0xbb, 0xe8, 0x31, 0x7c, 0x39, 0xd7, 0xfd, 0x6d
- },
- {
- 0x58, 0xbc, 0x6c, 0x5b, 0x24, 0xad, 0x82, 0xb3, 0xcc, 0xc7, 0xd1, 0xa1,
- 0xaa, 0x2b, 0x98, 0x9f, 0x2f, 0x7e, 0xa9, 0x63, 0xc2, 0x8e, 0xb6, 0x06,
- 0xc2, 0x2b, 0x74, 0x4b, 0x79, 0x19, 0x7e, 0x2e
- }
- },
- { /* 11 */
- WC_HASH_TYPE_SHA256, 33, 0,
- { /* PSK */
- 0x3d, 0x39, 0x49, 0x36, 0x98, 0xc5, 0xfd, 0xcd,
- 0xa0, 0x17, 0xbd, 0x65, 0x0a, 0xdb, 0xd4, 0x07,
- 0x56, 0xa2, 0x7b, 0xb8, 0x2a, 0x7e, 0xfb, 0x26,
- 0x74, 0xe1, 0xbc, 0x08, 0x4b, 0xf0, 0x30, 0x14,
- 0x12
- },
- { 0 }, /* DHE */
- { /* Hello 1 */
- 0xb7, 0x44, 0x74, 0x6c, 0x57, 0x1f, 0xf3, 0x84,
- 0x8f, 0x63, 0xfb, 0x8c, 0x94, 0x6c, 0x16, 0x68,
- 0x4b, 0xe1, 0xb5, 0xb5, 0x2a, 0x4e, 0x5f, 0xdf,
- 0x4b, 0x53, 0xb2, 0x35, 0xfc, 0x30, 0xf1, 0x36
- },
- { /* Hello 2 */
- 0xe6, 0x4f, 0x3a, 0x4f, 0xd7, 0xe0, 0x64, 0xd4,
- 0x69, 0x50, 0xe4, 0x8b, 0xba, 0xbc, 0x47, 0x74,
- 0xa7, 0x9b, 0x40, 0x91, 0x8f, 0xa8, 0x72, 0x22,
- 0x97, 0xad, 0x43, 0xa7, 0x11, 0x86, 0xb5, 0x72
- },
- { /* Finished 1 */
- 0x5f, 0xa6, 0x10, 0xe2, 0xa3, 0x99, 0x0b, 0x5e,
- 0x57, 0xee, 0xc3, 0x3a, 0x8e, 0x04, 0xf3, 0x0e,
- 0x58, 0x02, 0x09, 0xb2, 0x7e, 0x2d, 0xc6, 0xd2,
- 0x08, 0xae, 0x68, 0x0a, 0x55, 0xa5, 0xda, 0x51
- },
- { /* Finished 2 */
- 0xfc, 0x5b, 0xc0, 0x7e, 0x1b, 0xaa, 0xc0, 0xb4,
- 0x34, 0x85, 0x49, 0x8e, 0x16, 0x31, 0x98, 0xdf,
- 0x10, 0x54, 0x22, 0xda, 0x1e, 0x6b, 0x51, 0xf6,
- 0x97, 0x57, 0xa0, 0x7a, 0x92, 0xe7, 0x47, 0x52
- },
- {
- 0x80, 0xfa, 0x36, 0x30, 0xb8, 0x65, 0xb3, 0x2a, 0x1d, 0x68, 0x91, 0x06,
- 0x98, 0xa0, 0x17, 0x8f, 0xee, 0xb7, 0x9e, 0x3d, 0xd8, 0x84, 0x99, 0x30,
- 0xb9, 0xd6, 0x09, 0x25, 0x5e, 0xfb, 0x8f, 0xd3 },
- {
- 0xa9, 0x89, 0x29, 0x70, 0xe4, 0x55, 0xec, 0x97, 0xfb, 0x24, 0x5b, 0xf9,
- 0xf1, 0xa3, 0x19, 0x3d, 0xf1, 0x31, 0x14, 0xcd, 0x2a, 0xed, 0x21, 0xc8,
- 0xb1, 0x53, 0xad, 0x11, 0x0b, 0x9e, 0x5a, 0xee },
- {
- 0x72, 0xad, 0x8d, 0x7f, 0xfc, 0xb7, 0x68, 0xda, 0x27, 0x60, 0x37, 0xa3,
- 0x4a, 0x63, 0xe8, 0xa5, 0xc8, 0xcd, 0x36, 0x6a, 0x77, 0x99, 0x0d, 0xa9,
- 0xb1, 0x5b, 0x2f, 0x47, 0x2e, 0x22, 0xa7, 0x5e },
- {
- 0x95, 0x6e, 0x85, 0x09, 0xe5, 0x04, 0x88, 0x14, 0x28, 0x8d, 0xdf, 0xe6,
- 0x0d, 0x0f, 0x0d, 0x6b, 0x4e, 0x66, 0x1c, 0x03, 0xb9, 0xaa, 0x2d, 0x45,
- 0x56, 0x67, 0x5c, 0x55, 0x29, 0xd6, 0x89, 0xd0 },
- {
- 0xe8, 0xf2, 0x14, 0xf9, 0x9b, 0x2b, 0x9f, 0x24, 0x2b, 0x37, 0xbe, 0x86,
- 0xdb, 0x23, 0x4b, 0xbe, 0x39, 0x57, 0xe8, 0xa9, 0xa5, 0xee, 0x08, 0xf2,
- 0x75, 0x58, 0xdb, 0xd9, 0x51, 0xc1, 0x46, 0x02 },
- {
- 0x3d, 0x19, 0xaf, 0xa3, 0x0b, 0x21, 0xf7, 0x3d, 0xe7, 0x37, 0x6e, 0x32,
- 0x13, 0x48, 0x9d, 0xea, 0xe0, 0x90, 0xbf, 0x64, 0x48, 0xf7, 0x1e, 0xcc,
- 0xf0, 0xbc, 0x92, 0xd7, 0x8a, 0x4a, 0xa8, 0xc1 },
- {
- 0x16, 0x35, 0xb1, 0x66, 0x28, 0xa3, 0x3e, 0x19, 0xf5, 0x2d, 0x92, 0x22,
- 0x95, 0x48, 0xe8, 0x34, 0x7b, 0x30, 0x50, 0xa2, 0xa0, 0xd9, 0xc2, 0x59,
- 0x39, 0xf9, 0x8c, 0x69, 0xf2, 0x2a, 0xb9, 0xff },
- {
- 0x32, 0x71, 0xa6, 0x87, 0x0c, 0x97, 0x42, 0x07, 0xdd, 0x5f, 0xc9, 0x44,
- 0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b,
- 0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 }
- },
- #ifdef WOLFSSL_SHA384
- { /* 26 */
- WC_HASH_TYPE_SHA384, 35, 35,
- { /* PSK */
- 0x62, 0x83, 0x25, 0xc7, 0xcc, 0x08, 0x5e, 0x63,
- 0x64, 0x56, 0xf0, 0xc6, 0x88, 0x27, 0x5a, 0x5b,
- 0x68, 0x59, 0x0b, 0x14, 0x55, 0x13, 0x2e, 0xfd,
- 0x8f, 0x28, 0x5b, 0x3d, 0xe3, 0xad, 0x67, 0xe4,
- 0x68, 0xba, 0xf9
- },
- { /* DHE */
- 0xa8, 0xb1, 0xab, 0xd8, 0xc8, 0x5b, 0x52, 0xdf,
- 0x7f, 0x49, 0x10, 0xf4, 0xa1, 0x31, 0xd1, 0x91,
- 0x36, 0xc1, 0x87, 0x5d, 0x42, 0x2a, 0xe7, 0x1d,
- 0x2c, 0x29, 0x3d, 0x40, 0x64, 0x61, 0x63, 0x76,
- 0xd8, 0x66, 0xac
- },
- { /* Hello 1 */
- 0x6f, 0xc6, 0x4c, 0xe1, 0xc6, 0x68, 0x34, 0x8c,
- 0x0a, 0xe1, 0xf8, 0xb8, 0x3e, 0xd4, 0xf8, 0x0b,
- 0x54, 0x50, 0xe4, 0xc5, 0x4a, 0x33, 0x7d, 0xbd,
- 0x90, 0xd2, 0xa2, 0xb9, 0xb7, 0x92, 0xed, 0xab,
- 0x14, 0xf1, 0xe4, 0x86, 0x22, 0x67, 0xd7, 0x44,
- 0x03, 0x21, 0xdc, 0x51, 0x52, 0x7f, 0x35, 0x80
- },
- { /* Hello 2 */
- 0x3e, 0xcf, 0x2f, 0xc3, 0x87, 0xba, 0xc5, 0xbd,
- 0x7c, 0xe8, 0x35, 0x5b, 0x95, 0x51, 0x30, 0x3b,
- 0x08, 0xcc, 0x2a, 0x7d, 0xb5, 0x74, 0x7c, 0x16,
- 0xb3, 0x0b, 0xe7, 0x61, 0xa3, 0x7c, 0x6c, 0xbd,
- 0x39, 0x74, 0xfd, 0x1e, 0x4c, 0xff, 0xc8, 0xcc,
- 0xa0, 0xef, 0x29, 0x4d, 0x94, 0xaa, 0x55, 0x6f,
- },
- { /* Finished 1 */
- 0x06, 0xc1, 0x47, 0x78, 0x66, 0x53, 0x6f, 0x24,
- 0x94, 0x61, 0x69, 0xec, 0xd8, 0x60, 0x31, 0x2f,
- 0xbf, 0xd6, 0x8a, 0x29, 0x17, 0xff, 0xa3, 0x88,
- 0x13, 0x09, 0x8c, 0x9d, 0x6c, 0x64, 0x84, 0x48,
- 0x44, 0xdd, 0x2d, 0x29, 0x4d, 0xe6, 0x98, 0x2b,
- 0x45, 0x3b, 0x84, 0x33, 0x79, 0xb2, 0x75, 0x68
- },
- { /* Finished 2 */
- 0x28, 0x1e, 0x18, 0xf7, 0x9c, 0x32, 0xa9, 0xbf,
- 0x0c, 0x24, 0x58, 0x21, 0xce, 0xbc, 0xf2, 0x44,
- 0xb1, 0x18, 0xaf, 0x9d, 0xd9, 0x20, 0xf9, 0xf4,
- 0xed, 0xcc, 0x53, 0x82, 0x66, 0x5c, 0x46, 0x94,
- 0x8c, 0x36, 0x5e, 0xca, 0x9f, 0xd8, 0x9a, 0xd3,
- 0xf0, 0xe1, 0x53, 0x71, 0xdd, 0x19, 0x1e, 0x59
- },
- {
- 0xd0, 0xef, 0xa8, 0xcb, 0x5b, 0x14, 0x0f, 0x0a, 0x62, 0xba, 0x5a, 0xb1,
- 0xc5, 0xb5, 0x3f, 0x11, 0xda, 0xa1, 0x0c, 0x9c, 0xb4, 0x32, 0x48, 0x4e,
- 0xfa, 0x84, 0x4f, 0xe4, 0xe7, 0x91, 0x8f, 0x42, 0x3f, 0xc7, 0x4e, 0xd3,
- 0x83, 0x3d, 0x7f, 0x70, 0x12, 0xee, 0x9a, 0x37, 0x01, 0xbb, 0x14, 0xd3
- },
- {
- 0x48, 0x6f, 0x77, 0x1d, 0x39, 0x1b, 0xa5, 0x9a, 0x76, 0xd9, 0x1d, 0x7d,
- 0xb3, 0xd9, 0xb9, 0x78, 0x35, 0x0f, 0xd0, 0xe1, 0x07, 0x1f, 0x8d, 0xe5,
- 0x75, 0x00, 0xda, 0xc0, 0x19, 0x01, 0xfb, 0x08, 0x35, 0xe7, 0x18, 0x8f,
- 0xf0, 0x19, 0xfb, 0x46, 0xf6, 0xa5, 0x77, 0x0e, 0x90, 0x38, 0x8b, 0x15
- },
- {
- 0x80, 0x8c, 0xa7, 0x24, 0x97, 0xf9, 0xd3, 0x52, 0xb0, 0x69, 0x9d, 0x4b,
- 0xa4, 0x19, 0x4a, 0xb1, 0x46, 0x53, 0x3a, 0xc8, 0xe4, 0x02, 0x69, 0xf2,
- 0xe7, 0xb6, 0x1d, 0x33, 0x51, 0xcc, 0x14, 0x40, 0x4a, 0xb0, 0xe7, 0x58,
- 0x84, 0xba, 0xc2, 0x14, 0x58, 0x6b, 0xb9, 0xdc, 0x50, 0x98, 0x67, 0x01
- },
- {
- 0xb1, 0xa8, 0xc0, 0x06, 0xb3, 0x2e, 0xa7, 0x8a, 0x6a, 0x12, 0x88, 0x00,
- 0x65, 0x88, 0x9c, 0x5d, 0x35, 0xee, 0xe5, 0x51, 0x0b, 0x62, 0xf8, 0x67,
- 0xe5, 0xef, 0x15, 0x1f, 0x23, 0x02, 0x74, 0x08, 0x9c, 0xc8, 0xba, 0x27,
- 0x5d, 0x32, 0x19, 0x6f, 0x6d, 0x5d, 0x72, 0x5e, 0x15, 0xde, 0x30, 0xc3
- },
- {
- 0xfd, 0xce, 0xf5, 0x65, 0x45, 0x84, 0xfb, 0x8c, 0x79, 0xa4, 0x6c, 0x1b,
- 0x0e, 0x1b, 0xfd, 0x26, 0xa2, 0x53, 0xf4, 0x4e, 0x00, 0x4d, 0x4b, 0x0b,
- 0x24, 0x6d, 0x35, 0x35, 0xd9, 0x97, 0x70, 0xc5, 0xf4, 0xee, 0xe3, 0xba,
- 0x31, 0x1e, 0x2a, 0x42, 0xcb, 0xdf, 0x40, 0xb1, 0x14, 0xb8, 0x53, 0xce
- },
- {
- 0xbb, 0xb3, 0x26, 0x7c, 0x22, 0x21, 0x9b, 0x72, 0x32, 0xa1, 0x97, 0xfb,
- 0x78, 0x8c, 0xbe, 0x3d, 0x71, 0x45, 0xb8, 0xf5, 0x24, 0x8f, 0x0f, 0xac,
- 0x42, 0x5b, 0x81, 0xe8, 0xd0, 0x71, 0x4a, 0xcb, 0x32, 0x3f, 0x03, 0xfb,
- 0xec, 0x6a, 0x1f, 0x76, 0x80, 0x65, 0x01, 0x7a, 0x3d, 0xce, 0xc4, 0xdf
- },
- {
- 0x3f, 0xcf, 0x2f, 0x63, 0x94, 0x94, 0x99, 0xfd, 0x04, 0x3a, 0x89, 0x83,
- 0xcf, 0x06, 0x05, 0xec, 0x20, 0x3e, 0x5f, 0x51, 0x9d, 0x6e, 0x4a, 0xc6,
- 0xf1, 0x2b, 0x37, 0x17, 0x34, 0x72, 0x6e, 0x1d, 0x2a, 0xfd, 0xc7, 0x73,
- 0xb5, 0x07, 0x22, 0x81, 0x32, 0x2e, 0x21, 0x85, 0xaf, 0x10, 0xb2, 0x73
- },
- {
- 0x52, 0x0c, 0x3d, 0x2e, 0x2d, 0x4a, 0x11, 0xae, 0x96, 0x78, 0xe9, 0x5b,
- 0xd8, 0x0f, 0x6c, 0xf4, 0xbd, 0x96, 0x13, 0x55, 0x88, 0xdd, 0xa3, 0x67,
- 0x36, 0x86, 0x1e, 0x0b, 0x36, 0x41, 0xec, 0xf6, 0x04, 0xb2, 0xc4, 0x16,
- 0xbc, 0x2c, 0xdb, 0x30, 0x02, 0x94, 0xd4, 0x42, 0xbf, 0x38, 0xee, 0x9d
- }
- },
- { /* 36 */
- WC_HASH_TYPE_SHA384, 0, 33,
- { 0 }, /* PSK */
- { /* DHE */
- 0xd3, 0x00, 0x72, 0x9a, 0xa8, 0xc5, 0xf3, 0xc4,
- 0xf1, 0xa0, 0x26, 0x89, 0x65, 0x70, 0xc7, 0x0b,
- 0x77, 0xbb, 0xe1, 0x4b, 0x2b, 0xa8, 0x4f, 0xa6,
- 0x09, 0x4b, 0xba, 0x45, 0x36, 0x15, 0xee, 0x68,
- 0xfd
- },
- { /* Hello 1 */
- 0x10, 0x9d, 0x8b, 0xa2, 0x93, 0xe7, 0xd3, 0xb9,
- 0xb4, 0x0f, 0xeb, 0x6a, 0xb9, 0x69, 0xcb, 0x39,
- 0x16, 0x29, 0xcc, 0xd3, 0xcc, 0x1a, 0x4c, 0x1b,
- 0x53, 0x7c, 0x33, 0x88, 0x06, 0xbc, 0x0a, 0x02,
- 0xa0, 0xbe, 0x62, 0xc0, 0xe6, 0x5e, 0x97, 0x5b,
- 0x6a, 0xa1, 0x98, 0xf3, 0xd2, 0x1e, 0xcd, 0xc5
- },
- { /* Hello 2 */
- 0x74, 0xc0, 0x07, 0x2c, 0xc1, 0x63, 0xcc, 0x11,
- 0xad, 0x1a, 0x55, 0x63, 0xbc, 0x20, 0x77, 0x96,
- 0x30, 0x1c, 0x68, 0x45, 0x1e, 0x9b, 0xa7, 0xb4,
- 0xf3, 0x04, 0x45, 0x16, 0x76, 0x55, 0xf9, 0xdf,
- 0x4b, 0x2f, 0x1a, 0xdf, 0x5a, 0xb0, 0x93, 0xc9,
- 0xab, 0xf5, 0x32, 0x47, 0x79, 0x9c, 0x01, 0xeb
- },
- { /* Finished 1 */
- 0x27, 0x08, 0x8e, 0xa5, 0xf1, 0x30, 0xe1, 0xd6,
- 0x4f, 0xa2, 0x9e, 0x3b, 0x03, 0x2d, 0x2e, 0xa3,
- 0x84, 0x75, 0x51, 0x3a, 0xc3, 0xf6, 0xee, 0x2e,
- 0x37, 0x0c, 0xe3, 0x28, 0x46, 0xa5, 0x2d, 0xc7,
- 0xf0, 0x64, 0x78, 0x53, 0x66, 0x43, 0x02, 0xa4,
- 0x7a, 0x43, 0x66, 0x4b, 0xa7, 0xcb, 0x97, 0x16
- },
- { /* Finished 2 */
- 0x1d, 0x0d, 0xf8, 0xe1, 0x81, 0xa5, 0xbd, 0xa8,
- 0x6f, 0x9d, 0x01, 0xa4, 0x9a, 0x92, 0xe2, 0xef,
- 0x08, 0xab, 0xef, 0x3e, 0x2d, 0xd4, 0x82, 0xac,
- 0x68, 0x9d, 0xe0, 0x54, 0x17, 0xde, 0x1a, 0xed,
- 0x57, 0xcb, 0xd9, 0x2d, 0xc8, 0xbc, 0x93, 0xe6,
- 0xa3, 0xec, 0xde, 0xee, 0xa1, 0x1c, 0x41, 0x85
- },
- {
- 0x7f, 0x1f, 0xe6, 0x7b, 0xd8, 0xf5, 0x2b, 0x37, 0xbe, 0xb7, 0xd0, 0x37,
- 0xce, 0x46, 0xad, 0x04, 0x2f, 0xc7, 0xdb, 0xc9, 0x9a, 0xb6, 0x00, 0x3f,
- 0xc1, 0x97, 0xe9, 0x5c, 0x5e, 0x14, 0xd1, 0x38, 0x4d, 0x55, 0xe1, 0x07,
- 0xb5, 0x85, 0x6d, 0xfa, 0xa7, 0x66, 0xad, 0xfa, 0xb6, 0xad, 0x29, 0x44
- },
- {
- 0x4e, 0x6b, 0x20, 0x99, 0x55, 0x1b, 0x21, 0x89, 0xb6, 0x70, 0xdb, 0xe8,
- 0xa7, 0x16, 0x55, 0xf2, 0x93, 0x13, 0x90, 0x7d, 0xfa, 0x62, 0x65, 0x53,
- 0xa0, 0x97, 0xe9, 0xb4, 0xc0, 0xf1, 0xc9, 0x1a, 0x67, 0xdd, 0xca, 0x57,
- 0xbc, 0xca, 0x39, 0xe6, 0x39, 0x6b, 0x63, 0x47, 0x25, 0x08, 0x3a, 0xd7
- },
- {
- 0x35, 0x0d, 0xac, 0xd8, 0x10, 0x6a, 0x46, 0x50, 0x66, 0xae, 0x02, 0xc9,
- 0xde, 0x13, 0x48, 0xce, 0x53, 0xd4, 0x92, 0x62, 0xc5, 0x65, 0x10, 0x08,
- 0xc2, 0xc2, 0x82, 0xed, 0x9d, 0xc9, 0x6f, 0xa8, 0xc3, 0xc1, 0x0b, 0x7c,
- 0xe1, 0x97, 0x85, 0xd6, 0x46, 0x29, 0x0e, 0x42, 0x51, 0xc1, 0x35, 0xcf
- },
- {
- 0x3d, 0x5d, 0x84, 0xbd, 0x16, 0x46, 0x34, 0xb3, 0xf6, 0x31, 0x49, 0x3e,
- 0x8d, 0xdc, 0xcb, 0x8c, 0x6a, 0x42, 0xf4, 0x88, 0xfc, 0x19, 0xfa, 0xa2,
- 0x25, 0xc7, 0xa0, 0xa4, 0xca, 0xf0, 0xea, 0x2d, 0xe8, 0xc4, 0x02, 0x14,
- 0x63, 0xfb, 0xd3, 0x7b, 0x51, 0x1c, 0xce, 0xca, 0xa3, 0xc3, 0xe4, 0xa5
- },
- {
- 0x7c, 0x3a, 0x55, 0x92, 0x2e, 0xdd, 0x75, 0xdd, 0x76, 0x54, 0x4a, 0x9f,
- 0xd0, 0xa2, 0x88, 0x83, 0xe9, 0x27, 0xda, 0x30, 0xe9, 0x96, 0x58, 0xc5,
- 0xb7, 0x56, 0xfc, 0x4b, 0xb8, 0x5d, 0xee, 0x46, 0x70, 0x4e, 0x1b, 0x06,
- 0x86, 0xaf, 0x48, 0x5c, 0x17, 0x35, 0xfa, 0x69, 0xc2, 0x4d, 0xfb, 0x09
- },
- {
- 0x00, 0x0e, 0x28, 0x51, 0xc1, 0x7f, 0x41, 0x89, 0x6f, 0x9a, 0xca, 0x15,
- 0xee, 0xed, 0x43, 0xca, 0x6d, 0x65, 0x6f, 0x51, 0x18, 0x6c, 0x08, 0x4b,
- 0x77, 0xca, 0x75, 0xc4, 0xc3, 0xde, 0x29, 0x41, 0x8b, 0xaf, 0xa7, 0x1c,
- 0x28, 0x37, 0xa0, 0xa0, 0x74, 0x8e, 0x09, 0x42, 0x7a, 0x1b, 0x68, 0xdb
- },
- {
- 0x14, 0x8f, 0xab, 0x28, 0x64, 0xea, 0x45, 0x88, 0xdb, 0xc1, 0xc6, 0xa0,
- 0x48, 0xdf, 0x15, 0xd0, 0x28, 0x07, 0x2d, 0x6c, 0xb8, 0x42, 0xbb, 0x60,
- 0x02, 0x08, 0x9e, 0x29, 0x9b, 0x8d, 0xd6, 0x1c, 0xaf, 0xf2, 0x1a, 0xdc,
- 0xf0, 0x78, 0x0b, 0x4d, 0x90, 0xa1, 0x0c, 0xb3, 0x13, 0xde, 0xca, 0x5a
- },
- {
- 0x4d, 0x80, 0x7d, 0x0b, 0xb9, 0x00, 0x6f, 0x65, 0x51, 0x65, 0x23, 0xde,
- 0x72, 0xdc, 0x4f, 0x04, 0xa5, 0xa2, 0x90, 0x45, 0x51, 0x9e, 0xd0, 0x3a,
- 0xe4, 0xd7, 0x78, 0xa3, 0x0f, 0x2d, 0x65, 0x12, 0xad, 0xc8, 0x92, 0x30,
- 0x79, 0x9d, 0x9d, 0x08, 0x7a, 0x9c, 0x9f, 0x83, 0xb1, 0xca, 0x59, 0x56
- }
- },
- { /* 41 */
- WC_HASH_TYPE_SHA384, 33, 0,
- { /* PSK */
- 0xa4, 0x8b, 0x1b, 0x5f, 0xd0, 0xea, 0x75, 0x62,
- 0x06, 0x4d, 0x68, 0x40, 0x85, 0x20, 0x45, 0x95,
- 0x4a, 0x00, 0xca, 0x05, 0xeb, 0xd4, 0x1d, 0x48,
- 0x81, 0x89, 0xe8, 0x86, 0x43, 0xfa, 0x28, 0x17,
- 0x12
- },
- { 0 }, /* DHE */
- { /* Hello 1 */
- 0x03, 0x7c, 0x33, 0x75, 0xdc, 0xc5, 0x46, 0x3a,
- 0x0d, 0x56, 0xc6, 0xfb, 0xab, 0x1e, 0x1d, 0xda,
- 0x59, 0xc2, 0xb2, 0xb1, 0x7c, 0x48, 0x9b, 0x06,
- 0x0a, 0x5a, 0xbb, 0xf8, 0x98, 0x53, 0x78, 0x2d,
- 0xd2, 0xcc, 0x87, 0x68, 0x25, 0xdd, 0x88, 0x22,
- 0xcd, 0xb7, 0x74, 0x55, 0x21, 0xf9, 0x34, 0x98
- },
- { /* Hello 2 */
- 0x03, 0xb4, 0xfb, 0xcc, 0x28, 0x2c, 0xc1, 0x70,
- 0x42, 0x73, 0x57, 0xac, 0xdb, 0x47, 0x71, 0xf6,
- 0x2e, 0x11, 0x8a, 0x5b, 0x47, 0x2f, 0x02, 0x54,
- 0x95, 0x34, 0xed, 0x5f, 0x19, 0xc1, 0x75, 0xe0,
- 0x76, 0xad, 0xb0, 0x90, 0x57, 0xcd, 0xfd, 0xd7,
- 0x58, 0x1f, 0x0d, 0x6b, 0x9e, 0x51, 0x3c, 0x08
- },
- { /* Finished 1 */
- 0x2b, 0x50, 0xd9, 0xa7, 0x43, 0x24, 0xda, 0x2c,
- 0x7a, 0xaa, 0x0e, 0x37, 0xd7, 0x6b, 0x2c, 0xab,
- 0x8e, 0xb2, 0xfe, 0x31, 0x1b, 0xa8, 0x12, 0x59,
- 0x5b, 0x7b, 0xdc, 0x3e, 0xa7, 0x86, 0xa5, 0x48,
- 0xe4, 0x46, 0x2b, 0x4c, 0xc1, 0x66, 0x4b, 0xf3,
- 0x2a, 0x99, 0x93, 0x08, 0xbc, 0x3d, 0x08, 0x76
- },
- { /* Finished 2 */
- 0x7c, 0x34, 0xc8, 0x56, 0x17, 0xf1, 0x62, 0x1c,
- 0x9f, 0x0b, 0xeb, 0xfd, 0x69, 0x72, 0x51, 0xc5,
- 0xfa, 0x74, 0x87, 0xc9, 0xbd, 0x50, 0xe9, 0x48,
- 0xa7, 0x3c, 0x94, 0x3e, 0x06, 0x7d, 0xe8, 0x8e,
- 0xc1, 0xd1, 0x08, 0x1f, 0x5d, 0x48, 0x8a, 0x25,
- 0xfc, 0xea, 0xe7, 0xd9, 0xd4, 0xd0, 0xf9, 0xad
- },
- {
- 0x4b, 0x0b, 0xed, 0xb9, 0xc8, 0xb8, 0xa8, 0x1e, 0xb0, 0x81, 0x76, 0xd5,
- 0x33, 0x22, 0x71, 0x33, 0x3a, 0x85, 0x19, 0x67, 0x7e, 0x91, 0x37, 0xf2,
- 0xa6, 0x11, 0x22, 0xdf, 0x41, 0x04, 0x3d, 0xa9, 0x13, 0xb9, 0xb2, 0xb1,
- 0xbb, 0xd8, 0xef, 0x23, 0x7c, 0xc2, 0xab, 0x70, 0x1b, 0x51, 0x9f, 0xc9
- },
- {
- 0xeb, 0x96, 0x10, 0x8c, 0x7d, 0x92, 0xea, 0x80, 0x86, 0xb2, 0xf8, 0x27,
- 0xf2, 0x9a, 0x09, 0xc1, 0x7c, 0x09, 0x43, 0xbc, 0xfe, 0xc8, 0x75, 0xe0,
- 0x97, 0xe7, 0x6d, 0xd5, 0xb2, 0x3c, 0xed, 0x12, 0xb7, 0x74, 0x0e, 0xe3,
- 0xb6, 0xe0, 0xba, 0xe1, 0x8d, 0x89, 0xcf, 0x4f, 0x57, 0xf6, 0x6d, 0x90
- },
- {
- 0x22, 0xb0, 0x39, 0x34, 0xb6, 0x6c, 0x2d, 0x7a, 0x97, 0x1c, 0x5d, 0xcc,
- 0x78, 0x84, 0x71, 0xbb, 0xc6, 0x7b, 0xb6, 0xbc, 0xcc, 0x0b, 0xf8, 0xac,
- 0x8e, 0xd7, 0x20, 0xbd, 0xbe, 0x32, 0xf0, 0xd6, 0xe9, 0x69, 0x13, 0xf2,
- 0x9a, 0xce, 0xfe, 0x86, 0xd3, 0xee, 0xba, 0x69, 0x51, 0xb6, 0x77, 0x56
- },
- {
- 0x16, 0xfd, 0xda, 0xf3, 0x5e, 0xb9, 0xa6, 0x17, 0x24, 0xb2, 0x16, 0x9f,
- 0xb6, 0x59, 0x13, 0x0f, 0x25, 0x5a, 0xf1, 0x5b, 0x5f, 0xe4, 0x54, 0x2a,
- 0xa7, 0xbf, 0x29, 0xaf, 0x5a, 0x77, 0xf4, 0x4f, 0x25, 0xba, 0x94, 0xad,
- 0x6b, 0x91, 0x3b, 0xe7, 0xd5, 0x73, 0x0d, 0xff, 0xaa, 0xe3, 0x72, 0x2c
- },
- {
- 0x22, 0xb4, 0x94, 0xc0, 0x53, 0xd7, 0x82, 0x06, 0x38, 0x9d, 0x4a, 0xa0,
- 0x3f, 0xf1, 0x5f, 0x6e, 0x23, 0x8d, 0x09, 0x62, 0xbf, 0x6f, 0x7c, 0x84,
- 0xc6, 0x3e, 0x15, 0xad, 0x18, 0x37, 0x76, 0x29, 0xc7, 0xd6, 0x68, 0x0c,
- 0x1e, 0xc6, 0x93, 0x31, 0xef, 0x85, 0x69, 0x30, 0x68, 0xf0, 0x1e, 0x37
- },
- {
- 0x6d, 0x4d, 0x20, 0xaf, 0x47, 0xe8, 0x1b, 0xfa, 0xd0, 0xb6, 0xc8, 0x97,
- 0xd1, 0x03, 0xfc, 0x9d, 0x59, 0xa0, 0x68, 0x9d, 0xe9, 0x17, 0x8b, 0xce,
- 0x48, 0x2c, 0x77, 0x8a, 0x22, 0x4b, 0x5c, 0x54, 0x22, 0xa1, 0x15, 0x12,
- 0xe1, 0x07, 0x8e, 0x15, 0xd8, 0x7b, 0x16, 0x65, 0x99, 0x6b, 0xcb, 0x71
- },
- {
- 0x79, 0x64, 0x79, 0xdd, 0x75, 0x5c, 0x6f, 0x98, 0xac, 0x03, 0xe0, 0xcd,
- 0x92, 0xba, 0x0e, 0x2d, 0xb4, 0xd1, 0x8b, 0x97, 0xd0, 0x85, 0xbb, 0x2e,
- 0x4f, 0x26, 0x93, 0xf5, 0x1d, 0xf3, 0xd2, 0x43, 0x4f, 0xd2, 0x47, 0xaa,
- 0x91, 0x1e, 0xf3, 0x67, 0x10, 0x18, 0x2c, 0xb9, 0x01, 0xba, 0x10, 0x9f
- },
- {
- 0x79, 0xb6, 0x9c, 0xbe, 0xf1, 0x6a, 0xb0, 0x92, 0xa0, 0x29, 0x52, 0x61,
- 0xf1, 0xcd, 0x3a, 0x67, 0xe1, 0x6b, 0xb8, 0x9d, 0x0d, 0x95, 0xb6, 0x03,
- 0x80, 0x1f, 0xd5, 0x75, 0xb6, 0x1d, 0x79, 0x02, 0x93, 0x43, 0x77, 0xa7,
- 0x9d, 0x2f, 0xc3, 0x84, 0xc6, 0x83, 0x76, 0x16, 0x06, 0x98, 0x7b, 0x79
- }
- },
- #endif /* WOLFSSL_SHA384 */
- };
- static const char protocolLabel[] = "tls13 ";
- static const char ceTrafficLabel[] = "c e traffic";
- static const char eExpMasterLabel[] = "e exp master";
- static const char cHsTrafficLabel[] = "c hs traffic";
- static const char sHsTrafficLabel[] = "s hs traffic";
- static const char cAppTrafficLabel[] = "c ap traffic";
- static const char sAppTrafficLabel[] = "s ap traffic";
- static const char expMasterLabel[] = "exp master";
- static const char resMasterLabel[] = "res master";
- static const char derivedLabel[] = "derived";
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
- {
- wc_test_ret_t ret = 0;
- word32 i;
- word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector);
- const Tls13KdfTestVector* tv = NULL;
- WOLFSSL_ENTER("tls13_kdf_test");
- for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) {
- byte output[WC_MAX_DIGEST_SIZE];
- byte secret[WC_MAX_DIGEST_SIZE];
- byte salt[WC_MAX_DIGEST_SIZE];
- byte zeroes[WC_MAX_DIGEST_SIZE];
- byte hashZero[WC_MAX_DIGEST_SIZE];
- int hashAlgSz;
- XMEMSET(zeroes, 0, sizeof zeroes);
- hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
- if (hashAlgSz == BAD_FUNC_ARG) break;
- ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
- (tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
- tv->pskSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel),
- tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel),
- tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
- hashZero, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
- (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
- tv->dheSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel),
- tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
- output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel),
- tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
- hashZero, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
- zeroes, (word32)(word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel),
- tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel),
- tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel),
- tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel),
- tv->hashFinished2, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- }
- return ret;
- }
- #endif /* WOLFSSL_TLS13 */
- static const int fiducial2 = WC_TEST_RET_LN; /* source code reference point --
- * see print_fiducials() below.
- */
- #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
- {
- wc_test_ret_t ret;
- byte kek[128];
- #ifndef NO_SHA
- /* SHA-1, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
- 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
- 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
- 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
- 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
- };
- #endif
- #ifndef NO_SHA256
- /* SHA-256, COUNT = 3
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
- 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
- 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
- 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
- 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
- };
- #endif
- #ifdef WOLFSSL_SHA512
- /* SHA-512, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
- 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
- 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
- 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
- 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
- };
- /* SHA-512, COUNT = 0
- * shared secret length: 521
- * SharedInfo length: 128
- * key data length: 1024
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
- 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
- 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
- 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
- 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
- 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
- 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
- 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
- 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
- 0x5a, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
- 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
- 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
- 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
- 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
- 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
- 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
- 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
- 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
- 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
- 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
- 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
- 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
- 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
- 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
- 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
- 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
- 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
- };
- #endif
- WOLFSSL_ENTER("x963kdf_test");
- #ifndef NO_SHA
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
- kek, sizeof(verify));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifndef NO_SHA256
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
- kek, sizeof(verify2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
- kek, sizeof(verify3));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
- sizeof(info4), kek, sizeof(verify4));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- return 0;
- }
- #endif /* HAVE_X963_KDF */
- #if defined(HAVE_HPKE) && \
- (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \
- defined(HAVE_AESGCM)
- static wc_test_ret_t hpke_test_single(Hpke* hpke)
- {
- wc_test_ret_t ret = 0;
- int rngRet = 0;
- WC_RNG rng[1];
- const char* start_text = "this is a test";
- const char* info_text = "info";
- const char* aad_text = "aad";
- byte ciphertext[MAX_HPKE_LABEL_SZ];
- byte plaintext[MAX_HPKE_LABEL_SZ];
- void* receiverKey = NULL;
- void* ephemeralKey = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- byte *pubKey = NULL; /* public key */
- word16 pubKeySz = (word16)HPKE_Npk_MAX;
- #else
- byte pubKey[HPKE_Npk_MAX]; /* public key */
- word16 pubKeySz = (word16)sizeof(pubKey);
- #endif
- rngRet = ret = wc_InitRng(rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SMALL_STACK
- if (ret == 0) {
- pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pubKey == NULL)
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- }
- #endif
- /* generate the keys */
- if (ret == 0) {
- ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* seal */
- if (ret == 0) {
- ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
- (byte*)info_text, (word32)XSTRLEN(info_text),
- (byte*)aad_text, (word32)XSTRLEN(aad_text),
- (byte*)start_text, (word32)XSTRLEN(start_text),
- ciphertext);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* export ephemeral key */
- if (ret == 0) {
- ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* open with exported ephemeral key */
- if (ret == 0) {
- ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
- (byte*)info_text, (word32)XSTRLEN(info_text),
- (byte*)aad_text, (word32)XSTRLEN(aad_text),
- ciphertext, (word32)XSTRLEN(start_text),
- plaintext);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
- if (ret != 0)
- ret = WC_TEST_RET_ENC_NC;
- }
- /* Negative test case with NULL argument */
- if (ret == 0) {
- ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng);
- if (ret != BAD_FUNC_ARG)
- ret = WC_TEST_RET_ENC_EC(ret);
- else
- ret = 0;
- }
- if (ret == 0) {
- ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng);
- if (ret != BAD_FUNC_ARG)
- ret = WC_TEST_RET_ENC_EC(ret);
- else
- ret = 0;
- }
- if (ret == 0) {
- ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL);
- if (ret != BAD_FUNC_ARG)
- ret = WC_TEST_RET_ENC_EC(ret);
- else
- ret = 0;
- }
- if (ephemeralKey != NULL)
- wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
- if (receiverKey != NULL)
- wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
- #ifdef WOLFSSL_SMALL_STACK
- if (pubKey != NULL)
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (rngRet == 0)
- wc_FreeRng(rng);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
- {
- wc_test_ret_t ret = 0;
- Hpke hpke[1];
- WOLFSSL_ENTER("hpke_test");
- #if defined(HAVE_ECC)
- #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
- /* p256 */
- ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256,
- HPKE_AES_128_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SHA384) && \
- (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
- /* p384 */
- ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384,
- HPKE_AES_128_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
- (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
- /* p521 */
- ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512,
- HPKE_AES_128_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #endif
- #if defined(HAVE_CURVE25519)
- /* test with curve25519 and aes256 */
- ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256,
- HPKE_AES_256_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #if defined(HAVE_CURVE448) && \
- (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
- /* test with curve448 and aes256 */
- ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512,
- HPKE_AES_256_GCM, NULL);
- /* HPKE does not support X448 yet, so expect failure */
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- /* HPKE does not support X448 yet, so expect failure */
- if (WC_TEST_RET_DEC_EC(ret) != BAD_FUNC_ARG)
- return ret;
- ret = 0; /* reset error code */
- #endif
- /* TODO: HPKE chacha20 is not implemented */
- return ret;
- }
- #endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM */
- #if defined(WC_SRTP_KDF)
- typedef struct Srtp_Kdf_Tv {
- const unsigned char* key;
- word32 keySz;
- const unsigned char* salt;
- word32 saltSz;
- int kdfIdx;
- const unsigned char* index;
- const unsigned char* ke;
- const unsigned char* ka;
- const unsigned char* ks;
- const unsigned char* index_c;
- const unsigned char* ke_c;
- const unsigned char* ka_c;
- const unsigned char* ks_c;
- word32 keSz;
- word32 kaSz;
- word32 ksSz;
- } Srtp_Kdf_Tv;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
- {
- wc_test_ret_t ret = 0;
- /* 128-bit key, kdrIdx = -1 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_0[] = {
- 0xc4, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
- 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_0[] = {
- 0x0e, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56,
- 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_0[] = {
- 0x48, 0x71, 0x65, 0x64, 0x9c, 0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_0[] = {
- 0xdc, 0x38, 0x21, 0x92, 0xab, 0x65, 0x10, 0x8a,
- 0x86, 0xb2, 0x59, 0xb6, 0x1b, 0x3a, 0xf4, 0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_0[] = {
- 0xb8, 0x39, 0x37, 0xfb, 0x32, 0x17, 0x92, 0xee,
- 0x87, 0xb7, 0x88, 0x19, 0x3b, 0xe5, 0xa4, 0xe3,
- 0xbd, 0x32, 0x6e, 0xe4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_0[] = {
- 0xf1, 0xc0, 0x35, 0xc0, 0x0b, 0x5a, 0x54, 0xa6,
- 0x16, 0x92, 0xc0, 0x16, 0x27, 0x6c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_0[] = {
- 0x56, 0xf3, 0xf1, 0x97
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_0[] = {
- 0xab, 0x5b, 0xe0, 0xb4, 0x56, 0x23, 0x5d, 0xcf,
- 0x77, 0xd5, 0x08, 0x69, 0x29, 0xba, 0xfb, 0x38
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_0[] = {
- 0xc5, 0x2f, 0xde, 0x0b, 0x80, 0xb0, 0xf0, 0xba,
- 0xd8, 0xd1, 0x56, 0x45, 0xcb, 0x86, 0xe7, 0xc7,
- 0xc3, 0xd8, 0x77, 0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_0[] = {
- 0xde, 0xb5, 0xf8, 0x5f, 0x81, 0x33, 0x6a, 0x96,
- 0x5e, 0xd3, 0x2b, 0xb7, 0xed, 0xe8
- };
- /* 192-bit key, kdrIdx = 0 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_1[] = {
- 0xbb, 0x04, 0x5b, 0x1f, 0x53, 0xc6, 0x93, 0x2c,
- 0x2b, 0xa6, 0x88, 0xf5, 0xe3, 0xf2, 0x24, 0x70,
- 0xe1, 0x7d, 0x7d, 0xec, 0x8a, 0x93, 0x4d, 0xf2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_1[] = {
- 0xe7, 0x22, 0xab, 0x92, 0xfc, 0x7c, 0x89, 0xb6,
- 0x53, 0x8a, 0xf9, 0x3c, 0xb9, 0x52
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_1[] = {
- 0xd7, 0x87, 0x8f, 0x33, 0xb1, 0x76
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_1[] = {
- 0x2c, 0xc8, 0x3e, 0x54, 0xb2, 0x33, 0x89, 0xb3,
- 0x71, 0x65, 0x0f, 0x51, 0x61, 0x65, 0xe4, 0x93,
- 0x07, 0x4e, 0xb3, 0x47, 0xba, 0x2d, 0x60, 0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_1[] = {
- 0x2e, 0x80, 0xe4, 0x82, 0x55, 0xa2, 0xbe, 0x6d,
- 0xe0, 0x46, 0xcc, 0xc1, 0x75, 0x78, 0x6e, 0x78,
- 0xd1, 0xd1, 0x47, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_1[] = {
- 0xe0, 0xc1, 0xe6, 0xaf, 0x1e, 0x8d, 0x8c, 0xfe,
- 0xe5, 0x60, 0x70, 0xb5, 0xe6, 0xea
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_1[] = {
- 0x40, 0xbf, 0xd4, 0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_1[] = {
- 0x94, 0x0f, 0x55, 0xce, 0x58, 0xd8, 0x16, 0x65,
- 0xf0, 0xfa, 0x46, 0x40, 0x0c, 0xda, 0xb1, 0x11,
- 0x9e, 0x69, 0xa0, 0x93, 0x4e, 0xd7, 0xf2, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_1[] = {
- 0xf5, 0x41, 0x6f, 0xc2, 0x65, 0xc5, 0xb3, 0xef,
- 0xbb, 0x22, 0xc8, 0xfc, 0x6b, 0x00, 0x14, 0xb2,
- 0xf3, 0x3b, 0x8e, 0x29
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_1[] = {
- 0x35, 0xb7, 0x42, 0x43, 0xf0, 0x01, 0x01, 0xb4,
- 0x68, 0xa1, 0x28, 0x80, 0x37, 0xf0
- };
- /* 256-bit key, kdrIdx = 1 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_2[] = {
- 0x10, 0x38, 0x0a, 0xcd, 0xd6, 0x47, 0xab, 0xee,
- 0xc0, 0xd4, 0x44, 0xf4, 0x7e, 0x51, 0x36, 0x02,
- 0x79, 0xa8, 0x94, 0x80, 0x35, 0x40, 0xed, 0x50,
- 0xf4, 0x45, 0x30, 0x3d, 0xb5, 0xf0, 0x2b, 0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_2[] = {
- 0xc7, 0x31, 0xf2, 0xc8, 0x40, 0x43, 0xb8, 0x74,
- 0x8a, 0x61, 0x84, 0x7a, 0x25, 0x8a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_2[] = {
- 0x82, 0xf1, 0x84, 0x8c, 0xac, 0x42
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_2[] = {
- 0xb2, 0x26, 0x60, 0xaf, 0x08, 0x23, 0x14, 0x98,
- 0x91, 0xde, 0x5d, 0x87, 0x95, 0x61, 0xca, 0x8f,
- 0x0e, 0xce, 0xfb, 0x68, 0x4d, 0xd6, 0x28, 0xcb,
- 0x28, 0xe2, 0x27, 0x20, 0x2d, 0xff, 0x64, 0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_2[] = {
- 0x12, 0x6f, 0x52, 0xe8, 0x07, 0x7f, 0x07, 0x84,
- 0xa0, 0x61, 0x96, 0xf8, 0xee, 0x4d, 0x05, 0x57,
- 0x65, 0xc7, 0x50, 0xc1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_2[] = {
- 0x18, 0x5a, 0x59, 0xe5, 0x91, 0x4d, 0xc9, 0x6c,
- 0xfa, 0x5b, 0x36, 0x06, 0x8c, 0x9a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_2[] = {
- 0x31, 0x2d, 0x58, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_2[] = {
- 0x14, 0xf2, 0xc8, 0x25, 0x02, 0x79, 0x22, 0xa1,
- 0x96, 0xb6, 0xf7, 0x07, 0x76, 0xa6, 0xa3, 0xc4,
- 0x37, 0xdf, 0xa0, 0xf8, 0x78, 0x93, 0x2c, 0xfa,
- 0xea, 0x35, 0xf0, 0xf3, 0x3f, 0x32, 0x6e, 0xfd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_2[] = {
- 0x6e, 0x3d, 0x4a, 0x99, 0xea, 0x2f, 0x9d, 0x13,
- 0x4a, 0x1e, 0x71, 0x2e, 0x15, 0xc0, 0xca, 0xb6,
- 0x35, 0x78, 0xdf, 0xa4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_2[] = {
- 0xae, 0xe4, 0xec, 0x18, 0x31, 0x70, 0x5d, 0x3f,
- 0xdc, 0x97, 0x89, 0x88, 0xfd, 0xff
- };
- /* 128-bit key, kdrIdx = 8 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_3[] = {
- 0x36, 0xb4, 0xde, 0xcb, 0x2e, 0x51, 0x23, 0x76,
- 0xe0, 0x27, 0x7e, 0x3e, 0xc8, 0xf6, 0x54, 0x04
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_3[] = {
- 0x73, 0x26, 0xf4, 0x3f, 0xc0, 0xd9, 0xc6, 0xe3,
- 0x2f, 0x92, 0x7d, 0x46, 0x12, 0x76
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_3[] = {
- 0x44, 0x73, 0xb2, 0x2d, 0xb2, 0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_3[] = {
- 0x79, 0x91, 0x3d, 0x7b, 0x20, 0x5d, 0xea, 0xe2,
- 0xeb, 0x46, 0x89, 0x68, 0x5a, 0x06, 0x73, 0x74
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_3[] = {
- 0x2d, 0x2e, 0x97, 0x4e, 0x76, 0x8c, 0x62, 0xa6,
- 0x57, 0x80, 0x13, 0x42, 0x0b, 0x51, 0xa7, 0x66,
- 0xea, 0x31, 0x24, 0xe6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_3[] = {
- 0xcc, 0xd7, 0x31, 0xf6, 0x3b, 0xf3, 0x89, 0x8a,
- 0x5b, 0x7b, 0xb5, 0x8b, 0x4c, 0x3f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_3[] = {
- 0x4a, 0x7d, 0xaa, 0x85
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_3[] = {
- 0x34, 0x99, 0x71, 0xfe, 0x12, 0x93, 0xae, 0x8c,
- 0x4a, 0xe9, 0x84, 0xe4, 0x93, 0x53, 0x63, 0x88
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_3[] = {
- 0xa4, 0x53, 0x5e, 0x0a, 0x9c, 0xf2, 0xce, 0x13,
- 0xef, 0x7a, 0x13, 0xee, 0x0a, 0xef, 0xba, 0x17,
- 0x05, 0x18, 0xe3, 0xed
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_3[] = {
- 0xe1, 0x29, 0x4f, 0x61, 0x30, 0x3c, 0x4d, 0x46,
- 0x5f, 0x5c, 0x81, 0x3c, 0x38, 0xb6
- };
- /* SRTCP w/ 48-bit idx - KDR 0 (-1) */
- WOLFSSL_SMALL_STACK_STATIC const byte mk48_1[] = {
- 0xFF, 0xB6, 0xCB, 0x09, 0x71, 0x3F, 0x63, 0x4D,
- 0x7F, 0x42, 0xED, 0xA8, 0x12, 0x81, 0x50, 0xE6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ms48_1[] = {
- 0x1F, 0x04, 0x76, 0xC8, 0x7F, 0x58, 0x23, 0xEF,
- 0xD3, 0x57, 0xB2, 0xBD, 0xF1, 0x32
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_1[] = {
- 0x00, 0x00, 0x08, 0x56, 0xBC, 0x39
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_1[] = {
- 0xD2, 0xC3, 0xF3, 0x49, 0x00, 0x1A, 0x18, 0x0F,
- 0xB6, 0x05, 0x5A, 0x5A, 0x67, 0x8E, 0xE5, 0xB2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_1[] = {
- 0x8D, 0x54, 0xBE, 0xB5, 0x7B, 0x7F, 0x7A, 0xAB,
- 0xF5, 0x46, 0xCE, 0x5B, 0x45, 0x69, 0x4A, 0x75,
- 0x81, 0x2A, 0xE2, 0xCB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_1[] = {
- 0x76, 0x3C, 0x97, 0x6A, 0x45, 0x31, 0xA7, 0x79,
- 0x3C, 0x28, 0x4A, 0xA6, 0x82, 0x03
- };
- /* SRTCP w/ 48-bit idx - KDR 19 */
- WOLFSSL_SMALL_STACK_STATIC const byte mk48_2[] = {
- 0xBD, 0x1D, 0x71, 0x6B, 0xDA, 0x28, 0xE3, 0xFC,
- 0xA5, 0xA0, 0x66, 0x3F, 0x2E, 0x34, 0xA8, 0x58
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ms48_2[] = {
- 0x79, 0x06, 0xE5, 0xAB, 0x5C, 0x2B, 0x1B, 0x69,
- 0xFA, 0xEE, 0xD2, 0x29, 0x57, 0x3C
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_2[] = {
- 0x00, 0x00, 0x59, 0xD0, 0xC2, 0xE8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_2[] = {
- 0xB9, 0xD7, 0xAD, 0xD8, 0x90, 0x94, 0xC2, 0x92,
- 0xA5, 0x04, 0x87, 0xC4, 0x8C, 0xEF, 0xE2, 0xA3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_2[] = {
- 0x07, 0xD5, 0xC4, 0xD2, 0x06, 0xFB, 0x63, 0x15,
- 0xC2, 0x9C, 0x7F, 0x55, 0xD1, 0x16, 0x5C, 0xB5,
- 0xB7, 0x44, 0x54, 0xBD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_2[] = {
- 0x0C, 0x5E, 0x53, 0xC1, 0xD0, 0x75, 0xAD, 0x65,
- 0xBF, 0x51, 0x74, 0x50, 0x89, 0xD7
- };
- int kdr_48_1 = -1;
- int kdr_48_2 = 19;
- #define SRTP_TV_CNT 4
- Srtp_Kdf_Tv tv[SRTP_TV_CNT] = {
- { key_0, (word32)sizeof(key_0), salt_0, (word32)sizeof(salt_0), -1,
- index_0, ke_0, ka_0, ks_0, index_c_0, ke_c_0, ka_c_0, ks_c_0,
- 16, 20, 14 },
- { key_1, (word32)sizeof(key_1), salt_1, (word32)sizeof(salt_1), 0,
- index_1, ke_1, ka_1, ks_1, index_c_1, ke_c_1, ka_c_1, ks_c_1,
- 24, 20, 14 },
- { key_2, (word32)sizeof(key_2), salt_2, (word32)sizeof(salt_2), 1,
- index_2, ke_2, ka_2, ks_2, index_c_2, ke_c_2, ka_c_2, ks_c_2,
- 32, 20, 14 },
- { key_3, (word32)sizeof(key_3), salt_3, (word32)sizeof(salt_3), 8,
- index_3, ke_3, ka_3, ks_3, index_c_3, ke_c_3, ka_c_3, ks_c_3,
- 16, 20, 14 },
- };
- int i;
- int idx;
- unsigned char keyE[32];
- unsigned char keyA[20];
- unsigned char keyS[14];
- WOLFSSL_ENTER("srtpkdf_test");
- for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
- #ifndef WOLFSSL_AES_128
- if (tv[i].keySz == AES_128_KEY_SIZE) {
- continue;
- }
- #endif
- #ifndef WOLFSSL_AES_192
- if (tv[i].keySz == AES_192_KEY_SIZE) {
- continue;
- }
- #endif
- #ifndef WOLFSSL_AES_256
- if (tv[i].keySz == AES_256_KEY_SIZE) {
- continue;
- }
- #endif
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_ENCRYPTION,
- keyE, tv[i].keSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_MSG_AUTH,
- keyA, tv[i].kaSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_SALT, keyS,
- tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c,
- WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_MSG_AUTH,
- keyA, tv[i].kaSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_SALT,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef WOLFSSL_AES_128
- i = 0;
- #elif defined(WOLFSSL_AES_192)
- i = 1;
- #else
- i = 2;
- #endif
- ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- 25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- 25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, NULL, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, NULL, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, NULL, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- NULL, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- NULL, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- idx = wc_SRTP_KDF_kdr_to_idx(0);
- if (idx != -1)
- return WC_TEST_RET_ENC_NC;
- for (i = 0; i < 32; i++) {
- word32 kdr = 1U << i;
- idx = wc_SRTP_KDF_kdr_to_idx(kdr);
- if (idx != i)
- return WC_TEST_RET_ENC_NC;
- }
- /* SRTCP w/ 48-bit IDX, 128-bit key test */
- if (i == 0) {
- ret = wc_SRTCP_KDF_ex(mk48_1, (word32)sizeof(mk48_1),
- ms48_1, (word32)sizeof(ms48_1),
- kdr_48_1, srtcp48idx_1, keyE, tv[i].keSz,
- keyA, tv[i].kaSz, keyS, tv[i].ksSz,
- WC_SRTCP_48BIT_IDX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2),
- ms48_2, (word32)sizeof(ms48_2),
- kdr_48_2, srtcp48idx_2, keyE, tv[i].keSz,
- keyA, tv[i].kaSz, keyS, tv[i].ksSz,
- WC_SRTCP_48BIT_IDX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif
- #ifdef HAVE_ECC
- /* size to use for ECC key gen tests */
- #ifndef ECC_KEYGEN_SIZE
- #if !defined(NO_ECC256) || defined(WOLFSSL_SM2)
- #define ECC_KEYGEN_SIZE 32
- #elif defined(HAVE_ECC384)
- #define ECC_KEYGEN_SIZE 48
- #elif defined(HAVE_ECC224)
- #define ECC_KEYGEN_SIZE 28
- #elif defined(HAVE_ECC521)
- #define ECC_KEYGEN_SIZE 66
- #else
- #error No ECC keygen size defined for test
- #endif
- #endif
- #ifdef BENCH_EMBEDDED
- #define ECC_SHARED_SIZE 128
- #else
- #define ECC_SHARED_SIZE MAX_ECC_BYTES
- #endif
- #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
- #define HAVE_ECC_DETERMINISTIC_K
- #define ECC_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
- #else
- #define ECC_DIGEST_SIZE MAX_ECC_BYTES
- #endif
- #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
- #ifdef NO_ECC_SECP
- #define NO_ECC_VECTOR_TEST
- #endif
- #ifndef NO_ECC_VECTOR_TEST
- #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
- !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
- defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
- #define HAVE_ECC_VECTOR_TEST
- #endif
- #endif
- #ifdef HAVE_ECC_VECTOR_TEST
- typedef struct eccVector {
- const char* msg; /* SHA-1 Encoded Message */
- const char* Qx;
- const char* Qy;
- const char* d; /* Private Key */
- const char* R;
- const char* S;
- const char* curveName;
- word32 msgLen;
- word32 keySize;
- #ifndef NO_ASN
- const byte* r;
- word32 rSz;
- const byte* s;
- word32 sSz;
- #endif
- } eccVector;
- #if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
- {
- wc_test_ret_t ret = 0;
- int verify = 0;
- word32 sigSz;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- #endif
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
- WC_DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
- #endif
- WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- WC_ALLOC_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (sig == NULL)
- ERROR_OUT(MEMORY_E, done);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- if (sigRaw == NULL || r == NULL || s == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
- vector->d, vector->curveName);
- if (ret != 0)
- goto done;
- XMEMSET(sig, 0, ECC_SIG_SIZE);
- sigSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
- if (ret != 0)
- goto done;
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
- sigRawSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
- sigRaw, &sigRawSz);
- if (ret != 0)
- goto done;
- if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
- if (ret != 0)
- goto done;
- if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
- sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- #endif
- #ifdef HAVE_ECC_VERIFY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
- vector->msgLen, &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- if (verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- WC_FREE_VAR(sigRaw, HEAP_HINT);
- WC_FREE_VAR(r, HEAP_HINT);
- WC_FREE_VAR(s, HEAP_HINT);
- #endif
- WC_FREE_VAR(sig, HEAP_HINT);
- return ret;
- }
- static wc_test_ret_t ecc_test_vector(int keySize)
- {
- wc_test_ret_t ret;
- eccVector vec;
- XMEMSET(&vec, 0, sizeof(vec));
- vec.keySize = (word32)keySize;
- switch(keySize) {
- #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
- case 14:
- return 0;
- #endif /* HAVE_ECC112 */
- #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
- case 16:
- return 0;
- #endif /* HAVE_ECC128 */
- #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
- case 20:
- return 0;
- #endif /* HAVE_ECC160 */
- #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
- case 24:
- /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
- "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
- "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
- "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
- "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
- "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
- "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
- "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
- vec.msgLen = 128;
- #endif
- vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
- vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
- vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
- vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
- vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
- vec.curveName = "SECP192R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
- "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
- vec.rSz = 24;
- vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
- "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
- vec.sSz = 24;
- #endif
- break;
- #endif /* HAVE_ECC192 */
- #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- case 28:
- /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
- "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
- "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
- "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
- "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
- "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
- "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
- "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
- vec.msgLen = 128;
- #endif
- vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
- vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
- vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
- vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
- vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
- vec.curveName = "SECP224R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
- "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
- "\xbc\x16\x71\xa7";
- vec.rSz = 28;
- vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
- "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
- "\x6a\xf3\xad\x5b";
- vec.sSz = 28;
- #endif
- break;
- #endif /* HAVE_ECC224 */
- #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
- case 30:
- return 0;
- #endif /* HAVE_ECC239 */
- #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
- case 32:
- /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
- "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
- "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
- "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
- "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
- "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
- "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
- "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
- vec.msgLen = 128;
- #endif
- vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
- vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
- vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
- vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
- vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
- #ifndef NO_ASN
- vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
- "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
- "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
- vec.rSz = 32;
- vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
- "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
- "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
- vec.sSz = 32;
- #endif
- vec.curveName = "SECP256R1";
- break;
- #endif /* !NO_ECC256 */
- #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
- case 40:
- return 0;
- #endif /* HAVE_ECC320 */
- #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- case 48:
- /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
- "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
- "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
- "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
- "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
- "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
- "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
- "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
- vec.msgLen = 128;
- #endif
- vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
- vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
- vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
- vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
- vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
- vec.curveName = "SECP384R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
- "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
- "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
- "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
- vec.rSz = 48;
- vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
- "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
- "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
- "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
- vec.sSz = 48;
- #endif
- break;
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
- case 64:
- return 0;
- #endif /* HAVE_ECC512 */
- #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
- case 66:
- /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
- "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
- "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
- "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
- "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
- "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
- "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
- "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
- vec.msgLen = 128;
- #endif
- vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
- vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
- vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
- vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
- vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
- vec.curveName = "SECP521R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
- "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
- "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
- "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
- "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
- "\xa3\xbb\x15\x21\xbe";
- vec.rSz = 65;
- vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
- "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
- "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
- "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
- "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
- "\x3d\x22\xf2\x48\x0c";
- vec.sSz = 65;
- #endif
- break;
- #endif /* HAVE_ECC521 */
- default:
- return NOT_COMPILED_IN; /* Invalid key size / Not supported */
- }; /* Switch */
- ret = ecc_test_vector_item(&vec);
- if (ret < 0) {
- return ret;
- }
- return 0;
- }
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
- defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
- && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
- #if defined(HAVE_ECC256)
- static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = NULL;
- #else
- ecc_key key[1];
- #endif
- int key_inited = 0;
- byte sig[72];
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
- unsigned char hash[32];
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
- "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
- "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
- "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
- WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = {
- 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
- 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
- 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
- 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E,
- 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00,
- 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41,
- 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
- 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06,
- 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- return MEMORY_E;
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- goto done;
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(key, 1);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- if (sigSz != sizeof(expSig)) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- if (XMEMCMP(sig, expSig, sigSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- done:
- if (key_inited)
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- #if defined(HAVE_ECC384)
- /* KAT from RFC6979 */
- static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key;
- mp_int *r, *s, *expR, *expS;
- #else
- ecc_key key[1];
- mp_int r[1], s[1], expR[1], expS[1];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
- unsigned char hash[32];
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
- "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
- "96D5724E4C70A825F872C9EA60D2EDF5";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
- "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64"
- "DEF8F0EA9055866064A254515480BC13";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
- "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
- "288B231C3AE0D4FE7344FD2533264720";
- WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
- "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
- "BDE1E888E63355D92FA2B3C36D8FB2CD";
- WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
- "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
- "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
- #ifdef WOLFSSL_SMALL_STACK
- key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((key == NULL) ||
- (r == NULL) ||
- (s == NULL) ||
- (expR == NULL) ||
- (expS == NULL))
- {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
- if (ret != MP_OKAY) {
- goto done;
- }
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- goto done;
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(key, 1);
- if (ret != 0) {
- goto done;
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- mp_read_radix(expR, expRstr, MP_RADIX_HEX);
- mp_read_radix(expS, expSstr, MP_RADIX_HEX);
- if (mp_cmp(r, expR) != MP_EQ) {
- ret = WC_TEST_RET_ENC_NC;
- }
- done:
- if (key_inited)
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (r != NULL)
- XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (s != NULL)
- XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expR != NULL)
- XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expS != NULL)
- XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC521)
- /* KAT from RFC6979 */
- static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key;
- mp_int *r, *s, *expR, *expS;
- #else
- ecc_key key[1];
- mp_int r[1], s[1], expR[1], expS[1];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
- unsigned char hash[32];
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
- "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
- "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
- "538";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
- "1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3"
- "71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502"
- "3A4";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
- "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
- "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
- "CF5";
- WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
- "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
- "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
- "1A7";
- WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
- "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
- "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
- "CFC";
- #ifdef WOLFSSL_SMALL_STACK
- key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((key == NULL) ||
- (r == NULL) ||
- (s == NULL) ||
- (expR == NULL) ||
- (expS == NULL))
- {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
- if (ret != MP_OKAY) {
- goto done;
- }
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(key, 1);
- if (ret != 0) {
- goto done;
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- mp_read_radix(expR, expRstr, MP_RADIX_HEX);
- mp_read_radix(expS, expSstr, MP_RADIX_HEX);
- if (mp_cmp(r, expR) != MP_EQ) {
- ret = WC_TEST_RET_ENC_NC;
- }
- done:
- if (key_inited)
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (r != NULL)
- XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (s != NULL)
- XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expR != NULL)
- XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expS != NULL)
- XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC521 */
- #endif /* WOLFSSL_PUBLIC_MP */
- #endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K ||
- WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
- && (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
- !defined(WOLFSSL_KCAPI_ECC)
- static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = NULL;
- #else
- ecc_key key[1];
- #endif
- int key_inited = 0;
- byte sig[72];
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char hash[32] = "test wolfSSL deterministic sign";
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- WOLFSSL_SMALL_STACK_STATIC const byte k[1] = { 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte expSig[71] = {
- 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
- 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
- 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
- 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
- 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
- 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
- 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
- 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
- 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return MEMORY_E;
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- goto done;
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0) {
- goto done;
- }
- #if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
- && (HAVE_FIPS_VERSION > 2)))
- wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
- #endif
- ret = wc_ecc_sign_set_k(k, sizeof(k), key);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- if (sigSz != sizeof(expSig)) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- if (XMEMCMP(sig, expSig, sigSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- done:
- if (key_inited)
- wc_ecc_free(key);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_DHE)
- static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key pub_key[1], priv_key[1];
- #endif
- byte sharedA[32] = {0}, sharedB[32] = {0};
- word32 x, z;
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((pub_key == NULL) ||
- (priv_key == NULL)) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(pub_key, 0, sizeof *pub_key);
- XMEMSET(priv_key, 0, sizeof *priv_key);
- /* setup private and public keys */
- ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
- ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0)
- goto done;
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(priv_key, rng);
- if (ret != 0)
- goto done;
- #else
- (void)rng;
- #endif
- /* compute ECC Cofactor shared secret */
- x = sizeof(sharedA);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- /* read in expected Z */
- z = sizeof(sharedB);
- ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
- if (ret != 0)
- goto done;
- /* compare results */
- if (x != z || XMEMCMP(sharedA, sharedB, x)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (priv_key) {
- wc_ecc_free(priv_key);
- XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub_key) {
- wc_ecc_free(pub_key);
- XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(priv_key);
- wc_ecc_free(pub_key);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_CDH && HAVE_ECC_DHE */
- #endif /* HAVE_ECC_VECTOR_TEST */
- #ifdef HAVE_ECC_KEY_IMPORT
- /* returns 0 on success */
- static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ecc_key pub[1];
- #endif
- byte exportBuf[ECC_BUFSIZE];
- byte tmp[ECC_BUFSIZE];
- #endif
- const byte* msg = (const byte*)"test wolfSSL ECC public gen";
- word32 x;
- word32 tmpSz;
- wc_test_ret_t ret = 0;
- ecc_point* pubPoint = NULL;
- #ifdef HAVE_ECC_VERIFY
- int verify = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key == NULL) ||
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- (pub == NULL) ||
- #endif
- (exportBuf == NULL) ||
- (tmp == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- (void)msg;
- (void)verify;
- (void)exportBuf;
- (void)rng;
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- #ifndef NO_ECC256
- #if defined(USE_CERT_BUFFERS_256)
- {
- XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
- tmpSz = (size_t)sizeof_ecc_key_der_256;
- }
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(eccKeyDerFile, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
- XFCLOSE(file);
- if (tmpSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- {
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(2)");
- ERROR_OUT(ASN_PARSE_E, done);
- }
- #endif /* USE_CERT_BUFFERS_256 */
- /* import private only then test with */
- ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- x = 0;
- ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- ret = wc_ecc_make_pub(NULL, NULL);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- TEST_SLEEP();
- #ifndef WOLFSSL_NO_MALLOC
- pubPoint = wc_ecc_new_point_h(HEAP_HINT);
- if (pubPoint == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #if !defined(WOLFSSL_CRYPTOCELL)
- ret = wc_ecc_make_pub(key, pubPoint);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* export should still fail, is private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* !WOLFSSL_NO_MALLOC */
- #endif /* !NO_ECC256 */
- /* create a new key since above test for loading key is not supported */
- #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
- defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
- (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K)
- tmpSz = ECC_BUFSIZE;
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
- &tmpSz, rng, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- /* try verify with private only key */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
- (word32)XSTRLEN((const char*)msg), &verify, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* exporting the public part should now work */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- /* now test private only key with creating a shared secret */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SE050)
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* check that public export fails with private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* WOLFSSL_QNX_CAAM */
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- /* make public key for shared secret */
- wc_ecc_init_ex(pub, HEAP_HINT, devId);
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
- #ifdef HAVE_ECC_CDH
- wc_ecc_set_flags(key, WC_ECC_FLAG_COFACTOR);
- #endif
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- goto done;
- #endif
- x = ECC_BUFSIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
- }
- } while (ret == WC_PENDING_E);
- wc_ecc_free(pub);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- ret = 0;
- done:
- wc_ecc_del_point_h(pubPoint, HEAP_HINT);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- if (pub != NULL)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (exportBuf != NULL)
- XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key eccKey[1];
- byte tmpBuf[ECC_BUFSIZE];
- #endif
- word32 tmpSz;
- word32 idx;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((eccKey == NULL) || (tmpBuf == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_make_key(rng, keySize, eccKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- goto done;
- }
- tmpSz = ECC_BUFSIZE;
- ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
- wc_ecc_free(eccKey);
- if (ret < 0) {
- goto done;
- }
- tmpSz = (word32)ret;
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- wc_ecc_free(eccKey);
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- ret = 0;
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (eccKey != NULL) {
- wc_ecc_free(eccKey);
- XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmpBuf != NULL)
- XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(eccKey);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize)
- {
- wc_test_ret_t ret = 0;
- int derSz;
- #ifdef HAVE_PKCS8
- word32 pkcs8Sz;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte der[ECC_BUFSIZE];
- ecc_key userA[1];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((der == NULL) || (userA == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_make_key(rng, keySize, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
- ECC_PRIVATEKEY_TYPE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* test export of public key */
- derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- if (derSz == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #ifdef HAVE_COMP_KEY
- /* test export of compressed public key */
- derSz = wc_EccPublicKeyToDer_ex(userA, der, ECC_BUFSIZE, 1, 1);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- if (derSz == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_PKCS8
- /* test export of PKCS#8 unencrypted private key */
- pkcs8Sz = FOURK_BUF;
- derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- if (derSz == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0);
- if (ret != 0) {
- goto done;
- }
- #endif /* HAVE_PKCS8 */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (der != NULL)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
- int curve_id, const ecc_set_type* dp)
- {
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- word32 y;
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
- WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- word32 x = 0;
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
- defined(HAVE_ECC_SIGN)
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- int i;
- #ifdef HAVE_ECC_VERIFY
- int verify;
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- ecc_key pubKey[1];
- #endif
- #ifndef WC_NO_RNG
- int curveSize;
- #endif
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
- defined(HAVE_ECC_SIGN)
- WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- if (sharedA == NULL || sharedB == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- if (exportBuf == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
- defined(HAVE_ECC_SIGN)
- if (sig == NULL || digest == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- (void)testVerifyCount;
- (void)dp;
- (void)x;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((userA == NULL) ||
- (userB == NULL) ||
- (pubKey == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- XMEMSET(pubKey, 0, sizeof *pubKey);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(userA, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_custom_curve(userB, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #ifdef WOLF_CRYPTO_CB_ONLY_ECC
- if (ret == NO_VALID_DEVID) {
- ret = 0;
- goto done; /* no software case */
- }
- #endif
- if (ret == ECC_CURVE_OID_E)
- goto done; /* catch case, where curve is not supported */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- if (wc_ecc_get_curve_idx(curve_id) != -1) {
- curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
- if (curveSize != userA->dp->size)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- /* ATECC508/608 configuration may not support more than one ECDH key */
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- /* only perform the below tests if the key size matches */
- if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
- /* Not an error, just not a key size match */
- WARNING_OUT(ECC_CURVE_OID_E, done);
- #ifdef HAVE_ECC_DHE
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (y != x)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_CDH
- /* add cofactor flag */
- wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (y != x)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- /* remove cofactor flag */
- wc_ecc_set_flags(userA, 0);
- wc_ecc_set_flags(userB, 0);
- #endif /* HAVE_ECC_CDH */
- #endif /* HAVE_ECC_DHE */
- #endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_KEY_IMPORT
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_COMP_KEY
- /* try compressed export / import too */
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- wc_ecc_free(pubKey);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #endif /* HAVE_COMP_KEY */
- #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #endif /* HAVE_ECC_KEY_EXPORT */
- /* For KCAPI cannot sign using generated ECDH key */
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
- #ifdef HAVE_ECC_SIGN
- /* ECC w/out Shamir has issue with all 0 digest */
- /* WC_BIGINT doesn't have 0 len well on hardware */
- /* Cryptocell has issues with all 0 digest */
- #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
- !defined(WOLFSSL_CRYPTOCELL)
- /* test DSA sign hash with zeros */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = 0;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
- /* test DSA sign hash with sequence (0,1,2,3,4,...) */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = (byte)i;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT &&
- * !WC_NO_RNG && !WOLFSSL_KCAPI_ECC) */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_KCAPI_ECC)
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_private_only(userA, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #elif defined(HAVE_ECC_KEY_EXPORT)
- (void)exportBuf;
- #endif /* HAVE_ECC_KEY_EXPORT */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pubKey != NULL) {
- wc_ecc_free(pubKey);
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(pubKey);
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
- WC_FREE_VAR(sharedA, HEAP_HINT);
- WC_FREE_VAR(sharedB, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_FREE_VAR(exportBuf, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(digest, HEAP_HINT);
- #endif
- (void)keySize;
- (void)curve_id;
- (void)rng;
- return ret;
- }
- #undef ECC_TEST_VERIFY_COUNT
- #define ECC_TEST_VERIFY_COUNT 2
- static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
- {
- wc_test_ret_t ret;
- WOLFSSL_MSG_EX("ecc_test_curve keySize = %d", keySize);
- #if FIPS_VERSION3_GE(6,0,0)
- #ifdef DEBUG_WOLFSSL
- printf("keySize is %d\n", keySize);
- #endif
- if (keySize < WC_ECC_FIPS_GEN_MIN) {
- goto skip_A;
- }
- #endif
- ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
- NULL);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- /* some curve sizes are only available with:
- HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
- and HAVE_ECC_KOBLITZ */
- }
- else {
- printf("ecc_test_curve_size %d failed!\n", keySize);
- return ret;
- }
- }
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- #if FIPS_VERSION3_GE(6,0,0)
- skip_A:
- #endif
- #ifdef HAVE_ECC_VECTOR_TEST
- ret = ecc_test_vector(keySize);
- if (ret < 0) {
- printf("ecc_test_vector %d failed!\n", keySize);
- return ret;
- }
- #endif
- #if FIPS_VERSION3_GE(6,0,0)
- if (keySize < WC_ECC_FIPS_GEN_MIN) {
- goto skip_B;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_decode(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_decode %d failed!\n", keySize);
- return ret;
- }
- }
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_gen(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_gen %d failed!\n", keySize);
- return ret;
- }
- }
- #endif
- #if FIPS_VERSION3_GE(6,0,0)
- skip_B:
- #endif
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- return 0;
- }
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_point_test(void)
- {
- wc_test_ret_t ret;
- ecc_point* point;
- ecc_point* point2;
- #ifdef HAVE_COMP_KEY
- ecc_point* point3;
- ecc_point* point4;
- #endif
- word32 outLen;
- byte out[65];
- byte der[] = { 0x04, /* = Uncompressed */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- byte derComp0[] = { 0x02, /* = Compressed, y even */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- byte derComp1[] = { 0x03, /* = Compressed, y odd */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #endif
- byte altDer[] = { 0x04, /* = Uncompressed */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
- int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
- /* if curve P256 is not enabled then test should not fail */
- if (curve_idx == ECC_CURVE_INVALID)
- return 0;
- outLen = sizeof(out);
- point = wc_ecc_new_point();
- if (point == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- point2 = wc_ecc_new_point();
- if (point2 == NULL) {
- wc_ecc_del_point(point);
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef HAVE_COMP_KEY
- point3 = wc_ecc_new_point();
- if (point3 == NULL) {
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return WC_TEST_RET_ENC_NC;
- }
- point4 = wc_ecc_new_point();
- if (point4 == NULL) {
- wc_ecc_del_point(point3);
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- /* Parameter Validation testing. */
- wc_ecc_del_point(NULL);
- ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(-1, point, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
- if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- outLen = 0;
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != BUFFER_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, point2);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_copy_point(point, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, point2);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Use API. */
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- outLen = sizeof(out);
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (outLen != sizeof(der)) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- if (XMEMCMP(out, der, outLen) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- ret = wc_ecc_copy_point(point2, point);
- if (ret != MP_OKAY) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_EQ) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_GT) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- done:
- #ifdef HAVE_COMP_KEY
- wc_ecc_del_point(point4);
- wc_ecc_del_point(point3);
- #endif
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return ret;
- }
- #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
- {
- wc_test_ret_t ret;
- word32 sigSz;
- int size;
- byte out[ECC_MAX_SIG_SIZE];
- byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- size = wc_ecc_sig_size(key);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
- if (ret != size)
- return WC_TEST_RET_ENC_NC;
- sigSz = (word32)ret;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- return 0;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
- {
- wc_test_ret_t ret;
- int curve_id;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key keyImp[1];
- #endif
- byte priv[32];
- word32 privLen;
- byte pub[65*2];
- word32 pubLen, pubLenX, pubLenY;
- const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
- "ce46cbc947616d0cbaa82323818a793d";
- const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
- "922f8b30ea6e8811742ac7238fe87308";
- const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
- "2e7a493ec1153b3a95feb8a4873f8d08";
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (keyImp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- privLen = sizeof(priv);
- ret = wc_ecc_export_private_only(key, priv, &privLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- pubLen = sizeof(pub);
- ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- curve_id = wc_ecc_get_curve_id(key->idx);
- if (curve_id < 0) {
- ret = WC_TEST_RET_ENC_EC(curve_id);
- goto done;
- }
- /* test import private only */
- ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
- curve_id);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export public raw */
- pubLenX = pubLenY = 32;
- ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export private and public raw */
- pubLenX = pubLenY = privLen = 32;
- ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
- priv, &privLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of private and public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (keyImp != NULL) {
- wc_ecc_free(keyImp);
- XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(keyImp);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key2[1];
- ecc_key key3[1];
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- mp_int* priv;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key2 == NULL) || (key3 == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key2, HEAP_HINT, devId);
- wc_ecc_init_ex(key3, HEAP_HINT, devId);
- /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
- /* Need base point (Gx,Gy) and parameter A - load them as the public and
- * private key in key2.
- */
- ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
- ECC_SECP256R1);
- if (ret != 0)
- goto done;
- /* Need a point (Gx,Gy) and prime - load them as the public and private key
- * in key3.
- */
- ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
- key1->dp->prime, ECC_SECP256R1);
- if (ret != 0)
- goto done;
- ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
- wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
- 1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifdef WOLFSSL_PUBLIC_MP
- priv = wc_ecc_key_get_priv(key1);
- mp_zero(priv);
- ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
- wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
- 1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key2 != NULL) {
- wc_ecc_free(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key3 != NULL) {
- wc_ecc_free(key3);
- XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key3);
- wc_ecc_free(key2);
- #endif
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
- !defined(WOLFSSL_CRYPTOCELL)
- static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- byte out[128];
- word32 outLen = sizeof(out);
- /* Parameter Validation testing. */
- ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- (void)rng;
- #endif
- /* Use API. */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- return 0;
- }
- #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
- static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- #if !defined(NO_ECC_SECP) && \
- ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
- (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
- word32 idx = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- /* Use API */
- ret = wc_ecc_set_flags(NULL, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_set_flags(key, 0);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- goto done;
- }
- #ifndef NO_SIG_WRAPPER
- ret = ecc_sig_test(rng, key);
- if (ret < 0)
- goto done;
- #endif
- TEST_SLEEP();
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_ssh_test(key, rng);
- if (ret < 0)
- goto done;
- #endif
- wc_ecc_free(key);
- #else
- (void)rng;
- #endif /* !WC_NO_RNG */
- #if !defined(NO_ECC_SECP) && \
- ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
- (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
- /* Use test ECC key - ensure real private "d" exists */
- #if defined(USE_CERT_BUFFERS_256)
- {
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- sizeof_ecc_key_der_256);
- }
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(eccKeyDerFile, "rb");
- byte der[128];
- word32 derSz;
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- derSz = (word32)XFREAD(der, 1, sizeof(der), file);
- XFCLOSE(file);
- if (derSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
- }
- #else
- {
- (void)idx;
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(3)");
- ERROR_OUT(ASN_PARSE_E, done);
- }
- #endif
- if (ret != 0) {
- goto done;
- }
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
- ret = ecc_exp_imp_test(key);
- if (ret < 0)
- goto done;
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
- !defined(WOLFSSL_CRYPTOCELL)
- ret = ecc_mulmod_test(key);
- if (ret < 0)
- goto done;
- #endif
- #endif
- #else
- (void)rng;
- (void)idx;
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- done:
- wc_ecc_free(key);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- return ret;
- }
- #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
- #if defined(WOLFSSL_CERT_EXT) && \
- (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- static wc_test_ret_t ecc_decode_test(void)
- {
- wc_test_ret_t ret;
- word32 inSz;
- word32 inOutIdx;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
- /* This is ecc_clikeypub_der_256. */
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
- 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
- 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
- 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
- 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
- 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
- 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
- 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
- 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
- 0xb4 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
- 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
- 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
- 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x00, 0x04, 0x01 };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- XMEMSET(key, 0, sizeof *key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- inSz = sizeof(good);
- ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Change offset to produce bad input data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 4;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Bad data. */
- inSz = sizeof(badNoObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badOneObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badObjId1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badObj2d1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNotBitStr);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
- if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badBitStrLen);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNoBitStrZero);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
- if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badPoint);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
- if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_CUSTOM_CURVES
- static const byte eccKeyExplicitCurve[] = {
- 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
- 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
- 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
- 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
- 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
- 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
- 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
- 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
- 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
- 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
- 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
- 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
- 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
- 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
- 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
- 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
- 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
- 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
- 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
- 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
- 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
- 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
- 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
- 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
- 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
- };
- static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- word32 inOutIdx;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* test use of custom curve - using BRAINPOOLP256R1 for test */
- #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
- };
- #define ecc_oid_brainpoolp256r1_sz \
- (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
- #else
- #define ecc_oid_brainpoolp256r1 { \
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
- }
- #define ecc_oid_brainpoolp256r1_sz 9
- #endif
- #define ecc_oid_brainpoolp256r1_sum 104
- WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
- 32, /* size/bytes */
- ECC_CURVE_CUSTOM, /* ID */
- "BRAINPOOLP256R1", /* curve name */
- "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
- "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
- "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
- "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
- "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
- "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
- ecc_oid_brainpoolp256r1, /* oid/oidSz */
- ecc_oid_brainpoolp256r1_sz,
- ecc_oid_brainpoolp256r1_sum, /* oid sum */
- 1, /* cofactor */
- };
- #endif /* HAVE_ECC_BRAINPOOL */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (! key) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(key, 0, sizeof *key);
- #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
- &ecc_dp_brainpool256r1);
- if (ret != 0) {
- printf("ECC test for custom curve failed!\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
- {
- int curve_id;
- #ifdef HAVE_ECC_BRAINPOOL
- curve_id = ECC_BRAINPOOLP256R1;
- #else
- curve_id = ECC_SECP256K1;
- #endif
- /* Test and demonstrate use of non-SECP curve */
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
- if (ret < 0) {
- printf("ECC test for curve_id %d failed!\n", curve_id);
- goto done;
- }
- }
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
- sizeof(eccKeyExplicitCurve));
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- (void)rng;
- return ret;
- }
- #endif /* WOLFSSL_CUSTOM_CURVES */
- #ifdef WOLFSSL_SM2
- #ifdef HAVE_ECC_VERIFY
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
- #ifdef HAVE_OID_ENCODING
- #define CODED_SM2P256V1 {1,2,156,10197,1,301}
- #define CODED_SM2P256V1_SZ 6
- #else
- #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
- #define CODED_SM2P256V1_SZ 10
- #endif
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
- #else
- #define ecc_oid_sm2p256v1 CODED_SM2P256V1
- #endif
- #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
- #define ECC_SM2P256V1_TEST 102
- static int test_sm2_verify_caseA2(void)
- {
- ecc_key key;
- int ret, res;
- mp_int r,s;
- /* test key values */
- const char qx[] = "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A";
- const char qy[] = "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857";
- const char d[] = "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263";
- const ecc_set_type ecc_sm2_A2 = {
- 32, /* size/bytes */
- ECC_SM2P256V1_TEST, /* ID */
- "SM2P256V1_TEST", /* curve name */
- /* from test case A.2 in draft-shen-sm2-ecdsa-02 */
- "8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", /* prime */
- "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", /* A */
- "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", /* B */
- "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", /* order n */
- "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", /* Gx */
- "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", /* Gy */
- ecc_oid_sm2p256v1, /* oid/oidSz */
- ecc_oid_sm2p256v1_sz,
- ECC_SM2P256V1_OID, /* oid sum */
- 1, /* cofactor */
- };
- /* use canned hash value hash = H(ZA||M) */
- const byte hash[] = {
- 0xB5,0x24,0xF5,0x52,0xCD,0x82,0xB8,0xB0,
- 0x28,0x47,0x6E,0x00,0x5C,0x37,0x7F,0xB1,
- 0x9A,0x87,0xE6,0xFC,0x68,0x2D,0x48,0xBB,
- 0x5D,0x42,0xE3,0xD9,0xB9,0xEF,0xFE,0x76
- };
- /* canned r and s */
- const byte rCan[] = {
- 0x40,0xF1,0xEC,0x59,0xF7,0x93,0xD9,0xF4,
- 0x9E,0x09,0xDC,0xEF,0x49,0x13,0x0D,0x41,
- 0x94,0xF7,0x9F,0xB1,0xEE,0xD2,0xCA,0xA5,
- 0x5B,0xAC,0xDB,0x49,0xC4,0xE7,0x55,0xD1
- };
- const byte sCan[] = {
- 0x6F,0xC6,0xDA,0xC3,0x2C,0x5D,0x5C,0xF1,
- 0x0C,0x77,0xDF,0xB2,0x0F,0x7C,0x2E,0xB6,
- 0x67,0xA4,0x57,0x87,0x2F,0xB0,0x9E,0xC5,
- 0x63,0x27,0xA6,0x7E,0xC7,0xDE,0xEB,0xE7
- };
- mp_init(&r);
- mp_init(&s);
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_custom_curve(&key, &ecc_sm2_A2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_import_raw_ex(&key, qx, qy, d, ECC_SM2P256V1_TEST);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- mp_read_unsigned_bin(&r, rCan, sizeof(rCan));
- mp_read_unsigned_bin(&s, sCan, sizeof(sCan));
- ret = wc_ecc_sm2_verify_hash_ex(&r, &s, hash, sizeof(hash), &res, &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (res != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- done:
- mp_free(&r);
- mp_free(&s);
- wc_ecc_free(&key);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP && WOLFSSL_CUSTOM_CURVES */
- static int test_sm2_verify_case(void)
- {
- ecc_key key;
- int ret, res;
- /* test key values */
- const char qx[] = "637F1B135036C933DC3F7A8EBB1B7B2FD1DFBD268D4F894B5AD47DBDBECD558F";
- const char qy[] = "E88101D08048E36CCBF61CA38DDF7ABA542B4486E99E49F3A7470A857A096433";
- /* use canned hash value hash = H(ZA||M) */
- const byte hash[] = {
- 0x3B,0xFA,0x5F,0xFB,0xC4,0x27,0x8C,0x9D,
- 0x02,0x3A,0x19,0xCB,0x1E,0xAA,0xD2,0xF1,
- 0x50,0x69,0x5B,0x20
- };
- const byte sig[] = {
- 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
- 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
- 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
- 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
- 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
- 0xB5,0xB5,0xD9,0xD8,0xF1,0x20,0xDD,0x97,
- 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
- 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
- 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
- };
- const byte badSig[] = {
- 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
- 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
- 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
- 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
- 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
- 0xB5,0xB5,0xE9,0xD8,0xF1,0x20,0xDD,0x97,
- 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
- 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
- 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
- };
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_import_raw(&key, qx, qy, NULL, "SM2P256V1");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), &res,
- &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (res != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- /* now test a case that should fail */
- ret = wc_ecc_sm2_verify_hash(badSig, sizeof(badSig), hash, sizeof(hash),
- &res, &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (res == 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- done:
- wc_ecc_free(&key);
- return ret;
- }
- static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
- {
- const ecc_set_type* dp = wc_ecc_get_curve_params(
- wc_ecc_get_curve_idx(ECC_SM2P256V1));
- int keySize = 32;
- int curve_id = ECC_SM2P256V1;
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
- WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- word32 x = 0;
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- word32 y;
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- int i;
- int verify;
- #endif /* HAVE_ECC_SIGN */
- int ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- ecc_key pubKey[1];
- #endif
- #ifndef WC_NO_RNG
- int curveSize;
- #endif
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- if (sharedA == NULL || sharedB == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- if (exportBuf == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #ifdef HAVE_ECC_SIGN
- if (sig == NULL || digest == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- (void)testVerifyCount;
- (void)dp;
- (void)x;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((userA == NULL) ||
- (userB == NULL) ||
- (pubKey == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- XMEMSET(pubKey, 0, sizeof *pubKey);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef WC_NO_RNG
- ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE);
- if (ret == ECC_CURVE_OID_E)
- goto done; /* catch case, where curve is not supported */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- if (wc_ecc_get_curve_idx(curve_id) != -1) {
- curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
- if (curveSize != userA->dp->size) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- }
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- ret = wc_ecc_sm2_make_key(rng, userB, WC_ECC_FLAG_NONE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* only perform the below tests if the key size matches */
- if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
- if (ret != 0) {
- ret = ECC_CURVE_OID_E;
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #ifdef HAVE_ECC_DHE
- #if defined(ECC_TIMING_RESISTANT)
- ret = wc_ecc_set_rng(userA, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- x = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userA, userB, sharedA, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- y = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userB, userA, sharedB, &y);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (y != x)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_KEY_IMPORT
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_COMP_KEY
- /* try compressed export / import too */
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- wc_ecc_free(pubKey);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* HAVE_ECC_DHE */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* !WC_NO_RNG */
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG))
- #ifdef HAVE_ECC_SIGN
- /* ECC w/out Shamir has issue with all 0 digest */
- /* WC_BIGINT doesn't have 0 len well on hardware */
- /* Cryptocell has issues with all 0 digest */
- #if defined(ECC_SHAMIR)
- /* test DSA sign hash with zeros */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = 0;
- }
- x = ECC_SIG_SIZE;
- ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- for (i = 0; i < testVerifyCount; i++) {
- verify = 0;
- ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
- userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* ECC_SHAMIR */
- /* test DSA sign hash with sequence (0,1,2,3,4,...) */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = (byte)i;
- }
- x = ECC_SIG_SIZE;
- ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- for (i = 0; i < testVerifyCount; i++) {
- verify = 0;
- ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
- userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* HAVE_ECC_SIGN */
- #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_private_only(userA, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #elif defined(HAVE_ECC_KEY_EXPORT)
- (void)exportBuf;
- #endif /* HAVE_ECC_KEY_EXPORT */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pubKey != NULL) {
- wc_ecc_free(pubKey);
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(pubKey);
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
- WC_FREE_VAR(sharedA, HEAP_HINT);
- WC_FREE_VAR(sharedB, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_FREE_VAR(exportBuf, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(digest, HEAP_HINT);
- #endif
- (void)keySize;
- (void)curve_id;
- (void)rng;
- return ret;
- }
- #endif /* HAVE_ECC_VERIFY */
- static int test_sm2_create_digest(void)
- {
- const byte msg[] = "message to sign";
- const byte id[] = "0123456789";
- const byte badId[] = "0123556789";
- byte expected[] = {
- 0xdd, 0x4d, 0x65, 0x49, 0xa3, 0x64, 0x76, 0xc0,
- 0x73, 0x05, 0xdc, 0x05, 0x16, 0xb5, 0xee, 0x9f,
- 0x82, 0xf9, 0xe9, 0x7d, 0x01, 0x1a, 0xdc, 0x88,
- 0x5a, 0x59, 0x9c, 0x44, 0xcc, 0x47, 0xa4, 0x78
- };
- ecc_key key;
- int ret;
- /* test key values */
- const char qx[] =
- "af178b7b8740cc9d5b493fbd22049c12621bc27dcc5802e75ff4d045a4158baf";
- const char qy[] =
- "89933faf7a4798f48c5b9b4cd3a7693d54c9e05449946eb489c0dd50a5294805";
- const char d[] =
- "b3e66c2dbfb50c6ff6830c1fac4b51293a2562f9e667052b03df2d4b43c1f34a";
- byte digest[WC_SHA256_DIGEST_SIZE];
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_import_raw(&key, qx, qy, d, "SM2P256V1");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_sm2_create_digest(id, (int)XSTRLEN((const char*)id),
- msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
- WC_SHA256_DIGEST_SIZE, &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- ret = wc_ecc_sm2_create_digest(badId, (int)XSTRLEN((const char*)badId),
- msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
- WC_SHA256_DIGEST_SIZE, &key);
- if (ret != 0)
- goto done;
- /* should be different than the previous ID used */
- if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- done:
- wc_ecc_free(&key);
- return ret;
- }
- static int test_sm2_verify(void)
- {
- int ret = 0;
- #ifdef HAVE_ECC_VERIFY
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
- ret = test_sm2_verify_caseA2();
- if (ret != 0)
- return ret;
- #endif
- ret = test_sm2_verify_case();
- if (ret != 0)
- return ret;
- #endif /* HAVE_ECC_VERIFY */
- ret = test_sm2_create_digest();
- return ret;
- }
- #endif /* WOLFSSL_SM2 */
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
- /* Make Cert / Sign example for ECC cert and ECC CA */
- static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- Cert myCert[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- ecc_key caEccKey[1];
- ecc_key certPubKey[1];
- #endif
- int certSz;
- size_t bytes = 0;
- word32 idx = 0;
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* der = NULL;
- #else
- byte der[FOURK_BUF];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((myCert == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- || (caEccKey == NULL) || (certPubKey == NULL))
- ERROR_OUT(MEMORY_E, exit);
- #endif
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(certPubKey, 0, sizeof *certPubKey);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- #endif
- /* Get cert private key */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Get Cert Key 384 */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
- bytes = sizeof_ca_ecc_key_der_384;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(eccCaKey384File, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- (void)eccCaKeyFile;
- #else
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(4)");
- ERROR_OUT(ASN_PARSE_E, exit);
- #endif /* USE_CERT_BUFFERS_256 */
- /* end if ENABLE_ECC384_CERT_GEN_TEST */
- #else
- /* !ENABLE_ECC384_CERT_GEN_TEST */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
- bytes = sizeof_ca_ecc_key_der_256;
- #else
- file = XFOPEN(eccCaKeyFile, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaKey384File;
- #endif
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- /* Get CA Key */
- ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Make a public key */
- ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- TEST_SLEEP();
- /* Setup Certificate */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wECDSA;
- #else
- myCert->sigType = CTC_SHAwECDSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* add AKID from the Public Key */
- ret = wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert, certKeyUsage);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
- sizeof_ca_ecc_cert_der_384);
- #elif !defined(NO_FILESYSTEM)
- ret = wc_SetIssuer(myCert, eccCaCert384File);
- (void)eccCaCertFile;
- #else
- /* not testing with embedded, no file system target */
- ERROR_OUT(ASN_PARSE_E, exit);
- #endif /* USE_CERT_BUFFERS_256 */
- #else
- /* not ENABLE_ECC384_CERT_GEN_TEST */
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
- sizeof_ca_ecc_cert_der_256);
- #else
- ret = wc_SetIssuer(myCert, eccCaCertFile);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaCert384File;
- #endif
- #endif
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
- if (certSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, NULL, caEccKey, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- certSz = (int)ret;
- TEST_SLEEP();
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit;
- }
- exit:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (myCert != NULL)
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (certPubKey != NULL) {
- wc_ecc_free(certPubKey);
- XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(certPubKey);
- wc_ecc_free(caEccKey);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
- (!defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES))
- /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
- static wc_test_ret_t ecc_test_allocator(WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- ecc_key* key;
- #ifdef WC_NO_RNG
- word32 idx = 0;
- #endif
- key = wc_ecc_key_new(HEAP_HINT);
- if (key == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- #else
- /* use test ECC key */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- (word32)sizeof_ecc_key_der_256);
- (void)rng;
- #endif
- exit:
- wc_ecc_key_free(key);
- return ret;
- }
- #endif
- /* ECC Non-blocking tests for Sign and Verify */
- /* Requires SP math and supports P384 or P256 */
- /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \
- defined(WOLFSSL_PUBLIC_MP)
- /* ECC Private Key "d" */
- static const byte p256PrivKey[] = {
- /* SECP256R1 */
- /* d */
- 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
- 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
- 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
- 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
- };
- #ifdef HAVE_ECC384
- static const byte p384PrivKey[] = {
- /* SECP384R1 */
- /* d */
- 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
- 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
- 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
- 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
- 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
- 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
- };
- #endif /* HAVE_ECC384 */
- #ifdef HAVE_ECC521
- static const byte p521PrivKey[] = {
- /* SECP521R1 */
- /* d */
- 0x01, 0x68, 0x91, 0x33, 0x53, 0xe2, 0x90, 0x68,
- 0x11, 0x8f, 0xaa, 0xa8, 0x76, 0x0c, 0xf7, 0x2a,
- 0x07, 0x1b, 0x92, 0x2a, 0xa7, 0x82, 0x3d, 0xfa,
- 0x83, 0xce, 0x70, 0xc8, 0xc2, 0x60, 0x82, 0xfe,
- 0x18, 0x88, 0x68, 0xda, 0x6a, 0x83, 0x46, 0x78,
- 0xe4, 0xe9, 0xe9, 0xcc, 0x51, 0x7f, 0xed, 0x81,
- 0x02, 0x32, 0xee, 0x26, 0x87, 0xcc, 0xed, 0x63,
- 0x3f, 0x39, 0x27, 0xf0, 0xd7, 0x17, 0x77, 0xa1,
- 0xa4, 0x36
- };
- #endif /* HAVE_ECC521 */
- /* ECC public key Qx/Qy */
- static const byte p256PubKey[] = {
- /* SECP256R1 */
- /* Qx */
- 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
- 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
- 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
- 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
- /* Qy */
- 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
- 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
- 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
- 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
- };
- #ifdef HAVE_ECC384
- static const byte p384PubKey[] = {
- /* SECP384R1 */
- /* Qx */
- 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
- 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
- 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
- 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
- 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
- 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
- /* Qy */
- 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
- 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
- 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
- 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
- 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
- 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
- };
- #endif
- #ifdef HAVE_ECC521
- static const byte p521PubKey[] = {
- /* SECP521R1 */
- /* Qx */
- 0x01, 0x62, 0x6e, 0xf1, 0x00, 0xec, 0xd8, 0x99,
- 0x58, 0x9b, 0x80, 0x6b, 0xfe, 0x2c, 0xf1, 0xb2,
- 0xf0, 0xc8, 0x48, 0xdf, 0xac, 0xd2, 0x3b, 0x71,
- 0x29, 0xab, 0xf0, 0x66, 0x63, 0xd8, 0x8e, 0xb5,
- 0xc8, 0xc2, 0xfc, 0x99, 0x44, 0xe2, 0x45, 0xb1,
- 0x5a, 0x7b, 0xb9, 0x73, 0x01, 0xda, 0x79, 0xec,
- 0x9c, 0x26, 0x27, 0x34, 0x45, 0x26, 0xd5, 0x89,
- 0x4b, 0x44, 0xfe, 0x69, 0x4e, 0x72, 0x14, 0xe3,
- 0x8b, 0xbc,
- /* Qy */
- 0x00, 0x0f, 0x09, 0xa2, 0x03, 0xc3, 0x5a, 0xdc,
- 0x95, 0x82, 0xf6, 0xf9, 0xf6, 0x9c, 0xff, 0xb5,
- 0x6b, 0x75, 0x95, 0x4b, 0xa4, 0x28, 0x5d, 0x9e,
- 0x90, 0x04, 0xd1, 0xc0, 0x1e, 0xd5, 0xfd, 0x43,
- 0x9e, 0x1e, 0x83, 0xc0, 0x11, 0x2b, 0x2b, 0x07,
- 0x6d, 0xa9, 0x7a, 0x10, 0xd7, 0x67, 0xe7, 0x51,
- 0x37, 0x24, 0xd8, 0xbf, 0x03, 0x0d, 0x8b, 0xb5,
- 0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc,
- 0x91, 0xd9
- };
- /* perform verify of signature and hash using public key */
- /* key is public Qx + public Qy */
- /* sig is r + s */
- static wc_test_ret_t crypto_ecc_verify(const byte *key, uint32_t keySz,
- const byte *hash, uint32_t hashSz, const byte *sig, uint32_t sigSz,
- uint32_t curveSz, int curveId)
- {
- wc_test_ret_t ret;
- int verify_res = 0, count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
- hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
- {
- return WC_TEST_RET_ENC_NC;
- }
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Import public key x/y */
- ret = wc_ecc_import_unsigned(
- &ecc,
- (byte*)key, /* Public "x" Coordinate */
- (byte*)(key + curveSz), /* Public "y" Coordinate */
- NULL, /* Private "d" (optional) */
- curveId /* ECC Curve Id */
- );
- /* Make sure it was a public key imported */
- if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
- ret = WC_TEST_RET_ENC_NC; /* ECC_BAD_ARG_E */
- }
- /* Import signature r/s */
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&r, sig, curveSz);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* Verify ECC Signature */
- if (ret == 0) {
- do {
- ret = wc_ecc_verify_hash_ex(
- &r, &s, /* r/s as mp_int */
- hash, hashSz, /* computed hash digest */
- &verify_res, /* verification result 1=success */
- &ecc
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("ECC non-block verify: %d times\n", count);
- #endif
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* check verify result */
- if (ret == 0 && verify_res == 0) {
- ret = WC_TEST_RET_ENC_NC /* SIG_VERIFY_E */;
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- /* perform signature operation against hash using private key */
- static wc_test_ret_t crypto_ecc_sign(const byte *key, uint32_t keySz,
- const byte *hash, uint32_t hashSz, byte *sig, uint32_t* sigSz,
- uint32_t curveSz, int curveId, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
- curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
- {
- return WC_TEST_RET_ENC_NC /* BAD_FUNC_ARG */;
- }
- /* Initialize signature result */
- memset(sig, 0, curveSz*2);
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Import private key "k" */
- ret = wc_ecc_import_private_key_ex(
- key, keySz, /* private key "d" */
- NULL, 0, /* public (optional) */
- &ecc,
- curveId /* ECC Curve Id */
- );
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- do {
- /* Verify ECC Signature */
- ret = wc_ecc_sign_hash_ex(
- hash, hashSz, /* computed hash digest */
- rng, &ecc, /* random and key context */
- &r, &s /* r/s as mp_int */
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("ECC non-block sign: %d times\n", count);
- #endif
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- /* export r/s */
- mp_to_unsigned_bin_len(&r, sig, curveSz);
- mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- /*
- * This test doesn't work with WOLFSSL_VALIDATE_ECC_KEYGEN defined because we
- * don't have non-blocking versions of the key checking functions, yet.
- */
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
- static wc_test_ret_t ecc_test_nonblock_dhe(int curveId, word32 curveSz,
- const byte* privKey, const byte* pubKey, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- ecc_key keyA;
- ecc_key keyB;
- ecc_nb_ctx_t nbCtxA;
- ecc_nb_ctx_t nbCtxB;
- byte secretA[ECC_SHARED_SIZE];
- byte secretB[ECC_SHARED_SIZE];
- word32 secretSzA = ECC_SHARED_SIZE;
- word32 secretSzB = ECC_SHARED_SIZE;
- int count = 0;
- ret = wc_ecc_init(&keyA);
- if (ret == 0) {
- ret = wc_ecc_init(&keyB);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_ecc_set_nonblock(&keyA, &nbCtxA);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_ecc_set_nonblock(&keyB, &nbCtxB);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- do {
- ret = wc_ecc_make_key_ex(rng, curveSz, &keyA, curveId);
- count++;
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "ECC non-block key gen: %d times\n", count);
- #endif
- if (ret == 0) {
- ret = wc_ecc_check_key(&keyA);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_ecc_import_unsigned(&keyB, pubKey, pubKey + curveSz,
- privKey, curveId);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- count = 0;
- if (ret == 0) {
- do {
- ret = wc_ecc_shared_secret(&keyA, &keyB, secretA, &secretSzA);
- count++;
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "ECC non-block shared secret: %d times\n", count);
- #endif
- if (ret == 0) {
- do {
- ret = wc_ecc_shared_secret(&keyB, &keyA, secretB, &secretSzB);
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- if (secretSzA != secretSzB ||
- XMEMCMP(secretA, secretB, secretSzA) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- }
- }
- wc_ecc_free(&keyA);
- wc_ecc_free(&keyB);
- return ret;
- }
- #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
- #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz,
- const byte* privKey, word32 privKeySz, const byte* pubKey, word32 pubKeySz,
- WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- byte* sig = NULL;
- word32 sigSz = curveSz * 2;
- static const byte hash[] = {
- 0x8d, 0x28, 0xa3, 0x8b, 0x0b, 0xa9, 0xfe, 0xd4, 0x0e, 0x54, 0xc4, 0x17,
- 0x3d, 0x54, 0x66, 0x34, 0xbf, 0x5d, 0x6f, 0x46, 0xc2, 0x20, 0xcb, 0xc3,
- 0x22, 0xe9, 0xb0, 0xdf, 0xe7, 0x64, 0x3f, 0xd9
- };
- sig = (byte*)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
- if (sig == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- if (ret == 0) {
- /* Sign hash using private key */
- /* Note: result of an ECC sign varies for each call even with same
- private key and hash. This is because a new random public key is
- used for each operation. */
- ret = crypto_ecc_sign(privKey, privKeySz, hash, sizeof(hash), sig,
- &sigSz, curveSz, curveId, rng);
- }
- if (ret == 0) {
- /* Verify generated signature is valid */
- ret = crypto_ecc_verify(pubKey, pubKeySz, hash, sizeof(hash), sig,
- sigSz, curveSz, curveId);
- }
- if (sig != NULL) {
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
- }
- return ret;
- }
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- word32 i;
- int curveIds[3] = {0, 0, 0};
- word32 curveSzs[3] = {0, 0, 0};
- const byte* privKeys[3] = {NULL, NULL, NULL};
- word32 privKeySzs[3] = {0, 0, 0};
- const byte* pubKeys[3] = {NULL, NULL, NULL};
- word32 pubKeySzs[3] = {0, 0, 0};
- curveIds[0] = ECC_SECP256R1;
- curveSzs[0] = 32;
- privKeys[0] = p256PrivKey;
- privKeySzs[0] = sizeof(p256PrivKey);
- pubKeys[0] = p256PubKey;
- pubKeySzs[0] = sizeof(p256PubKey);
- #ifdef HAVE_ECC384
- curveIds[1] = ECC_SECP384R1;
- curveSzs[1] = 48;
- privKeys[1] = p384PrivKey;
- privKeySzs[1] = sizeof(p384PrivKey);
- pubKeys[1] = p384PubKey;
- pubKeySzs[1] = sizeof(p384PubKey);
- #endif
- #ifdef HAVE_ECC521
- curveIds[2] = ECC_SECP521R1;
- curveSzs[2] = 66;
- privKeys[2] = p521PrivKey;
- privKeySzs[2] = sizeof(p521PrivKey);
- pubKeys[2] = p521PubKey;
- pubKeySzs[2] = sizeof(p521PubKey);
- #endif
- for (i = 0; ret == 0 && i < sizeof(curveIds) / sizeof(curveIds[0]); ++i) {
- if (curveIds[i] == 0) {
- continue;
- }
- #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- ret = ecc_test_nonblock_ecdsa(curveIds[i], curveSzs[i], privKeys[i],
- privKeySzs[i], pubKeys[i], pubKeySzs[i], rng);
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
- if (ret == 0) {
- ret = ecc_test_nonblock_dhe(curveIds[i], curveSzs[i], privKeys[i],
- pubKeys[i], rng);
- }
- #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
- }
- return ret;
- }
- #endif /* WC_ECC_NONBLOCK && WOLFSSL_HAVE_SP_ECC && WOLFSSL_PUBLIC_MP */
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION > 2)))
- static int ecc_test_raw_enc_dec(void)
- {
- int ret;
- unsigned char r[1];
- word32 rSz;
- unsigned char s[1];
- word32 sSz;
- unsigned char rZero[] = { 0, 0, 0, 0 };
- unsigned char sOne[] = { 0, 0, 1 };
- unsigned char sigRaw[32];
- word32 sigRawSz;
- unsigned char expSig[] = { 0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01 };
- sigRawSz = sizeof(sigRaw);
- ret = wc_ecc_rs_raw_to_sig(rZero, sizeof(rZero), sOne, sizeof(sOne),
- sigRaw, &sigRawSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (sigRawSz != sizeof(expSig)) {
- return WC_TEST_RET_ENC_EC((int)sigRawSz);
- }
- if (XMEMCMP(sigRaw, expSig, sizeof(expSig)) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- rSz = sizeof(r);
- sSz = sizeof(s);
- ret = wc_ecc_sig_to_rs(sigRaw, sigRawSz, r, &rSz, s, &sSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (rSz != 1) {
- return WC_TEST_RET_ENC_EC((int)rSz);
- }
- if (sSz != 1) {
- return WC_TEST_RET_ENC_EC((int)sSz);
- }
- if (r[0] != 0) {
- return WC_TEST_RET_ENC_EC(r[0]);
- }
- if (s[0] != 1) {
- return WC_TEST_RET_ENC_EC(s[0]);
- }
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- WOLFSSL_ENTER("ecc_test");
- #if defined(ECC_MIN_KEY_SZ)
- WOLFSSL_MSG_EX("ecc_test ECC_MIN_KEY_SZ = %d\n", ECC_MIN_KEY_SZ);
- #else
- WOLFSSL_MSG("ecc_test ECC_MIN_KEY_SZ not defined.");
- #endif
- #if defined(WOLFSSL_CERT_EXT) && \
- (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- ret = ecc_decode_test();
- if (ret < 0)
- return ret;
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- #ifndef WC_NO_RNG
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- (void)ret;
- #endif
- #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
- ret = ecc_test_curve(&rng, 14, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=14, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC112 */
- #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
- ret = ecc_test_curve(&rng, 16, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=16, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC128 */
- #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
- ret = ecc_test_curve(&rng, 20, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=20, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC160 */
- #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
- #if !FIPS_VERSION3_GE(6,0,0)
- ret = ecc_test_curve(&rng, 24, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=24, Default\n");
- goto done;
- }
- #endif
- #endif /* HAVE_ECC192 */
- #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
- ret = ecc_test_curve(&rng, 28, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=28, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC224 */
- #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
- ret = ecc_test_curve(&rng, 30, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=30, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC239 */
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- ret = ecc_test_curve(&rng, 32, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=32, Default\n");
- goto done;
- }
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_point_test();
- if (ret < 0) {
- goto done;
- }
- #endif
- #if !defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES)
- ret = ecc_def_curve_test(&rng);
- if (ret < 0) {
- printf("Default\n");
- goto done;
- }
- #endif
- #endif /* !NO_ECC256 */
- #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
- ret = ecc_test_curve(&rng, 40, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=40, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC320 */
- #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
- ret = ecc_test_curve(&rng, 48, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=48, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC384 */
- #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
- ret = ecc_test_curve(&rng, 64, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=64, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC512 */
- #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
- ret = ecc_test_curve(&rng, 66, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=66, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC521 */
- #ifdef WOLFSSL_SM2
- ret = ecc_test_curve(&rng, 32, ECC_SM2P256V1);
- if (ret < 0) {
- printf("SM2\n");
- goto done;
- }
- #endif
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION > 2)))
- ret = ecc_test_raw_enc_dec();
- if (ret != 0) {
- printf("raw sig encode/decode\n");
- goto done;
- }
- #endif
- #if defined(WOLFSSL_CUSTOM_CURVES)
- ret = ecc_test_custom_curves(&rng);
- if (ret != 0) {
- printf("Custom\n");
- goto done;
- }
- #endif
- #if defined(WOLFSSL_SM2)
- ret = test_sm2_verify();
- if (ret != 0) {
- printf("SM2 Verify\n");
- goto done;
- }
- ret = ecc_sm2_test_curve(&rng, ECC_TEST_VERIFY_COUNT);
- if (ret != 0) {
- printf("SM2 test\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
- defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
- && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
- #ifdef HAVE_ECC256
- ret = ecc_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc_test_deterministic_k failed!\n");
- goto done;
- }
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- #if defined(HAVE_ECC384)
- ret = ecc384_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc384_test_deterministic_k failed!\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC521)
- ret = ecc521_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc512_test_deterministic_k failed!\n");
- goto done;
- }
- #endif
- #endif
- #endif
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
- !defined(WOLFSSL_KCAPI_ECC)
- ret = ecc_test_sign_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_sign_vectors failed!\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_VECTOR_TEST) && defined(HAVE_ECC_CDH) && \
- defined(HAVE_ECC_DHE)
- ret = ecc_test_cdh_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_cdh_vectors failed!\n");
- goto done;
- }
- #endif
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- ret = ecc_test_make_pub(&rng);
- if (ret != 0) {
- printf("ecc_test_make_pub failed!\n");
- goto done;
- }
- #elif defined(HAVE_ECC_KEY_IMPORT)
- (void)ecc_test_make_pub; /* for compiler warning */
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
- ret = ecc_test_cert_gen(&rng);
- if (ret != 0) {
- printf("ecc_test_cert_gen failed!\n");
- goto done;
- }
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && (!defined(NO_ECC_SECP) || \
- defined(WOLFSSL_CUSTOM_CURVES))
- ret = ecc_test_allocator(&rng);
- if (ret != 0) {
- printf("ecc_test_allocator failed!\n");
- goto done;
- }
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- ret = ecc_test_nonblock(&rng);
- if (ret != 0) {
- printf("ecc_test_nonblock failed!\n");
- goto done;
- }
- #endif
- done:
- wc_FreeRng(&rng);
- return ret;
- }
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3))
- static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* plaintext;
- byte* encrypted;
- byte* decrypted;
- #else
- byte plaintext[128];
- byte encrypted[128];
- byte decrypted[128];
- #endif
- ecEncCtx* aCtx = NULL;
- ecEncCtx* bCtx = NULL;
- static const byte salt[16] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
- 14, 15};
- wc_test_ret_t ret = 0;
- static const char message[] = "Hello wolfSSL!";
- word32 plaintextLen;
- word32 encryptLen = 128;
- word32 decryptLen = 128;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- wc_ecc_free(a);
- wc_ecc_free(b);
- ret = wc_ecc_init(a);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- ret = wc_ecc_init(b);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0)
- ret = wc_ecc_make_key(rng, 32, a);
- if (ret == 0)
- ret = wc_ecc_make_key(rng, 32, b);
- /* create context */
- if (ret == 0) {
- aCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- if (aCtx == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- bCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (bCtx == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- /* set salt */
- if (ret == 0) {
- ret = wc_ecc_ctx_set_kdf_salt(aCtx, salt, sizeof(salt));
- if (ret != 0)
- ret = 10472;
- }
- if (ret == 0) {
- ret = wc_ecc_ctx_set_kdf_salt(bCtx, salt, sizeof(salt));
- if (ret != 0)
- ret = 10473;
- }
- XMEMSET(plaintext, 0, 128);
- XSTRLCPY((char *)plaintext, message, sizeof plaintext);
- plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) /
- AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
- /* encrypt */
- if (ret == 0) {
- ret = wc_ecc_encrypt(a, b, plaintext, plaintextLen, encrypted,
- &encryptLen, aCtx);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* decrypt */
- if (ret == 0) {
- ret = wc_ecc_decrypt(b, a, encrypted, encryptLen, decrypted,
- &decryptLen, bCtx);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* compare */
- if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
- ret = WC_TEST_RET_ENC_NC;
- wc_ecc_free(a);
- wc_ecc_free(b);
- wc_ecc_ctx_free(aCtx);
- wc_ecc_ctx_free(bCtx);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
- * wolfFIPS 5.3.
- * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
- */
- #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
- ECC_MIN_KEY_SZ <= 256 && defined(WOLFSSL_AES_128)
- static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
- {
- wc_test_ret_t ret = 0;
- #ifdef WOLFSSL_ECIES_OLD
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key* userA = NULL;
- #else
- ecc_key userA[1];
- #endif
- int userAInit = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key* userB = NULL;
- #else
- ecc_key userB[1];
- #endif
- int userBInit = 0;
- ecc_key* tmpKey;
- byte plain[48];
- word32 plainSz = sizeof(plain);
- WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
- 0x04, 0x80, 0xef, 0x1d, 0xbe, 0x02, 0x0c, 0x20,
- 0x5b, 0xab, 0x80, 0x35, 0x5b, 0x2a, 0x0f, 0x6d,
- 0xd3, 0xb0, 0x7f, 0x7e, 0x7f, 0x86, 0x8a, 0x49,
- 0xee, 0xb4, 0xaa, 0x09, 0x2d, 0x1e, 0x1d, 0x02
- };
- #if defined(WOLFSSL_ECIES_OLD) || defined(WOLFSSL_QNX_CAAM)
- WOLFSSL_SMALL_STACK_STATIC const byte pubKey[] = {
- 0x04,
- /* X */
- 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
- 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
- 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
- 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
- /* X */
- 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
- 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
- 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
- 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte enc_msg[] = {
- #ifdef WOLFSSL_ECIES_OLD
- 0x42, 0x70, 0xbf, 0xf9, 0xf4, 0x7e, 0x4b, 0x9b,
- 0xb5, 0x4c, 0xcc, 0xc5, 0x94, 0xa7, 0xef, 0xaa,
- 0xc3, 0x7c, 0x85, 0xa6, 0x51, 0x6e, 0xd3, 0xfa,
- 0x56, 0xc9, 0x10, 0x4d, 0x14, 0x32, 0x61, 0xb8,
- 0xbb, 0x66, 0x7a, 0xb5, 0xbc, 0x95, 0xf8, 0xca,
- 0xd1, 0x2a, 0x19, 0x51, 0x44, 0xd8, 0x0e, 0x57,
- 0x34, 0xed, 0x45, 0x89, 0x2e, 0x57, 0xbe, 0xd5,
- 0x06, 0x22, 0xd7, 0x13, 0x0a, 0x0e, 0x40, 0x36,
- 0x0d, 0x05, 0x0d, 0xb6, 0xae, 0x61, 0x37, 0x18,
- 0x83, 0x90, 0x0a, 0x27, 0x95, 0x41, 0x8c, 0x45
- #elif defined(WOLFSSL_ECIES_ISO18033)
- 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
- 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
- 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
- 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
- 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
- 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
- 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
- 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
- 0x28, 0xbb, 0x9f, 0xa8, 0x2d, 0xe1, 0xf1, 0x67,
- 0x45, 0x02, 0x19, 0xdc, 0xc8, 0x24, 0x8b, 0x20,
- 0x02, 0xa0, 0x8f, 0x95, 0x12, 0x55, 0x51, 0xf8,
- 0x03, 0xc4, 0x54, 0x13, 0x98, 0x2d, 0xf0, 0x31,
- 0x51, 0x80, 0x45, 0x24, 0xcb, 0x8b, 0x48, 0xa6,
- 0x8b, 0x8e, 0x97, 0x9c, 0x56, 0x4d, 0x70, 0x00,
- 0x53, 0xd3, 0x47, 0x00, 0x5a, 0x23, 0x8c, 0xf9,
- 0xfd, 0xd2, 0x33, 0x2c, 0x43, 0x6e, 0x9e, 0xb2,
- 0xf4, 0x95, 0xd4, 0xcf, 0x30, 0xd6, 0xa2, 0xc5,
- 0x35, 0x96, 0x6a, 0xd4, 0x36, 0x15, 0xa9, 0xbd,
- 0x7f
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- /* EC P-256 point */
- 0x04,
- /* X */
- 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
- 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
- 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
- 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
- /* Y */
- 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
- 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
- 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
- 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28,
- /* IV */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- /* Encrypted Msg */
- 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d, 0x50,
- 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c, 0x1f,
- 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc, 0x44,
- 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca, 0x65,
- 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61, 0xbd,
- 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1, 0xde,
- /* HMAC */
- 0x5a, 0x22, 0xc1, 0x5d, 0x99, 0x66, 0x3f, 0x24,
- 0x35, 0x96, 0xac, 0xf7, 0xf6, 0x28, 0x45, 0x16,
- 0x52, 0x19, 0x0d, 0xe4, 0xb2, 0xca, 0x5b, 0x28,
- 0x4e, 0xbb, 0xf3, 0x98, 0x57, 0xd7, 0x3b, 0xe2
- #else
- 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
- 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
- 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
- 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
- 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
- 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
- 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
- 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
- 0x28, 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d,
- 0x50, 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c,
- 0x1f, 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc,
- 0x44, 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca,
- 0x65, 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61,
- 0xbd, 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1,
- 0xde, 0xc7, 0x3f, 0x6f, 0xce, 0xbe, 0x49, 0x61,
- 0x48, 0x01, 0x77, 0x41, 0xd0, 0xd8, 0x5b, 0x48,
- 0xca, 0x4e, 0x47, 0x3e, 0x47, 0xbf, 0x1d, 0x28,
- 0x4c, 0x18, 0x1a, 0xfb, 0x96, 0x95, 0xda, 0xde,
- 0x55
- #endif
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- userB = (ecc_key *)XMALLOC(sizeof(*userB), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (userB == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (ret == 0) {
- userA = (ecc_key *)XMALLOC(sizeof(*userA), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (userA == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- }
- #endif
- #endif
- if (ret == 0) {
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- userBInit = 1;
- #ifdef WOLFSSL_ECIES_OLD
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- userAInit = 1;
- tmpKey = userA;
- #else
- tmpKey = NULL;
- #endif
- }
- if (ret == 0) {
- #ifdef WOLFSSL_QNX_CAAM
- ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), pubKey,
- sizeof(pubKey), userB, ECC_SECP256R1);
- #else
- ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), NULL, 0,
- userB, ECC_SECP256R1);
- #endif
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (ret == 0) {
- ret = wc_ecc_import_x963_ex(pubKey, sizeof(pubKey), userA,
- ECC_SECP256R1);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- if (ret == 0) {
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- }
- #else
- (void)rng;
- #endif
- if (ret == 0) {
- ret = wc_ecc_decrypt(userB, tmpKey, enc_msg, sizeof(enc_msg), plain,
- &plainSz, NULL);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- }
- }
- if (userBInit)
- wc_ecc_free(userB);
- #ifdef WOLFSSL_ECIES_OLD
- if (userAInit)
- wc_ecc_free(userA);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userB != NULL) {
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (userA != NULL) {
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #endif
- return ret;
- }
- #endif
- static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
- byte encAlgo, byte kdfAlgo, byte macAlgo)
- {
- wc_test_ret_t ret = 0;
- byte msg[48];
- byte plain[48];
- #ifdef WOLFSSL_ECIES_OLD
- byte out[80];
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- byte out[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
- #else
- byte out[1 + ECC_KEYGEN_SIZE * 2 + 80];
- #endif
- word32 outSz = sizeof(out);
- word32 plainSz = sizeof(plain);
- int i;
- ecEncCtx* cliCtx = NULL;
- ecEncCtx* srvCtx = NULL;
- byte cliSalt[EXCHANGE_SALT_SZ];
- byte srvSalt[EXCHANGE_SALT_SZ];
- const byte* tmpSalt;
- byte msg2[48];
- byte plain2[48];
- #ifdef WOLFSSL_ECIES_OLD
- byte out2[80];
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- byte out2[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
- #else
- byte out2[1 + ECC_KEYGEN_SIZE * 2 + 80];
- #endif
- word32 outSz2 = sizeof(out2);
- word32 plainSz2 = sizeof(plain2);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof(ecc_key), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key tmpKey[1];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmpKey == NULL) {
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- /* set message to incrementing 0,1,2,etc... */
- for (i = 0; i < (int)sizeof(msg); i++)
- msg[i] = i;
- /* encrypt msg to B */
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = userA->dp;
- ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #endif
- /* decrypt msg from A */
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, NULL);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #ifndef WOLFSSL_ECIES_OLD
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(userB, NULL, out, outSz, plain2, &plainSz2, NULL);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #endif
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO; goto done;
- }
- ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
- if (ret != 0)
- goto done;
- #ifndef WOLFSSL_ECIES_OLD
- wc_ecc_free(tmpKey);
- #endif
- /* B decrypts msg (request) from A */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- /* msg2 (response) from B to A */
- for (i = 0; i < (int)sizeof(msg2); i++)
- msg2[i] = i + sizeof(msg2);
- /* get encrypted msg (response) to send to B */
- ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
- &outSz2, srvCtx);
- if (ret != 0)
- goto done;
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = userB->dp;
- ret = wc_ecc_copy_point(&userB->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #else
- wc_ecc_free(tmpKey);
- #endif
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(userA, tmpKey, out2, outSz2, plain2, &plainSz2,
- cliCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #if defined(HAVE_COMP_KEY) && \
- (! defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- /* Create new client and server contexts. */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO; goto done;
- }
- ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 12);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 12);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B - compressed public key */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt_ex(userA, userB, msg, sizeof(msg), out, &outSz, cliCtx,
- 1);
- if (ret != 0)
- goto done;
- #ifndef WOLFSSL_ECIES_OLD
- wc_ecc_free(tmpKey);
- #endif
- /* B decrypts msg (request) from A - out has a compressed public key */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #endif /* HAVE_COMP_KEY && (!FIPS || FIPS>=5.3) */
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
- (ECC_MIN_KEY_SZ <= 256) && defined(WOLFSSL_AES_128)
- ret = ecc_encrypt_kat(rng);
- #endif
- done:
- /* cleanup */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmpKey != NULL) {
- wc_ecc_free(tmpKey);
- XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(tmpKey);
- #endif
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
- {
- WC_RNG rng;
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA;
- ecc_key *userB;
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- #endif
- WOLFSSL_ENTER("ecc_encrypt_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if ((userA == NULL) || (userB == NULL)) {
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, &rng);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- ret = wc_ecc_set_rng(userB, &rng);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #endif
- #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #ifdef HAVE_X963_KDF
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
- ecKDF_X963_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CBC, KDF_X963_SHA256, HMAC_SHA256\n");
- }
- }
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
- ecKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CBC, KDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CBC,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_256_CBC, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif
- #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
- #ifdef WOLFSSL_AES_128
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CTR, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CTR,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_256_CTR, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif /* !NO_AES && WOLFSSL_AES_COUNTER */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- if (ret == 0) {
- ret = ecc_ctx_kdf_salt_test(&rng, userA, userB);
- }
- #endif
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
- {
- size_t bytes;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof *tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key cliKey[1];
- ecc_key servKey[1];
- ecc_key tmpKey[1];
- #endif
- WC_RNG rng;
- word32 idx = 0;
- wc_test_ret_t ret;
- /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[256];
- byte plain[256];
- int verify = 0;
- word32 x;
- WOLFSSL_ENTER("ecc_test_buffers");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- bytes = (size_t)sizeof_ecc_clikey_der_256;
- /* place client key into ecc_key struct cliKey */
- ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- idx = 0;
- bytes = (size_t)sizeof_ecc_key_der_256;
- /* place server key into ecc_key struct servKey */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(cliKey, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_rng(servKey, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #endif /* !WC_NO_RNG */
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- {
- word32 y;
- /* test encrypt and decrypt if they're available */
- x = sizeof(out);
- ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = cliKey->dp;
- ret = wc_ecc_copy_point(&cliKey->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #endif
- y = sizeof(plain);
- ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(plain, in, inLen))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- x = sizeof(out);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- XMEMSET(plain, 0, sizeof(plain));
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
- cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #ifdef WOLFSSL_CERT_EXT
- idx = 0;
- bytes = sizeof_ecc_clikeypub_der_256;
- ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
- (word32) bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- ret = 0;
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (cliKey != NULL) {
- wc_ecc_free(cliKey);
- XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (servKey != NULL) {
- wc_ecc_free(servKey);
- XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmpKey != NULL) {
- wc_ecc_free(tmpKey);
- XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(cliKey);
- wc_ecc_free(servKey);
- wc_ecc_free(tmpKey);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- #define X25519_TEST_CNT 5
- #else
- #define X25519_TEST_CNT 1
- #endif
- static wc_test_ret_t curve25519_overflow_test(void)
- {
- /* secret key for party a */
- byte sa[X25519_TEST_CNT][32] = {
- {
- 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
- 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
- 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
- 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
- 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
- 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
- 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- }
- #endif
- };
- /* public key for party b */
- byte pb[X25519_TEST_CNT][32] = {
- {
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- /* 0xff first byte in original - invalid! */
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- {
- 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
- 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
- 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
- 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
- },
- {
- 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
- 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
- 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
- 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
- },
- {
- 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
- 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
- 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
- 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
- }
- #endif
- };
- /* expected shared key */
- byte ss[X25519_TEST_CNT][32] = {
- {
- 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
- 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
- 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
- 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
- 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
- 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
- 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
- }
- #endif
- };
- wc_test_ret_t ret = 0;
- int i;
- word32 y;
- byte shared[32];
- curve25519_key userA;
- wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
- for (i = 0; i < X25519_TEST_CNT; i++) {
- if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
- sizeof(pb[i]), &userA) != 0) {
- ret = WC_TEST_RET_ENC_I(i); break;
- }
- /* test against known test vector */
- XMEMSET(shared, 0, sizeof(shared));
- y = sizeof(shared);
- if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) {
- ret = WC_TEST_RET_ENC_I(i); break;
- }
- if (XMEMCMP(ss[i], shared, y)) {
- ret = WC_TEST_RET_ENC_I(i); break;
- }
- }
- wc_curve25519_free(&userA);
- return ret;
- }
- /* Test the wc_curve25519_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static wc_test_ret_t curve25519_check_public_test(void)
- {
- wc_test_ret_t ret;
- /* Little-endian values that will fail */
- byte fail_le[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- {
- 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE25519_KEYSIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- /* Parameter checks */
- /* NULL pointer */
- ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN);
- if (ret != BAD_FUNC_ARG) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN);
- if (ret != BAD_FUNC_ARG) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Length of 0 treated differently to other invalid lengths for TLS */
- ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Length not CURVE25519_KEYSIZE */
- for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
- if (i == CURVE25519_KEYSIZE)
- continue;
- if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Check a valid public value works! */
- ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- return 0;
- }
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- static wc_test_ret_t curve255519_der_test(void)
- {
- wc_test_ret_t ret = 0;
- /* certs/statickeys/x25519.der */
- const byte kCurve25519PrivDer[] = {
- 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E,
- 0x04, 0x22, 0x04, 0x20, 0x78, 0x8E, 0x31, 0x5C, 0x33, 0xA9, 0x19, 0xC0,
- 0x5E, 0x36, 0x70, 0x1B, 0xA4, 0xE8, 0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15,
- 0xC6, 0x79, 0xD3, 0xAC, 0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78
- };
- /* certs/statickeys/x25519-pub.der */
- const byte kCurve25519PubDer[] = {
- 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00,
- 0x09, 0xBC, 0x8C, 0xC7, 0x45, 0x0D, 0xC1, 0xC2, 0x02, 0x57, 0x9A, 0x68,
- 0x3A, 0xFD, 0x7A, 0xA8, 0xA5, 0x2F, 0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26,
- 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26
- };
- curve25519_key key;
- byte output[128];
- word32 outputSz = 128;
- word32 idx;
- ret = wc_curve25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Test decode / encode of Curve25519 private key only */
- if (ret == 0) {
- idx = 0;
- ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, &key,
- (word32)sizeof(kCurve25519PrivDer));
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- outputSz = (word32)sizeof(output);
- ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
- if (ret >= 0) {
- outputSz = (word32)ret;
- ret = 0;
- }
- else {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- }
- if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
- XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
- ret = WC_TEST_RET_ENC_NC;
- }
- /* Test decode / encode of Curve25519 public key only */
- if (ret == 0) {
- idx = 0;
- ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, &key,
- (word32)sizeof(kCurve25519PubDer));
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- outputSz = (word32)sizeof(output);
- ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
- if (ret >= 0) {
- outputSz = (word32)ret;
- ret = 0;
- }
- else {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- }
- if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
- XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
- ret = WC_TEST_RET_ENC_NC;
- }
- wc_curve25519_free(&key);
- return ret;
- }
- #endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
- {
- WC_RNG rng;
- wc_test_ret_t ret;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- byte sharedA[32];
- byte sharedB[32];
- word32 y;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- byte exportBuf[32];
- #endif
- word32 x = 0;
- curve25519_key userA, userB, pubKey;
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
- */
- /* secret key for party a */
- byte sa[] = {
- 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
- 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
- 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
- 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
- };
- /* public key for party a */
- byte pa[] = {
- 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
- 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
- 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
- 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
- };
- /* secret key for party b */
- byte sb[] = {
- 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
- 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
- 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
- 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
- };
- /* public key for party b */
- byte pb[] = {
- 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
- 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
- 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
- 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
- };
- /* expected shared key */
- byte ss[] = {
- 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
- 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
- 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
- 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
- };
- #endif /* HAVE_CURVE25519_SHARED_SECRET */
- (void)x;
- WOLFSSL_ENTER("curve25519_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
- wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
- wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
- /* make curve25519 keys */
- ret = wc_curve25519_make_key(&rng, 32, &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve25519_make_key(&rng, 32, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
- printf("wc_curve25519_shared_secret 1 failed\n");
- return WC_TEST_RET_ENC_EC(ret);
- }
- y = sizeof(sharedB);
- if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
- printf("wc_curve25519_shared_secret 2 failed\n");
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- ret = wc_curve25519_export_public(&userA, exportBuf, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE25519_KEY_IMPORT
- ret = wc_curve25519_import_public(exportBuf, x, &pubKey);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(sharedA, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* import RFC test vectors and compare shared key */
- ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
- &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb),
- &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test with 1 generated key and 1 from known test vector */
- ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
- &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_curve25519_free(&userB);
- wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
- ret = wc_curve25519_make_key(&rng, 32, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- x = sizeof(sharedA);
- ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- y = sizeof(sharedB);
- ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- ret = curve25519_overflow_test();
- if (ret != 0)
- return ret;
- ret = curve25519_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- ret = curve255519_der_test();
- if (ret != 0)
- return ret;
- #endif
- /* clean up keys when done */
- wc_curve25519_free(&pubKey);
- wc_curve25519_free(&userB);
- wc_curve25519_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE25519 */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static wc_test_ret_t ed25519_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED25519_VERIFY
- ed25519_key key;
- ed25519_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- wc_test_ret_t ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
- bytes = sizeof_ca_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
- bytes = sizeof_server_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ED25519_VERIFY
- ret = wc_ed25519_init(&key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- pubKey = &key;
- ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
- pubKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey);
- if (ret < 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* HAVE_ED25519_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED25519_VERIFY
- wc_ed25519_free(pubKey);
- #endif /* HAVE_ED25519_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static wc_test_ret_t ed25519_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed25519_key key;
- ed25519_key* privKey = NULL;
- wc_test_ret_t ret = 0;
- byte* tmp = NULL;
- wc_InitCert_ex(&cert, HEAP_HINT, devId);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_ed25519_init(&key);
- privKey = &key;
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- cert.sigType = CTC_ED25519;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
- ED25519_TYPE, privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed25519_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED25519_KEY_IMPORT)
- static wc_test_ret_t ed25519_test_check_key(void)
- {
- /* Fails to find x-ordinate from this y-ordinate. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
- 0x40,
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- /* Y-ordinate value larger than prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
- 0x40,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
- };
- /* Y-ordinate value equal to prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
- 0x40,
- 0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
- };
- /* Y-ordinate value equal to prime - 1. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
- 0x40,
- 0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
- };
- ed25519_key key;
- int ret;
- int res = 0;
- /* Initialize key for use. */
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Load bad public key only and perform checks. */
- ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- if (res == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load good public key only and perform checks. */
- ret = wc_ed25519_import_public(key_y_is_p_minus_1,
- ED25519_PUB_KEY_SIZE + 1, &key);
- if (ret != 0) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- /* Dispose of key. */
- wc_ed25519_free(&key);
- return res;
- }
- #endif
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- static wc_test_ret_t ed25519ctx_test(void)
- {
- wc_test_ret_t ret;
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify = 0;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
- 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
- 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
- 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
- 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
- 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
- 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
- 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
- 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
- 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
- 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
- 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
- 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
- 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
- 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
- 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
- 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
- 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
- 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
- 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
- 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
- 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
- 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
- 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return 10800;
- ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key);
- if (ret == 0)
- ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx));
- if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
- &verify, &key, contextCtx, sizeof(contextCtx));
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- wc_ed25519_free(&key);
- return ret;
- }
- static wc_test_ret_t ed25519ph_test(void)
- {
- wc_test_ret_t ret = 0;
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify = 0;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
- 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
- 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
- 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
- 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
- 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
- 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
- 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
- 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
- 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
- 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
- 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
- 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
- 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
- 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
- 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
- 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
- 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
- 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
- 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
- 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
- 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
- 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
- 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
- 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
- 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
- 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
- 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key);
- if (ret == 0)
- ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- if (ret == 0)
- ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- if (ret == 0)
- ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- wc_ed25519_free(&key);
- return ret;
- }
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- byte out[ED25519_SIG_SIZE];
- byte exportPKey[ED25519_KEY_SIZE];
- byte exportSKey[ED25519_KEY_SIZE];
- word32 exportPSz;
- word32 exportSSz;
- int i;
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
- int j;
- #endif
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- word32 keySz, sigSz;
- ed25519_key key;
- ed25519_key key2;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
- 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
- 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
- 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
- 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
- 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
- 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
- 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
- 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
- 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
- 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
- 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
- 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
- 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
- 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
- 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
- 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
- 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
- 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
- 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
- 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
- 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
- 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
- 0xd7
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
- 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
- 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
- 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
- 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
- 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
- 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
- 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
- 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
- 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
- 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
- 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
- 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
- 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
- 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
- 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
- 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
- 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
- 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
- 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
- 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
- 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
- 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
- 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
- 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
- /* test of a 1024 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
- 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
- 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
- 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
- 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
- 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
- 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
- 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
- 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
- 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
- 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
- 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
- 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
- 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
- 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
- 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
- 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
- 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
- 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
- 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
- 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
- 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
- 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
- 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
- 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
- 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
- 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
- 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
- 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
- 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
- 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
- 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
- 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
- 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
- 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
- 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
- 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
- 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
- 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
- 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
- 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
- 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
- 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
- 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
- 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
- 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
- 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
- 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
- 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
- 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
- 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
- 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
- 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
- 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
- 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
- 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
- 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
- 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
- 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
- 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
- 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
- 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
- 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
- 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
- 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
- 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
- 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
- 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
- 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
- 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
- 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
- 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
- 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
- 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
- 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
- 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
- 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
- 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
- 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
- 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
- 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
- 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
- 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
- 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
- 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
- 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
- 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
- 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
- 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
- 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
- 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
- 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
- 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
- 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
- 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
- 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
- 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
- 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
- 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
- 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
- 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
- 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
- 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
- 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
- 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
- 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
- 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
- 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
- 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
- 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
- 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
- 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
- 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
- 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
- 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
- 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
- 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
- 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
- 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
- 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
- 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
- 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
- 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
- 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
- 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
- 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
- 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
- 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static const byte privateEd25519[] = {
- 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- static const byte badPrivateEd25519[] = {
- 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0xa1,0x22,0x04,0x21,0xd7,0x5a,0x98,0x01, /* octet len 0x20 -> 0x21 */
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a,
- 0x00 /* add additional bytes to make the pubkey bigger */
- };
- static const byte publicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a
- };
- /* size has been altered to catch if sanity check is done */
- static const byte badPublicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a,
- 0x00 /* add an additional byte to make the pubkey appear bigger */
- };
- static const byte privPubEd25519[] = {
- 0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0x81,0x20,0xd7,0x5a,0x98,0x01,0x82,0xb1,
- 0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,
- 0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,
- 0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,
- 0x51,0x1a
- };
- word32 idx;
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
- ed25519_key key3;
- #endif
- WOLFSSL_ENTER("ed25519_test");
- /* create ed25519 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
- #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
- wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
- #endif
- #ifdef HAVE_ED25519_MAKE_KEY
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
- #endif
- /* helper functions for signature and key size */
- keySz = (word32)wc_ed25519_size(&key);
- sigSz = (word32)wc_ed25519_sig_size(&key);
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
- pKeySz[i], &key) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(out, sigs[i], 64))
- return WC_TEST_RET_ENC_I(i);
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) != 0 || verify != 1)
- return WC_TEST_RET_ENC_I(i);
- #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
- /* test verify on good msg using streaming interface directly */
- if (wc_ed25519_verify_msg_init(out, outlen,
- &key, (byte)Ed25519, NULL, 0) != 0)
- return WC_TEST_RET_ENC_I(i);
- for (j = 0; j < msgSz[i]; j += i) {
- if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- if (wc_ed25519_verify_msg_final(out, outlen, &verify,
- &key) != 0 || verify != 1)
- return WC_TEST_RET_ENC_I(i);
- #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
- /* test verify on bad msg */
- out[outlen-1] = out[outlen-1] + 1;
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) == 0 || verify == 1)
- return WC_TEST_RET_ENC_I(i);
- #endif /* HAVE_ED25519_VERIFY */
- /* test api for import/exporting keys */
- exportPSz = sizeof(exportPKey);
- exportSSz = sizeof(exportSKey);
- if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, &key2) != 0)
- return WC_TEST_RET_ENC_I(i);
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
- return WC_TEST_RET_ENC_I(i);
- #if defined(HAVE_ED25519_VERIFY)
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key2) != 0 || verify != 1)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(out, sigs[i], 64))
- return WC_TEST_RET_ENC_I(i);
- #endif /* HAVE_ED25519_VERIFY */
- }
- {
- /* Run tests for some rare code paths */
- /* sig is exactly equal to the order */
- static const byte rareEd1[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
- };
- /* sig is larger than the order before we get to the low part */
- static const byte rareEd2[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10
- };
- /* sig is larger than the order in the low part */
- static const byte rareEd3[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf9, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
- };
- /* sig is smaller than the order */
- static const byte rareEd4[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf1, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
- };
- ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE,
- pKeys[0], pKeySz[0], &key);
- if (ret != 0)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != BAD_FUNC_ARG)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != BAD_FUNC_ARG)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != BAD_FUNC_ARG)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != SIG_VERIFY_E)
- return ret;
- }
- ret = ed25519ctx_test();
- if (ret != 0)
- return ret;
- ret = ed25519ph_test();
- if (ret != 0)
- return ret;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
- sizeof(privateEd25519));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
- sizeof(badPrivateEd25519)) == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* try with a buffer size that is too large */
- idx = 0;
- if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
- sizeof(badPublicEd25519)) == 0)
- return WC_TEST_RET_ENC_NC;
- idx = 0;
- ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
- sizeof(publicEd25519));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigs[0], 64))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3);
- if (ret != 0 || verify != 1)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* HAVE_ED25519_VERIFY */
- wc_ed25519_free(&key3);
- wc_ed25519_init(&key3);
- idx = 0;
- ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
- sizeof(privPubEd25519));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigs[0], 64))
- return WC_TEST_RET_ENC_NC;
- wc_ed25519_free(&key3);
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- /* clean up keys when done */
- wc_ed25519_free(&key);
- wc_ed25519_free(&key2);
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- ret = ed25519_test_check_key();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed25519_test_cert();
- if (ret < 0)
- return ret;
- #if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
- ret = ed25519_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_CURVE448
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* Test the wc_curve448_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static wc_test_ret_t curve448_check_public_test(void)
- {
- /* Little-endian values that will fail */
- byte fail_le[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE448_KEY_SIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- wc_test_ret_t ret;
- /* Parameter checks */
- /* NULL pointer */
- ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Length of 0 treated differently to other invalid lengths for TLS */
- ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Length not CURVE448_KEY_SIZE */
- for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
- if (i == CURVE448_KEY_SIZE)
- continue;
- if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
- EC448_BIG_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Check a valid public value works! */
- ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE, EC448_BIG_ENDIAN);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
- {
- WC_RNG rng;
- wc_test_ret_t ret;
- #ifdef HAVE_CURVE448_SHARED_SECRET
- byte sharedA[CURVE448_KEY_SIZE];
- byte sharedB[CURVE448_KEY_SIZE];
- word32 y;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- byte exportBuf[CURVE448_KEY_SIZE];
- #endif
- word32 x = 0;
- curve448_key userA, userB, pubKey;
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test vectors from
- https://www.rfc-editor.org/rfc/rfc7748.html
- */
- /* secret key for party a */
- byte sa[] = {
- 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
- 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
- 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
- 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
- 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
- 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
- 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
- };
- /* public key for party a */
- byte pa[] = {
- 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
- 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
- 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
- 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
- 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
- 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
- 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
- };
- /* secret key for party b */
- byte sb[] = {
- 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
- 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
- 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
- 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
- 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
- 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
- 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
- };
- /* public key for party b */
- byte pb[] = {
- 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
- 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
- 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
- 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
- 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
- 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
- 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
- };
- /* expected shared key */
- byte ss[] = {
- 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
- 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
- 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
- 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
- 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
- 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
- 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
- };
- #endif /* HAVE_CURVE448_SHARED_SECRET */
- (void)x;
- WOLFSSL_ENTER("curve448_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_curve448_init(&userA);
- wc_curve448_init(&userB);
- wc_curve448_init(&pubKey);
- /* make curve448 keys */
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE448_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- ret = wc_curve448_export_public(&userA, exportBuf, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE448_KEY_IMPORT
- ret = wc_curve448_import_public(exportBuf, x, &pubKey);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(sharedA, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* import RFC test vectors and compare shared key */
- ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userA, &userB, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test with 1 generated key and 1 from known test vector */
- ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_make_key(&rng, 56, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- x = sizeof(sharedA);
- ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- ret = curve448_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- /* clean up keys when done */
- wc_curve448_free(&pubKey);
- wc_curve448_free(&userB);
- wc_curve448_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE448 */
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static wc_test_ret_t ed448_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED448_VERIFY
- ed448_key key;
- ed448_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- wc_test_ret_t ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
- bytes = sizeof_ca_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
- bytes = sizeof_server_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ED448_VERIFY
- ret = wc_ed448_init(&key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- pubKey = &key;
- ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey, NULL, 0);
- if (ret < 0 || verify != 1) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif /* HAVE_ED448_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED448_VERIFY
- wc_ed448_free(pubKey);
- #endif /* HAVE_ED448_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static wc_test_ret_t ed448_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed448_key key;
- ed448_key* privKey = NULL;
- wc_test_ret_t ret = 0;
- byte* tmp = NULL;
- wc_InitCert_ex(&cert, HEAP_HINT, devId);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_ed448_init(&key);
- privKey = &key;
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- cert.sigType = CTC_ED448;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
- privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed448_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED448_KEY_IMPORT)
- static wc_test_ret_t ed448_test_check_key(void)
- {
- /* Fails to find x-ordinate from this y-ordinate. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
- 0x40,
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00
- };
- /* Y-ordinate value larger than prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
- 0x40,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff
- };
- /* Y-ordinate value equal to prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
- 0x40,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff
- };
- /* Y-ordinate value equal to prime - 1. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
- 0x40,
- 0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff
- };
- ed448_key key;
- int ret;
- int res = 0;
- /* Initialize key for use. */
- ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Load bad public key only and perform checks. */
- ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load good public key only and perform checks. */
- ret = wc_ed448_import_public(key_y_is_p_minus_1, ED448_PUB_KEY_SIZE + 1,
- &key);
- if (ret != 0) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- /* Dispose of key. */
- wc_ed448_free(&key);
- return res;
- }
- #endif
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- static wc_test_ret_t ed448_ctx_test(void)
- {
- wc_test_ret_t ret;
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
- 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
- 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
- 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
- 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
- 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
- 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
- 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
- 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
- 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
- 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
- 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
- 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
- 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
- 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
- 0x3c, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
- contextCtx, sizeof(contextCtx));
- if (ret != 0 || verify != 1)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- static wc_test_ret_t ed448ph_test(void)
- {
- wc_test_ret_t ret;
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
- 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
- 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
- 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
- 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
- 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
- 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
- 0x49
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
- 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
- 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
- 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
- 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
- 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
- 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
- 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
- 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
- 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
- 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
- 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
- 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
- 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
- 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
- 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
- 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
- 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
- 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
- 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
- 0x0f, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
- 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
- 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
- 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
- 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
- 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
- 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
- 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
- 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
- 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
- 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
- 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
- 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
- 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
- 0x21, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
- 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
- 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
- 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
- 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
- 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
- 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
- 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
- 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- NULL, 0);
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- contextPh2, sizeof(contextPh2));
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
- 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, NULL, 0);
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- byte out[ED448_SIG_SIZE];
- int i;
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- #ifdef WOLFSSL_ED448_STREAMING_VERIFY
- int j;
- #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- word32 keySz, sigSz;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ed448_key *key = NULL;
- ed448_key *key2 = NULL;
- #else
- ed448_key key[1];
- ed448_key key2[1];
- #endif
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/rfc8032
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
- 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
- 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
- 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
- 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
- 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
- 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
- 0x1b
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
- 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
- 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
- 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
- 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
- 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
- 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
- 0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
- 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
- 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
- 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
- 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
- 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
- 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
- 0x80
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
- 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
- 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
- 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
- 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
- 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
- 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
- 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
- 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
- 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
- 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
- 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
- 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
- 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
- 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
- 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
- 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
- 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
- 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
- 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
- 0x3a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
- 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
- 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
- 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
- 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
- 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
- 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
- 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
- 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
- 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
- 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
- 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
- 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
- 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
- 0x3c, 0x00
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
- 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
- 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
- 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
- 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
- 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
- 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
- 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
- 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
- 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
- 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
- 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
- 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
- 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
- 0x1a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- #define SIGSZ sizeof(sig1)
- PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { 0 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
- 0x66, 0x81, 0x1e, 0x29, 0x15 };
- /* test of a 1023 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
- 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
- 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
- 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
- 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
- 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
- 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
- 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
- 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
- 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
- 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
- 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
- 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
- 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
- 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
- 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
- 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
- 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
- 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
- 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
- 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
- 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
- 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
- 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
- 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
- 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
- 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
- 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
- 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
- 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
- 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
- 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
- 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
- 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
- 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
- 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
- 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
- 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
- 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
- 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
- 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
- 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
- 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
- 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
- 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
- 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
- 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
- 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
- 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
- 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
- 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
- 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
- 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
- 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
- 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
- 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
- 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
- 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
- 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
- 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
- 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
- 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
- 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
- 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
- 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
- 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
- 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
- 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
- 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
- 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
- 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
- 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
- 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
- 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
- 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
- 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
- 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
- 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
- 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
- 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
- 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
- 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
- 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
- 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
- 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
- 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
- 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
- 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
- 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
- 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
- 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
- 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
- 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
- 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
- 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
- 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
- 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
- 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
- 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
- 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
- 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
- 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
- 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
- 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
- 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
- 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
- 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
- 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
- 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
- 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
- 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
- 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
- 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
- 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
- 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
- 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
- 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
- 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
- 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
- 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
- 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
- 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
- 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
- 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
- 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
- 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
- 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
- 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static const byte privateEd448[] = {
- 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
- 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- static const byte publicEd448[] = {
- 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
- 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
- 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
- 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
- 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
- 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
- 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
- 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
- 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- static const byte privPubEd448[] = {
- 0x30, 0x81, 0x82, 0x02, 0x01, 0x00, 0x30, 0x05,
- 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
- 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
- 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
- 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
- 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
- 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
- 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
- 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
- 0xf9, 0x5b, 0x81, 0x39, 0x5f, 0xd7, 0x44, 0x9b,
- 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
- 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
- 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
- 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
- 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
- 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
- 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- word32 idx;
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ed448_key *key3 = NULL;
- #else
- ed448_key key3[1];
- #endif
- #endif
- WOLFSSL_ENTER("ed448_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- key2 = (ed448_key *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- key3 = (ed448_key *)XMALLOC(sizeof(*key3), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- /* create ed448 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- XMEMSET(&rng, 0, sizeof(rng));
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_ed448_init(key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_init(key2);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- ret = wc_ed448_init(key3);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key2);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* helper functions for signature and key size */
- keySz = (word32)wc_ed448_size(key);
- sigSz = (word32)wc_ed448_sig_size(key);
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
- pKeySz[i], key) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key, NULL,
- 0) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(out, sigs[i], 114))
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
- NULL, 0) != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #ifdef WOLFSSL_ED448_STREAMING_VERIFY
- /* test verify on good msg using streaming interface directly */
- if (wc_ed448_verify_msg_init(out, outlen,
- key, (byte)Ed448, NULL, 0) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- for (j = 0; j < msgSz[i]; j += i) {
- if (wc_ed448_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (wc_ed448_verify_msg_final(out, outlen, &verify,
- key) != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
- /* test verify on bad msg */
- out[outlen-2] = out[outlen-2] + 1;
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
- NULL, 0) == 0 || verify == 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #endif /* HAVE_ED448_VERIFY */
- /* test api for import/exporting keys */
- {
- byte *exportPKey = NULL;
- byte *exportSKey = NULL;
- word32 exportPSz = ED448_KEY_SIZE;
- word32 exportSSz = ED448_KEY_SIZE;
- exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((exportPKey == NULL) || (exportSKey == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = 0;
- do {
- if (wc_ed448_export_public(key, exportPKey, &exportPSz) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- if (wc_ed448_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- if (wc_ed448_export_private_only(key, exportSKey, &exportSSz) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- if (wc_ed448_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, key2) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key2, NULL,
- 0) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- } while(0);
- XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (ret != 0)
- goto out;
- }
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2,
- NULL, 0) != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(out, sigs[i], SIGSZ))
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #endif /* HAVE_ED448_VERIFY */
- }
- ret = ed448_ctx_test();
- if (ret != 0)
- goto out;
- ret = ed448ph_test();
- if (ret != 0)
- goto out;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- ret = wc_Ed448PrivateKeyDecode(privateEd448, &idx, key3,
- sizeof(privateEd448));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- idx = 0;
- ret = wc_Ed448PublicKeyDecode(publicEd448, &idx, key3, sizeof(publicEd448));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(out, sigs[0], SIGSZ))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3,
- NULL, 0);
- if (ret != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_ED448_VERIFY */
- wc_ed448_free(key3);
- ret = wc_ed448_init(key3);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- idx = 0;
- ret = wc_Ed448PrivateKeyDecode(privPubEd448, &idx, key3,
- sizeof(privPubEd448));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(out, sigs[0], SIGSZ))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- wc_ed448_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_ed448_free(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- if (key3) {
- wc_ed448_free(key3);
- XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else
- wc_ed448_free(key);
- wc_ed448_free(key2);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- wc_ed448_free(key3);
- #endif
- #endif
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- if (ret < 0)
- return ret;
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- ret = ed448_test_check_key();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed448_test_cert();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_CERT_GEN
- ret = ed448_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED448 */
- #ifdef WOLFSSL_HAVE_KYBER
- #ifdef WOLFSSL_WC_KYBER /* OQS and PQM4 do not support KATs */
- #ifdef WOLFSSL_KYBER512
- static wc_test_ret_t kyber512_kat(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER512_PRIVATE_KEY_SIZE];
- byte pub[KYBER512_PUBLIC_KEY_SIZE];
- byte ct[KYBER512_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = {
- 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
- 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
- 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
- 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512enc_rand[] = {
- 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
- 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
- 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
- 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
- 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
- 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
- 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
- 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
- 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
- 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
- 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
- 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
- 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
- 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
- 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
- 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
- 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
- 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
- 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
- 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
- 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
- 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
- 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
- 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
- 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
- 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
- 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
- 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
- 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
- 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
- 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
- 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
- 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
- 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
- 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
- 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
- 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
- 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
- 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
- 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
- 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
- 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
- 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
- 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
- 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
- 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
- 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
- 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
- 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
- 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
- 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
- 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
- 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
- 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
- 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
- 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
- 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
- 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
- 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
- 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
- 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
- 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
- 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
- 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
- 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
- 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
- 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
- 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
- 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
- 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
- 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
- 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
- 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
- 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
- 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
- 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
- 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
- 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
- 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
- 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
- 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
- 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
- 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
- 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
- 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
- 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
- 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
- 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
- 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
- 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
- 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
- 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
- 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
- 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
- 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
- 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
- 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
- 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
- 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
- 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
- 0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
- 0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
- 0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33,
- 0x7E, 0xD7, 0x40, 0x46, 0xDC, 0xC7, 0x1B, 0xA0,
- 0x3F, 0x30, 0x96, 0x01, 0x03, 0x16, 0x1F, 0x7D,
- 0xEB, 0x53, 0xA7, 0x1B, 0x11, 0x61, 0x72, 0x63,
- 0xFE, 0x2A, 0x80, 0x97, 0x69, 0xCE, 0x6D, 0x70,
- 0xA8, 0x5F, 0xE6, 0x00, 0xEC, 0xE2, 0x9D, 0x7F,
- 0x36, 0xA1, 0x6D, 0x33, 0x1B, 0x8B, 0x2A, 0x9E,
- 0x1D, 0xB8, 0xC0, 0x90, 0x74, 0x2D, 0xF0, 0x73,
- 0x9F, 0xF0, 0x60, 0xCE, 0xB4, 0xEC, 0xC5, 0xAB,
- 0x1C, 0x5E, 0x55, 0xAC, 0x97, 0xBB, 0x66, 0xA7,
- 0xF8, 0x95, 0x10, 0x5D, 0x57, 0x78, 0x2B, 0x22,
- 0x95, 0x38, 0xE3, 0x42, 0x15, 0x44, 0xA3, 0x42,
- 0x14, 0x08, 0xDB, 0xF4, 0x49, 0x10, 0x93, 0x4C,
- 0xC4, 0x23, 0x77, 0x4F, 0x16, 0x76, 0xFF, 0x1C,
- 0x30, 0x6F, 0x97, 0x55, 0x5F, 0x57, 0xB4, 0xAE,
- 0xD7, 0xA6, 0xBA, 0xB9, 0x50, 0xA8, 0x16, 0x3C,
- 0x8D, 0x31, 0x8D, 0xEA, 0x62, 0x75, 0x1B, 0xD6,
- 0xAB, 0xC5, 0x06, 0x9C, 0x06, 0xC8, 0x8F, 0x33,
- 0x00, 0x26, 0xA1, 0x98, 0x06, 0xA0, 0x3B, 0x97,
- 0xA7, 0x69, 0x6B, 0x56, 0xDA, 0x21, 0x82, 0x7B,
- 0xB4, 0xE8, 0xDC, 0x03, 0x11, 0x52, 0xB4, 0x1B,
- 0x89, 0x2A, 0x9E, 0x99, 0xAD, 0xF6, 0xE1, 0x96,
- 0x3E, 0x96, 0x57, 0x88, 0x28, 0x15, 0x4F, 0x46,
- 0x70, 0x33, 0x84, 0x69, 0x20, 0xFB, 0xB4, 0xB8,
- 0x05, 0x44, 0xE7, 0xE8, 0xA8, 0x1A, 0xE9, 0x63,
- 0xCF, 0x36, 0x8C, 0x9B, 0xA0, 0x37, 0xA8, 0xC2,
- 0xAD, 0x62, 0xE3, 0x2B, 0x6E, 0x61, 0xC9, 0x1D,
- 0x75, 0xCE, 0x00, 0x5A, 0xB3, 0x0F, 0x80, 0x99,
- 0xA1, 0xF2, 0x9D, 0x7B, 0x63, 0x05, 0xB4, 0xDC,
- 0x06, 0xE2, 0x56, 0x80, 0xBB, 0x00, 0x99, 0x2F,
- 0x71, 0x7F, 0xE6, 0xC1, 0x15, 0xA8, 0x08, 0x42,
- 0x31, 0xCC, 0x79, 0xDD, 0x70, 0x0E, 0xA6, 0x91,
- 0x2A, 0xC7, 0xFA, 0x0D, 0x93, 0x7B, 0xB6, 0xA7,
- 0x56, 0x66, 0x22, 0x30, 0x47, 0x0C, 0x18, 0x9B,
- 0x5A, 0xA1, 0x65, 0x3D, 0xEB, 0x93, 0x7D, 0x5A,
- 0x9C, 0x25, 0xA2, 0x1D, 0x93, 0xB1, 0x90, 0x74,
- 0xFC, 0x23, 0x9D, 0x81, 0x53, 0x53, 0x97, 0x97,
- 0xC7, 0xD4, 0xAB, 0x62, 0x64, 0x9D, 0x76, 0xAA,
- 0x55, 0x37, 0x36, 0xA9, 0x49, 0x02, 0x2C, 0x22,
- 0xC5, 0x2B, 0xAE, 0xEC, 0x60, 0x5B, 0x32, 0xCE,
- 0x9E, 0x5B, 0x93, 0x84, 0x90, 0x35, 0x58, 0xCA,
- 0x9D, 0x6A, 0x3A, 0xBA, 0x90, 0x42, 0x3E, 0xED,
- 0xA0, 0x1C, 0x94, 0x19, 0x8B, 0x19, 0x2A, 0x8B,
- 0xA9, 0x06, 0x34, 0x97, 0xA0, 0xC5, 0x01, 0x33,
- 0x07, 0xDD, 0xD8, 0x63, 0x52, 0x64, 0x71, 0xA4,
- 0xD9, 0x95, 0x23, 0xEB, 0x41, 0x7F, 0x29, 0x1A,
- 0xAC, 0x0C, 0x3A, 0x58, 0x1B, 0x6D, 0xA0, 0x07,
- 0x32, 0xE5, 0xE8, 0x1B, 0x1F, 0x7C, 0x87, 0x9B,
- 0x16, 0x93, 0xC1, 0x3B, 0x6F, 0x9F, 0x79, 0x31,
- 0x62, 0x24, 0x29, 0xE5, 0x42, 0xAF, 0x40, 0x69,
- 0x22, 0x2F, 0x04, 0x55, 0x44, 0xE0, 0xCC, 0x4F,
- 0xB2, 0x4D, 0x44, 0x48, 0xCF, 0x2C, 0x65, 0x96,
- 0xF5, 0xCB, 0x08, 0x62, 0x4B, 0x11, 0x85, 0x01,
- 0x3B, 0x6B, 0x02, 0x08, 0x92, 0xF9, 0x6B, 0xDF,
- 0xD4, 0xAD, 0xA9, 0x17, 0x9D, 0xE7, 0x27, 0xB8,
- 0xD9, 0x42, 0x6E, 0x09, 0x96, 0xB5, 0xD3, 0x49,
- 0x48, 0xCE, 0x02, 0xD0, 0xC3, 0x69, 0xB3, 0x7C,
- 0xBB, 0x54, 0xD3, 0x47, 0x9E, 0xD8, 0xB5, 0x82,
- 0xE9, 0xE7, 0x28, 0x92, 0x9B, 0x4C, 0x71, 0xC9,
- 0xBE, 0x11, 0xD4, 0x5B, 0x20, 0xC4, 0xBD, 0xC3,
- 0xC7, 0x43, 0x13, 0x22, 0x3F, 0x58, 0x27, 0x4E,
- 0x8B, 0xA5, 0x24, 0x44, 0x47, 0xC4, 0x95, 0x95,
- 0x0B, 0x84, 0xCB, 0x0C, 0x3C, 0x27, 0x36, 0x40,
- 0x10, 0x8A, 0x33, 0x97, 0x94, 0x45, 0x73, 0x27,
- 0x93, 0x28, 0x99, 0x6C, 0xDC, 0x0C, 0x91, 0x3C,
- 0x95, 0x8A, 0xD6, 0x20, 0xBA, 0x8B, 0x5E, 0x5E,
- 0xCB, 0xBB, 0x7E, 0x13, 0xCB, 0x9C, 0x70, 0xBD,
- 0x5A, 0xB3, 0x0E, 0xB7, 0x48, 0x8C, 0x97, 0x00,
- 0x1C, 0x20, 0x49, 0x8F, 0x1D, 0x7C, 0xC0, 0x6D,
- 0xA7, 0x6B, 0xF5, 0x20, 0xC6, 0x58, 0xCC, 0xAD,
- 0xFA, 0x29, 0x56, 0x42, 0x45, 0x57, 0xAB, 0xEA,
- 0x8A, 0xB8, 0x92, 0x39, 0xC1, 0x78, 0x33, 0xDC,
- 0x3A, 0x49, 0xB3, 0x6A, 0x9A, 0xE9, 0xA4, 0x86,
- 0x94, 0x05, 0x40, 0xEB, 0x44, 0x4F, 0x97, 0x15,
- 0x23, 0x57, 0xE0, 0x20, 0x35, 0x93, 0x9D, 0x75,
- 0xA3, 0xC0, 0x25, 0xF4, 0x1A, 0x40, 0x08, 0x23,
- 0x82, 0xA0, 0x73, 0x3C, 0x39, 0xB0, 0x62, 0x2B,
- 0x74, 0x0E, 0x40, 0x75, 0x92, 0xC6, 0x2E, 0xCA,
- 0xEB, 0x14, 0x32, 0xC4, 0x45, 0xB3, 0x70, 0x3A,
- 0x86, 0xF6, 0x98, 0x1A, 0x27, 0x81, 0x57, 0xEA,
- 0x95, 0xA6, 0xE9, 0x2D, 0x55, 0xE4, 0xB9, 0x72,
- 0xF9, 0x36, 0xC2, 0xF0, 0xA6, 0x58, 0x28, 0x0E,
- 0xA2, 0xB0, 0x7A, 0x48, 0x99, 0x2D, 0xF8, 0x93,
- 0x7E, 0x0A, 0x2A, 0xC1, 0xDC, 0xC9, 0x74, 0xFE,
- 0x00, 0xAA, 0xE1, 0xF5, 0x61, 0xFA, 0x25, 0x8E,
- 0x2D, 0x25, 0x9C, 0x3E, 0x86, 0x1D, 0xCE, 0x23,
- 0x60, 0x39, 0x12, 0x76, 0x06, 0xFC, 0x1C, 0xE0,
- 0x09, 0x00, 0x3A, 0x7B, 0xAC, 0x94, 0x21, 0x01,
- 0xDC, 0xB8, 0x22, 0xB1, 0xF3, 0xC1, 0x2B, 0xF7,
- 0x32, 0x38, 0xF5, 0x46, 0xE0, 0x1C, 0x36, 0xB5,
- 0xA6, 0x93, 0x61, 0x92, 0x99, 0x5C, 0xC6, 0x9C,
- 0x63, 0x23, 0x74, 0x09, 0xCB, 0x53, 0xC2, 0xE3,
- 0x5D, 0x74, 0x89, 0x0D, 0x18, 0x88, 0x53, 0x76,
- 0xFA, 0x55, 0x03, 0xB1, 0x07, 0xA2, 0xA3, 0x92,
- 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
- 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
- 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
- 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
- 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
- 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
- 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
- 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
- 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
- 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
- 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
- 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
- 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
- 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
- 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
- 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
- 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
- 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
- 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
- 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
- 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
- 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
- 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
- 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
- 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
- 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
- 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
- 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
- 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
- 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
- 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
- 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
- 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
- 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
- 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
- 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
- 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
- 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
- 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
- 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
- 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
- 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
- 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
- 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
- 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
- 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
- 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
- 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
- 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
- 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
- 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
- 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
- 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
- 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
- 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
- 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
- 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
- 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
- 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
- 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
- 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
- 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
- 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
- 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
- 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
- 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
- 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
- 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
- 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
- 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
- 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
- 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
- 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
- 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
- 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
- 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
- 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
- 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
- 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
- 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
- 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
- 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
- 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
- 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
- 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
- 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
- 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
- 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
- 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
- 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
- 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
- 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
- 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
- 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
- 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
- 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
- 0x7F, 0xFA, 0xD1, 0xBC, 0x8A, 0xF7, 0x3B, 0x7E,
- 0x87, 0x49, 0x56, 0xB8, 0x1C, 0x2A, 0x2E, 0xF0,
- 0xBF, 0xAB, 0xE8, 0xDC, 0x93, 0xD7, 0x7B, 0x2F,
- 0xBC, 0x9E, 0x0C, 0x64, 0xEF, 0xA0, 0x1E, 0x84,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
- 0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
- 0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
- 0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
- 0x0A, 0x15, 0xC8, 0x86, 0xAD, 0x3E, 0xD4, 0x89,
- 0x46, 0x26, 0x99, 0xE4, 0xAB, 0xED, 0x44, 0x35,
- 0x0B, 0xC3, 0x75, 0x7E, 0x26, 0x96, 0xFB, 0xFB,
- 0x25, 0x34, 0x41, 0x2E, 0x8D, 0xD2, 0x01, 0xF1,
- 0xE4, 0x54, 0x0A, 0x39, 0x70, 0xB0, 0x55, 0xFE,
- 0x3B, 0x0B, 0xEC, 0x3A, 0x71, 0xF9, 0xE1, 0x15,
- 0xB3, 0xF9, 0xF3, 0x91, 0x02, 0x06, 0x5B, 0x1C,
- 0xCA, 0x83, 0x14, 0xDC, 0xC7, 0x95, 0xE3, 0xC0,
- 0xE8, 0xFA, 0x98, 0xEE, 0x83, 0xCA, 0x66, 0x28,
- 0x45, 0x70, 0x28, 0xA4, 0xD0, 0x9E, 0x83, 0x9E,
- 0x55, 0x48, 0x62, 0xCF, 0x0B, 0x7B, 0xF5, 0x6C,
- 0x5C, 0x0A, 0x82, 0x9E, 0x86, 0x57, 0x94, 0x79,
- 0x45, 0xFE, 0x9C, 0x22, 0x56, 0x4F, 0xBA, 0xEB,
- 0xC1, 0xB3, 0xAF, 0x35, 0x0D, 0x79, 0x55, 0x50,
- 0x8A, 0x26, 0xD8, 0xA8, 0xEB, 0x54, 0x7B, 0x8B,
- 0x1A, 0x2C, 0xF0, 0x3C, 0xCA, 0x1A, 0xAB, 0xCE,
- 0x6C, 0x34, 0x97, 0x78, 0x3B, 0x64, 0x65, 0xBA,
- 0x0B, 0x6E, 0x7A, 0xCB, 0xA8, 0x21, 0x19, 0x51,
- 0x24, 0xAE, 0xF0, 0x9E, 0x62, 0x83, 0x82, 0xA1,
- 0xF9, 0x14, 0x04, 0x3B, 0xE7, 0x09, 0x6E, 0x95,
- 0x2C, 0xBC, 0x4F, 0xB4, 0xAF, 0xED, 0x13, 0x60,
- 0x90, 0x46, 0x11, 0x7C, 0x01, 0x1F, 0xD7, 0x41,
- 0xEE, 0x28, 0x6C, 0x83, 0x77, 0x16, 0x90, 0xF0,
- 0xAE, 0xB5, 0x0D, 0xA0, 0xD7, 0x12, 0x85, 0xA1,
- 0x79, 0xB2, 0x15, 0xC6, 0x03, 0x6D, 0xEB, 0x78,
- 0x0F, 0x4D, 0x16, 0x76, 0x9F, 0x72, 0xDE, 0x16,
- 0xFD, 0xAD, 0xAC, 0x73, 0xBE, 0xFA, 0x5B, 0xEF,
- 0x89, 0x43, 0x19, 0x7F, 0x44, 0xC5, 0x95, 0x89,
- 0xDC, 0x9F, 0x49, 0x73, 0xDE, 0x14, 0x50, 0xBA,
- 0x1D, 0x0C, 0x32, 0x90, 0xD6, 0xB1, 0xD6, 0x83,
- 0xF2, 0x94, 0xE7, 0x59, 0xC9, 0x54, 0xAB, 0xE8,
- 0xA7, 0xDA, 0x5B, 0x10, 0x54, 0xFD, 0x6D, 0x21,
- 0x32, 0x9B, 0x8E, 0x73, 0xD3, 0x75, 0x6A, 0xFD,
- 0xA0, 0xDC, 0xB1, 0xFC, 0x8B, 0x15, 0x82, 0xD1,
- 0xF9, 0x0C, 0xF2, 0x75, 0xA1, 0x02, 0xAB, 0xC6,
- 0xAC, 0x69, 0x9D, 0xF0, 0xC5, 0x87, 0x0E, 0x50,
- 0xA1, 0xF9, 0x89, 0xE4, 0xE6, 0x24, 0x1B, 0x60,
- 0xAA, 0xA2, 0xEC, 0xF9, 0xE8, 0xE3, 0x3E, 0x0F,
- 0xFC, 0xF4, 0x0F, 0xE8, 0x31, 0xE8, 0xFD, 0xC2,
- 0xE8, 0x3B, 0x52, 0xCA, 0x7A, 0xB6, 0xD9, 0x3F,
- 0x14, 0x6D, 0x29, 0xDC, 0xA5, 0x3C, 0x7D, 0xA1,
- 0xDB, 0x4A, 0xC4, 0xF2, 0xDB, 0x39, 0xEA, 0x12,
- 0x0D, 0x90, 0xFA, 0x60, 0xF4, 0xD4, 0x37, 0xC6,
- 0xD0, 0x0E, 0xF4, 0x83, 0xBC, 0x94, 0xA3, 0x17,
- 0x5C, 0xDA, 0x16, 0x3F, 0xC1, 0xC2, 0x82, 0x8B,
- 0xE4, 0xDB, 0xD6, 0x43, 0x05, 0x07, 0xB5, 0x84,
- 0xBB, 0x51, 0x77, 0xE1, 0x71, 0xB8, 0xDD, 0xA9,
- 0xA4, 0x29, 0x3C, 0x32, 0x00, 0x29, 0x5C, 0x80,
- 0x3A, 0x86, 0x5D, 0x6D, 0x21, 0x66, 0xF6, 0x6B,
- 0xA5, 0x40, 0x1F, 0xB7, 0xA0, 0xE8, 0x53, 0x16,
- 0x86, 0x00, 0xA2, 0x94, 0x84, 0x37, 0xE0, 0x36,
- 0xE3, 0xBF, 0x19, 0xE1, 0x2F, 0xD3, 0xF2, 0xA2,
- 0xB8, 0xB3, 0x43, 0xF7, 0x84, 0x24, 0x8E, 0x8D,
- 0x68, 0x5E, 0xB0, 0xAF, 0xDE, 0x63, 0x15, 0x33,
- 0x87, 0x30, 0xE7, 0xA1, 0x00, 0x1C, 0x27, 0xD8,
- 0xD2, 0xA7, 0x6F, 0xA6, 0x9D, 0x15, 0x7B, 0xA1,
- 0xAC, 0x7A, 0xD5, 0x6D, 0xA5, 0xA8, 0xC7, 0x0F,
- 0xE4, 0xB5, 0xB8, 0xD7, 0x86, 0xDC, 0x6F, 0xC0,
- 0x56, 0x6B, 0xA8, 0xE1, 0xB8, 0x81, 0x63, 0x34,
- 0xD3, 0x2A, 0x3F, 0xB1, 0xCE, 0x7D, 0x4D, 0x5E,
- 0x4C, 0x33, 0x2A, 0xF7, 0xB0, 0x03, 0xD0, 0x91,
- 0x74, 0x1A, 0x3D, 0x5C, 0x96, 0x52, 0x92, 0x25,
- 0x5D, 0xFF, 0x8E, 0xD2, 0xBB, 0xF1, 0xF9, 0x11,
- 0x6B, 0xE5, 0x0C, 0x17, 0xB8, 0xE5, 0x48, 0x74,
- 0x8A, 0xD4, 0xB2, 0xE9, 0x57, 0xBB, 0xD1, 0x95,
- 0x34, 0x82, 0xA2, 0xE1, 0x71, 0x8C, 0xEC, 0x66,
- 0xCD, 0x2C, 0x81, 0xF5, 0x72, 0xD5, 0x52, 0xB7,
- 0x18, 0x78, 0x85, 0xE6, 0xB8, 0x94, 0x3D, 0x64,
- 0x31, 0x41, 0x3C, 0x59, 0xEB, 0xB7, 0xE0, 0x36,
- 0x04, 0x84, 0x90, 0xBE, 0x52, 0x89, 0xE9, 0x5B,
- 0x20, 0xA8, 0x9E, 0x8B, 0x15, 0x9F, 0x61, 0xA9,
- 0xA9, 0x88, 0x6E, 0x14, 0x75, 0x68, 0xF4, 0xC9,
- 0x02, 0x1F, 0x36, 0x2F, 0x02, 0x68, 0x8A, 0x1C,
- 0x8C, 0x3B, 0xB0, 0xD2, 0x40, 0x86, 0x88, 0x0E,
- 0x55, 0xB6, 0xED, 0xB4, 0x3F, 0x37, 0x45, 0xD2,
- 0xC1, 0x66, 0xDC, 0x1C, 0xB7, 0x43, 0xC7, 0x6F,
- 0xE6, 0xBE, 0x52, 0x3A, 0x89, 0x3C, 0xC7, 0x64,
- 0xD1, 0x64, 0x35, 0xC3, 0x78, 0x51, 0x25, 0x2A,
- 0x81, 0xE2, 0xFF, 0xBA, 0x0F, 0x18, 0x97, 0x1A,
- 0x3D, 0xEE, 0x37, 0xD4, 0x87, 0x7C, 0xB9, 0x28,
- 0xE3, 0x6E, 0x52, 0x35, 0x03, 0x7A, 0x6B, 0x20,
- 0x57, 0x89, 0x7D, 0x51, 0x8A, 0x5F, 0x0E, 0x34,
- 0x8E, 0x3A, 0xB6, 0xD5, 0xB5, 0x2D, 0xFC, 0x60,
- 0x75, 0x7F, 0x3B, 0x41, 0xA4, 0xFE, 0xC7, 0x82,
- 0x8F, 0x1D, 0xEE, 0xAF, 0x45, 0x87, 0xCC, 0xC8,
- 0xEA, 0xDF, 0x64, 0x7F, 0x4D, 0x20, 0x3B, 0x2F,
- 0xAA, 0x05, 0xA6, 0x49, 0xB5, 0x82, 0x34, 0x0C,
- 0xB4, 0xCA, 0xCE, 0x57, 0xA3, 0x07, 0x11, 0xBE,
- 0x75, 0x2F, 0xAC, 0xF0, 0x22, 0x7D, 0x0A, 0x80,
- 0xC4, 0x12, 0x84, 0x42, 0xDD, 0xC5, 0x44, 0xBE,
- 0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23,
- 0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
- 0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
- 0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
- 0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
- 0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
- 0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER512_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER512_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER512_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
- sizeof(kyber512_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER512_PUBLIC_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER512_PRIVATE_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pub, kyber512_pk, sizeof(kyber512_pk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
- sizeof(kyber512enc_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ct, kyber512_ct, sizeof(kyber512_ct)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber512_ct));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_KYBER512 */
- #ifdef WOLFSSL_KYBER768
- static wc_test_ret_t kyber768_kat(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER768_PRIVATE_KEY_SIZE];
- byte pub[KYBER768_PUBLIC_KEY_SIZE];
- byte ct[KYBER768_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = {
- 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
- 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
- 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
- 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768enc_rand[] = {
- 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
- 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
- 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
- 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
- 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
- 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
- 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
- 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
- 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
- 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
- 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
- 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
- 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
- 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
- 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
- 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
- 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
- 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
- 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
- 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
- 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
- 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
- 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
- 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
- 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
- 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
- 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
- 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
- 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
- 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
- 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
- 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
- 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
- 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
- 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
- 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
- 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
- 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
- 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
- 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
- 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
- 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
- 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
- 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
- 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
- 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
- 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
- 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
- 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
- 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
- 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
- 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
- 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
- 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
- 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
- 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
- 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
- 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
- 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
- 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
- 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
- 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
- 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
- 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
- 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
- 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
- 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
- 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
- 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
- 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
- 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
- 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
- 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
- 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
- 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
- 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
- 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
- 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
- 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
- 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
- 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
- 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
- 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
- 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
- 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
- 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
- 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
- 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
- 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
- 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
- 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
- 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
- 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
- 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
- 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
- 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
- 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
- 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
- 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
- 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
- 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
- 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
- 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
- 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
- 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
- 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
- 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
- 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
- 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
- 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
- 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
- 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
- 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
- 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
- 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
- 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
- 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
- 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
- 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
- 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
- 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
- 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
- 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
- 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
- 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
- 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
- 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
- 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
- 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
- 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
- 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
- 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
- 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
- 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
- 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
- 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
- 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
- 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
- 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
- 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
- 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
- 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
- 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
- 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
- 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
- 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
- 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
- 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
- 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
- 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
- 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
- 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
- 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
- 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
- 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
- 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
- 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
- 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
- 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
- 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
- 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
- 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
- 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
- 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
- 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
- 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
- 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
- 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
- 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
- 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
- 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
- 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
- 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
- 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
- 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
- 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
- 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
- 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
- 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
- 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
- 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
- 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
- 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
- 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
- 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
- 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
- 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
- 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
- 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
- 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
- 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
- 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
- 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
- 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
- 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
- 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
- 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
- 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
- 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
- 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
- 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
- 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
- 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
- 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
- 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
- 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
- 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
- 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
- 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
- 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
- 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
- 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
- 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
- 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
- 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
- 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
- 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
- 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
- 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
- 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
- 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
- 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
- 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
- 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
- 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
- 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
- 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
- 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
- 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
- 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
- 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
- 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
- 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
- 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
- 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
- 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
- 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
- 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
- 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
- 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
- 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
- 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
- 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
- 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
- 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
- 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
- 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
- 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
- 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
- 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
- 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
- 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
- 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
- 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
- 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
- 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
- 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
- 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
- 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
- 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
- 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
- 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
- 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
- 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
- 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
- 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
- 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
- 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
- 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
- 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
- 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
- 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
- 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
- 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
- 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
- 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
- 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
- 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
- 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
- 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
- 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
- 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
- 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
- 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
- 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
- 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
- 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
- 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
- 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
- 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
- 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
- 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
- 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
- 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
- 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
- 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
- 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
- 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
- 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
- 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
- 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
- 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
- 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
- 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
- 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
- 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
- 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
- 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
- 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
- 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
- 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
- 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
- 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
- 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
- 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
- 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
- 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
- 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
- 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
- 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
- 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
- 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
- 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
- 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
- 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
- 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
- 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
- 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
- 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
- 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
- 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
- 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
- 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
- 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
- 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
- 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
- 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
- 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
- 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
- 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
- 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
- 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
- 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
- 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
- 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
- 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
- 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
- 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
- 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
- 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
- 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
- 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
- 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
- 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
- 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
- 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
- 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
- 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
- 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
- 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
- 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
- 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
- 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
- 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
- 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
- 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
- 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
- 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
- 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
- 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
- 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
- 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
- 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
- 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
- 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
- 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
- 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
- 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
- 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
- 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
- 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
- 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
- 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
- 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
- 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
- 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
- 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
- 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
- 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
- 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
- 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
- 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
- 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
- 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
- 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
- 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
- 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
- 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
- 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
- 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
- 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
- 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
- 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
- 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
- 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
- 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
- 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
- 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
- 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
- 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
- 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
- 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
- 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
- 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
- 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
- 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
- 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
- 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
- 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
- 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
- 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
- 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
- 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
- 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
- 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
- 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
- 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
- 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
- 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
- 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
- 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
- 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
- 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
- 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
- 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
- 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
- 0xD4, 0xEC, 0x14, 0x3B, 0x50, 0xF0, 0x14, 0x23,
- 0xB1, 0x77, 0x89, 0x5E, 0xDE, 0xE2, 0x2B, 0xB7,
- 0x39, 0xF6, 0x47, 0xEC, 0xF8, 0x5F, 0x50, 0xBC,
- 0x25, 0xEF, 0x7B, 0x5A, 0x72, 0x5D, 0xEE, 0x86,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
- 0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
- 0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
- 0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
- 0x5B, 0x67, 0xCA, 0x15, 0xDB, 0x69, 0x4C, 0x9F,
- 0x11, 0xBD, 0x02, 0x7C, 0x30, 0xAE, 0x22, 0xEC,
- 0x92, 0x1A, 0x1D, 0x91, 0x15, 0x99, 0xAF, 0x05,
- 0x85, 0xE4, 0x8D, 0x20, 0xDA, 0x70, 0xDF, 0x9F,
- 0x39, 0xE3, 0x2E, 0xF9, 0x5D, 0x4C, 0x8F, 0x44,
- 0xBF, 0xEF, 0xDA, 0xA5, 0xDA, 0x64, 0xF1, 0x05,
- 0x46, 0x31, 0xD0, 0x4D, 0x6D, 0x3C, 0xFD, 0x0A,
- 0x54, 0x0D, 0xD7, 0xBA, 0x38, 0x86, 0xE4, 0xB5,
- 0xF1, 0x3E, 0x87, 0x87, 0x88, 0x60, 0x4C, 0x95,
- 0xC0, 0x96, 0xEA, 0xB3, 0x91, 0x9F, 0x42, 0x75,
- 0x21, 0x41, 0x9A, 0x94, 0x6C, 0x26, 0xCC, 0x04,
- 0x14, 0x75, 0xD7, 0x12, 0x4C, 0xDC, 0x01, 0xD0,
- 0x37, 0x3E, 0x5B, 0x09, 0xC7, 0xA7, 0x06, 0x03,
- 0xCF, 0xDB, 0x4F, 0xB3, 0x40, 0x50, 0x23, 0xF2,
- 0x26, 0x4D, 0xC3, 0xF9, 0x83, 0xC4, 0xFC, 0x02,
- 0xA2, 0xD1, 0xB2, 0x68, 0xF2, 0x20, 0x8A, 0x1F,
- 0x6E, 0x2A, 0x62, 0x09, 0xBF, 0xF1, 0x2F, 0x6F,
- 0x46, 0x5F, 0x0B, 0x06, 0x9C, 0x3A, 0x7F, 0x84,
- 0xF6, 0x06, 0xD8, 0xA9, 0x40, 0x64, 0x00, 0x3D,
- 0x6E, 0xC1, 0x14, 0xC8, 0xE8, 0x08, 0xD3, 0x05,
- 0x38, 0x84, 0xC1, 0xD5, 0xA1, 0x42, 0xFB, 0xF2,
- 0x01, 0x12, 0xEB, 0x36, 0x0F, 0xDA, 0x3F, 0x0F,
- 0x28, 0xB1, 0x72, 0xAE, 0x50, 0xF5, 0xE7, 0xD8,
- 0x38, 0x01, 0xFB, 0x3F, 0x00, 0x64, 0xB6, 0x87,
- 0x18, 0x70, 0x74, 0xBD, 0x7F, 0xE3, 0x0E, 0xDD,
- 0xAA, 0x33, 0x4C, 0xF8, 0xFC, 0x04, 0xFA, 0x8C,
- 0xED, 0x89, 0x9C, 0xEA, 0xDE, 0x4B, 0x4F, 0x28,
- 0xB6, 0x83, 0x72, 0xBA, 0xF9, 0x8F, 0xF4, 0x82,
- 0xA4, 0x15, 0xB7, 0x31, 0x15, 0x5B, 0x75, 0xCE,
- 0xB9, 0x76, 0xBE, 0x0E, 0xA0, 0x28, 0x5B, 0xA0,
- 0x1A, 0x27, 0xF1, 0x85, 0x7A, 0x8F, 0xB3, 0x77,
- 0xA3, 0xAE, 0x0C, 0x23, 0xB2, 0xAA, 0x9A, 0x07,
- 0x9B, 0xFA, 0xBF, 0xF0, 0xD5, 0xB2, 0xF1, 0xCD,
- 0x9B, 0x71, 0x8B, 0xEA, 0x03, 0xC4, 0x2F, 0x34,
- 0x3A, 0x39, 0xB4, 0xF1, 0x42, 0xD0, 0x1A, 0xD8,
- 0xAC, 0xBB, 0x50, 0xE3, 0x88, 0x53, 0xCF, 0x9A,
- 0x50, 0xC8, 0xB4, 0x4C, 0x3C, 0xF6, 0x71, 0xA4,
- 0xA9, 0x04, 0x3B, 0x26, 0xDD, 0xBB, 0x24, 0x95,
- 0x9A, 0xD6, 0x71, 0x5C, 0x08, 0x52, 0x18, 0x55,
- 0xC7, 0x9A, 0x23, 0xB9, 0xC3, 0xD6, 0x47, 0x17,
- 0x49, 0xC4, 0x07, 0x25, 0xBD, 0xD5, 0xC2, 0x77,
- 0x6D, 0x43, 0xAE, 0xD2, 0x02, 0x04, 0xBA, 0xA1,
- 0x41, 0xEF, 0xB3, 0x30, 0x49, 0x17, 0x47, 0x4B,
- 0x7F, 0x9F, 0x7A, 0x4B, 0x08, 0xB1, 0xA9, 0x3D,
- 0xAE, 0xD9, 0x8C, 0x67, 0x49, 0x53, 0x59, 0xD3,
- 0x7D, 0x67, 0xF7, 0x43, 0x8B, 0xEE, 0x5E, 0x43,
- 0x58, 0x56, 0x34, 0xB2, 0x6C, 0x6B, 0x38, 0x10,
- 0xD7, 0xCD, 0xCB, 0xC0, 0xF6, 0xEB, 0x87, 0x7A,
- 0x60, 0x87, 0xE6, 0x8A, 0xCB, 0x84, 0x80, 0xD3,
- 0xA8, 0xCF, 0x69, 0x00, 0x44, 0x7E, 0x49, 0xB4,
- 0x17, 0xF1, 0x5A, 0x53, 0xB6, 0x07, 0xA0, 0xE2,
- 0x16, 0xB8, 0x55, 0x97, 0x0D, 0x37, 0x40, 0x68,
- 0x70, 0xB4, 0x56, 0x87, 0x22, 0xDA, 0x77, 0xA4,
- 0x08, 0x47, 0x03, 0x81, 0x67, 0x84, 0xE2, 0xF1,
- 0x6B, 0xED, 0x18, 0x99, 0x65, 0x32, 0xC5, 0xD8,
- 0xB7, 0xF5, 0xD2, 0x14, 0x46, 0x4E, 0x5F, 0x3F,
- 0x6E, 0x90, 0x58, 0x67, 0xB0, 0xCE, 0x11, 0x9E,
- 0x25, 0x2A, 0x66, 0x71, 0x32, 0x53, 0x54, 0x46,
- 0x85, 0xD2, 0x08, 0xE1, 0x72, 0x39, 0x08, 0xA0,
- 0xCE, 0x97, 0x83, 0x46, 0x52, 0xE0, 0x8A, 0xE7,
- 0xBD, 0xC8, 0x81, 0xA1, 0x31, 0xB7, 0x3C, 0x71,
- 0xE8, 0x4D, 0x20, 0xD6, 0x8F, 0xDE, 0xFF, 0x4F,
- 0x5D, 0x70, 0xCD, 0x1A, 0xF5, 0x7B, 0x78, 0xE3,
- 0x49, 0x1A, 0x98, 0x65, 0x94, 0x23, 0x21, 0x80,
- 0x0A, 0x20, 0x3C, 0x05, 0xED, 0x1F, 0xEE, 0xB5,
- 0xA2, 0x8E, 0x58, 0x4E, 0x19, 0xF6, 0x53, 0x5E,
- 0x7F, 0x84, 0xE4, 0xA2, 0x4F, 0x84, 0xA7, 0x2D,
- 0xCA, 0xF5, 0x64, 0x8B, 0x4A, 0x42, 0x35, 0xDD,
- 0x66, 0x44, 0x64, 0x48, 0x2F, 0x03, 0x17, 0x6E,
- 0x88, 0x8C, 0x28, 0xBF, 0xC6, 0xC1, 0xCB, 0x23,
- 0x8C, 0xFF, 0xA3, 0x5A, 0x32, 0x1E, 0x71, 0x79,
- 0x1D, 0x9E, 0xA8, 0xED, 0x08, 0x78, 0xC6, 0x11,
- 0x21, 0xBF, 0x8D, 0x2A, 0x4A, 0xB2, 0xC1, 0xA5,
- 0xE1, 0x20, 0xBC, 0x40, 0xAB, 0xB1, 0x89, 0x2D,
- 0x17, 0x15, 0x09, 0x0A, 0x0E, 0xE4, 0x82, 0x52,
- 0xCA, 0x29, 0x7A, 0x99, 0xAA, 0x0E, 0x51, 0x0C,
- 0xF2, 0x6B, 0x1A, 0xDD, 0x06, 0xCA, 0x54, 0x3E,
- 0x1C, 0x5D, 0x6B, 0xDC, 0xD3, 0xB9, 0xC5, 0x85,
- 0xC8, 0x53, 0x80, 0x45, 0xDB, 0x5C, 0x25, 0x2E,
- 0xC3, 0xC8, 0xC3, 0xC9, 0x54, 0xD9, 0xBE, 0x59,
- 0x07, 0x09, 0x4A, 0x89, 0x4E, 0x60, 0xEA, 0xB4,
- 0x35, 0x38, 0xCF, 0xEE, 0x82, 0xE8, 0xFF, 0xC0,
- 0x79, 0x1B, 0x0D, 0x0F, 0x43, 0xAC, 0x16, 0x27,
- 0x83, 0x0A, 0x61, 0xD5, 0x6D, 0xAD, 0x96, 0xC6,
- 0x29, 0x58, 0xB0, 0xDE, 0x78, 0x0B, 0x78, 0xBD,
- 0x47, 0xA6, 0x04, 0x55, 0x0D, 0xAB, 0x83, 0xFF,
- 0xF2, 0x27, 0xC3, 0x24, 0x04, 0x94, 0x71, 0xF3,
- 0x52, 0x48, 0xCF, 0xB8, 0x49, 0xB2, 0x57, 0x24,
- 0xFF, 0x70, 0x4D, 0x52, 0x77, 0xAA, 0x35, 0x2D,
- 0x55, 0x09, 0x58, 0xBE, 0x3B, 0x23, 0x7D, 0xFF,
- 0x47, 0x3E, 0xC2, 0xAD, 0xBA, 0xEA, 0x48, 0xCA,
- 0x26, 0x58, 0xAE, 0xFC, 0xC7, 0x7B, 0xBD, 0x42,
- 0x64, 0xAB, 0x37, 0x4D, 0x70, 0xEA, 0xE5, 0xB9,
- 0x64, 0x41, 0x6C, 0xE8, 0x22, 0x6A, 0x7E, 0x32,
- 0x55, 0xA0, 0xF8, 0xD7, 0xE2, 0xAD, 0xCA, 0x06,
- 0x2B, 0xCD, 0x6D, 0x78, 0xD6, 0x0D, 0x1B, 0x32,
- 0xE1, 0x14, 0x05, 0xBE, 0x54, 0xB6, 0x6E, 0xF0,
- 0xFD, 0xDD, 0x56, 0x77, 0x02, 0xA3, 0xBC, 0xCF,
- 0xED, 0xE3, 0xC5, 0x84, 0x70, 0x12, 0x69, 0xED,
- 0x14, 0x80, 0x9F, 0x06, 0xF8, 0x96, 0x83, 0x56,
- 0xBB, 0x92, 0x67, 0xFE, 0x86, 0xE5, 0x14, 0x25,
- 0x2E, 0x88, 0xBB, 0x5C, 0x30, 0xA7, 0xEC, 0xB3,
- 0xD0, 0xE6, 0x21, 0x02, 0x1E, 0xE0, 0xFB, 0xF7,
- 0x87, 0x1B, 0x09, 0x34, 0x2B, 0xF8, 0x4F, 0x55,
- 0xC9, 0x7E, 0xAF, 0x86, 0xC4, 0x81, 0x89, 0xC7,
- 0xFF, 0x4D, 0xF3, 0x89, 0xF0, 0x77, 0xE2, 0x80,
- 0x6E, 0x5F, 0xA7, 0x3B, 0x3E, 0x94, 0x58, 0xA1,
- 0x6C, 0x7E, 0x27, 0x5F, 0x4F, 0x60, 0x22, 0x75,
- 0x58, 0x0E, 0xB7, 0xB7, 0x13, 0x5F, 0xB5, 0x37,
- 0xFA, 0x0C, 0xD9, 0x5D, 0x6E, 0xA5, 0x8C, 0x10,
- 0x8C, 0xD8, 0x94, 0x3D, 0x70, 0xC1, 0x64, 0x31,
- 0x11, 0xF4, 0xF0, 0x1C, 0xA8, 0xA8, 0x27, 0x6A,
- 0x90, 0x26, 0x66, 0xED, 0x81, 0xB7, 0x8D, 0x16,
- 0x8B, 0x00, 0x6F, 0x16, 0xAA, 0xA3, 0xD8, 0xE4,
- 0xCE, 0x4F, 0x4D, 0x0F, 0xB0, 0x99, 0x7E, 0x41,
- 0xAE, 0xFF, 0xB5, 0xB3, 0xDA, 0xA8, 0x38, 0x73,
- 0x2F, 0x35, 0x73, 0x49, 0x44, 0x7F, 0x38, 0x77,
- 0x76, 0xC7, 0x93, 0xC0, 0x47, 0x9D, 0xE9, 0xE9,
- 0x94, 0x98, 0xCC, 0x35, 0x6F, 0xDB, 0x00, 0x75,
- 0xA7, 0x03, 0xF2, 0x3C, 0x55, 0xD4, 0x7B, 0x55,
- 0x0E, 0xC8, 0x9B, 0x02, 0xAD, 0xE8, 0x93, 0x29,
- 0x08, 0x6A, 0x50, 0x84, 0x34, 0x56, 0xFE, 0xDC,
- 0x37, 0x88, 0xAC, 0x8D, 0x97, 0x23, 0x3C, 0x54,
- 0x56, 0x04, 0x67, 0xEE, 0x1D, 0x0F, 0x02, 0x4B,
- 0x18, 0x42, 0x8F, 0x0D, 0x73, 0xB3, 0x0E, 0x19,
- 0xF5, 0xC6, 0x3B, 0x9A, 0xBF, 0x11, 0x41, 0x5B,
- 0xEA, 0x4D, 0x01, 0x70, 0x13, 0x0B, 0xAA, 0xBD,
- 0x33, 0xC0, 0x5E, 0x65, 0x24, 0xE5, 0xFB, 0x55,
- 0x81, 0xB2, 0x2B, 0x04, 0x33, 0x34, 0x22, 0x48,
- 0x26, 0x6D, 0x0F, 0x10, 0x53, 0xB2, 0x45, 0xCC,
- 0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10,
- 0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
- 0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
- 0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
- 0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
- 0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
- 0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER768_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER768_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER768_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
- sizeof(kyber768_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER768_PUBLIC_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER768_PRIVATE_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pub, kyber768_pk, sizeof(kyber768_pk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
- sizeof(kyber768enc_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ct, kyber768_ct, sizeof(kyber768_ct)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber768_ct));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_KYBER768 */
- #ifdef WOLFSSL_KYBER1024
- static wc_test_ret_t kyber1024_kat(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER1024_PRIVATE_KEY_SIZE];
- byte pub[KYBER1024_PUBLIC_KEY_SIZE];
- byte ct[KYBER1024_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = {
- 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
- 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
- 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
- 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024enc_rand[] = {
- 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
- 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
- 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
- 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
- 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
- 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
- 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
- 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
- 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
- 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
- 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
- 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
- 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
- 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
- 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
- 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
- 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
- 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
- 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
- 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
- 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
- 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
- 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
- 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
- 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
- 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
- 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
- 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
- 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
- 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
- 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
- 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
- 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
- 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
- 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
- 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
- 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
- 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
- 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
- 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
- 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
- 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
- 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
- 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
- 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
- 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
- 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
- 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
- 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
- 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
- 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
- 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
- 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
- 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
- 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
- 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
- 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
- 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
- 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
- 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
- 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
- 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
- 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
- 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
- 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
- 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
- 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
- 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
- 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
- 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
- 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
- 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
- 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
- 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
- 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
- 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
- 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
- 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
- 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
- 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
- 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
- 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
- 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
- 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
- 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
- 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
- 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
- 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
- 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
- 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
- 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
- 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
- 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
- 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
- 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
- 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
- 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
- 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
- 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
- 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
- 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
- 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
- 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
- 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
- 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
- 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
- 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
- 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
- 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
- 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
- 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
- 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
- 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
- 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
- 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
- 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
- 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
- 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
- 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
- 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
- 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
- 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
- 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
- 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
- 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
- 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
- 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
- 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
- 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
- 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
- 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
- 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
- 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
- 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
- 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
- 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
- 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
- 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
- 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
- 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
- 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
- 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
- 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
- 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
- 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
- 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
- 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
- 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
- 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
- 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
- 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
- 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
- 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
- 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
- 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
- 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
- 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
- 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
- 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
- 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
- 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
- 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
- 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
- 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
- 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
- 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
- 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
- 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
- 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
- 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
- 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
- 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
- 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
- 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
- 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
- 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
- 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
- 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
- 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
- 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
- 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
- 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
- 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
- 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
- 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
- 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
- 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
- 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
- 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
- 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
- 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
- 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
- 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
- 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
- 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
- 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
- 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
- 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
- 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
- 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
- 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
- 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
- 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
- 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
- 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
- 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
- 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
- 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
- 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
- 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
- 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
- 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
- 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
- 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
- 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
- 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
- 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
- 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
- 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
- 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
- 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
- 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
- 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
- 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
- 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
- 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
- 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
- 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
- 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
- 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
- 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
- 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
- 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
- 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
- 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
- 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
- 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
- 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
- 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
- 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
- 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
- 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
- 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
- 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
- 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
- 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
- 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
- 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
- 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
- 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
- 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
- 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
- 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
- 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
- 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
- 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
- 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
- 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
- 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
- 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
- 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
- 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
- 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
- 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
- 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
- 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
- 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
- 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
- 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
- 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
- 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
- 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
- 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
- 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
- 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
- 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
- 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
- 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
- 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
- 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
- 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
- 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
- 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
- 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
- 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
- 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
- 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
- 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
- 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
- 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
- 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
- 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
- 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
- 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
- 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
- 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
- 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
- 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
- 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
- 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
- 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
- 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
- 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
- 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
- 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
- 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
- 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
- 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
- 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
- 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
- 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
- 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
- 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
- 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
- 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
- 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
- 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
- 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
- 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
- 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
- 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
- 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
- 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
- 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
- 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
- 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
- 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
- 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
- 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
- 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
- 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
- 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
- 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
- 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
- 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
- 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
- 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
- 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
- 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
- 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
- 0x85, 0xA4, 0xC1, 0xA1, 0xAB, 0x9B, 0x6A, 0xEB,
- 0x49, 0xCC, 0xE1, 0xC2, 0xF8, 0xA9, 0x7C, 0x35,
- 0x16, 0xC7, 0x2A, 0x00, 0xA4, 0x62, 0x63, 0xBA,
- 0xA6, 0x96, 0xBF, 0x25, 0x72, 0x77, 0x19, 0xC3,
- 0x21, 0x64, 0x23, 0x61, 0x8F, 0xF3, 0x33, 0x80,
- 0x93, 0x4A, 0x6C, 0x10, 0x54, 0x5C, 0x4C, 0x5C,
- 0x51, 0x55, 0xB1, 0x24, 0x86, 0x18, 0x1F, 0xC7,
- 0xA2, 0x31, 0x98, 0x73, 0x97, 0x8B, 0x6A, 0x2A,
- 0x67, 0x49, 0x0F, 0x82, 0x56, 0xBD, 0x21, 0x96,
- 0xFE, 0x17, 0x92, 0xA4, 0xC0, 0x00, 0x77, 0xB8,
- 0x12, 0xEA, 0xE8, 0xBE, 0xD3, 0x57, 0x24, 0x99,
- 0x68, 0x4A, 0xB3, 0x37, 0x18, 0x76, 0x76, 0x1E,
- 0x45, 0x0C, 0x9F, 0x9D, 0x27, 0x68, 0xA3, 0x68,
- 0x06, 0xD7, 0xAB, 0x20, 0x46, 0xC9, 0x1F, 0x17,
- 0x59, 0x9E, 0x9A, 0xC5, 0x92, 0x99, 0x08, 0x08,
- 0xDC, 0xD7, 0xB4, 0xD0, 0x91, 0x90, 0x72, 0xF1,
- 0x4E, 0xC3, 0x61, 0x77, 0x3B, 0x72, 0x52, 0x44,
- 0x4C, 0x32, 0x3C, 0x30, 0x83, 0x26, 0xF4, 0xA3,
- 0x0F, 0x86, 0x80, 0xD2, 0xF7, 0x48, 0xF5, 0x6A,
- 0x13, 0x2B, 0x82, 0x67, 0x4E, 0xD0, 0x18, 0x46,
- 0x20, 0xB8, 0x2A, 0xD2, 0xCB, 0x18, 0x2C, 0x97,
- 0xB4, 0x81, 0x62, 0x66, 0x47, 0x49, 0x12, 0x90,
- 0xA0, 0x11, 0xCC, 0x73, 0x82, 0x86, 0x85, 0xA8,
- 0xC3, 0x67, 0xA5, 0xB9, 0xCF, 0x8D, 0x62, 0x1B,
- 0x0D, 0x5C, 0x1E, 0xFF, 0x03, 0x17, 0x27, 0x58,
- 0xBD, 0x00, 0x49, 0x78, 0xC2, 0x51, 0xCD, 0x51,
- 0x34, 0x22, 0x28, 0x98, 0x9C, 0xAE, 0x63, 0x32,
- 0xAC, 0x48, 0x64, 0x37, 0xCB, 0x5C, 0x57, 0xD4,
- 0x30, 0x74, 0x62, 0x86, 0x52, 0x53, 0xBE, 0x21,
- 0x7B, 0x35, 0x15, 0xC7, 0x3D, 0xF4, 0x05, 0xB7,
- 0xF2, 0x82, 0x17, 0xAD, 0x0B, 0x8C, 0xF6, 0x0C,
- 0x2F, 0xFF, 0xAA, 0x0A, 0x00, 0x48, 0xB1, 0xFB,
- 0x4A, 0xCD, 0xCD, 0xC3, 0x8B, 0x52, 0x50, 0xCF,
- 0xEC, 0x35, 0x6A, 0x6D, 0xE2, 0x6C, 0xFA, 0x7A,
- 0x58, 0x8F, 0xDC, 0x86, 0xF9, 0x8C, 0x85, 0x4A,
- 0xC6, 0x4C, 0x7B, 0xFA, 0xA9, 0x6F, 0x5A, 0x32,
- 0xCC, 0x06, 0x10, 0x93, 0x4B, 0xAA, 0x6A, 0x58,
- 0x6B, 0x9A, 0x20, 0x54, 0xF1, 0x3B, 0xA2, 0x74,
- 0x17, 0x4A, 0xA0, 0xD2, 0xB3, 0xA8, 0x1B, 0x96,
- 0xA9, 0x40, 0x66, 0x6F, 0x78, 0x9B, 0x5A, 0x6B,
- 0xCD, 0xC0, 0xA6, 0xA0, 0x17, 0x8A, 0x0C, 0x9A,
- 0x02, 0x57, 0x8A, 0x49, 0x3F, 0x6E, 0xEA, 0x0D,
- 0x2E, 0x6C, 0x13, 0x95, 0x1C, 0x9F, 0x24, 0x9A,
- 0x5E, 0x8D, 0xD7, 0x1D, 0xD4, 0x9A, 0x74, 0x2D,
- 0x45, 0x1F, 0x1A, 0xBB, 0xA1, 0x9A, 0xF8, 0xC5,
- 0x47, 0x85, 0x5E, 0x0A, 0xFC, 0x72, 0x8E, 0x90,
- 0xAB, 0xB4, 0x99, 0xC9, 0xBE, 0xEB, 0x76, 0x6F,
- 0x47, 0x29, 0xCD, 0xA2, 0x22, 0x63, 0xE3, 0x24,
- 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
- 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
- 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
- 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
- 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
- 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
- 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
- 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
- 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
- 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
- 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
- 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
- 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
- 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
- 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
- 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
- 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
- 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
- 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
- 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
- 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
- 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
- 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
- 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
- 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
- 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
- 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
- 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
- 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
- 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
- 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
- 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
- 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
- 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
- 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
- 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
- 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
- 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
- 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
- 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
- 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
- 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
- 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
- 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
- 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
- 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
- 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
- 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
- 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
- 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
- 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
- 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
- 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
- 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
- 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
- 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
- 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
- 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
- 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
- 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
- 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
- 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
- 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
- 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
- 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
- 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
- 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
- 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
- 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
- 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
- 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
- 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
- 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
- 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
- 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
- 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
- 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
- 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
- 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
- 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
- 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
- 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
- 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
- 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
- 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
- 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
- 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
- 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
- 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
- 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
- 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
- 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
- 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
- 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
- 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
- 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
- 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
- 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
- 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
- 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
- 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
- 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
- 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
- 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
- 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
- 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
- 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
- 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
- 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
- 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
- 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
- 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
- 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
- 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
- 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
- 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
- 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
- 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
- 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
- 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
- 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
- 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
- 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
- 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
- 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
- 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
- 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
- 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
- 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
- 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
- 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
- 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
- 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
- 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
- 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
- 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
- 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
- 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
- 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
- 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
- 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
- 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
- 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
- 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
- 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
- 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
- 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
- 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
- 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
- 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
- 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
- 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
- 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
- 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
- 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
- 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
- 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
- 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
- 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
- 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
- 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
- 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
- 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
- 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
- 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
- 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
- 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
- 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
- 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
- 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
- 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
- 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
- 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
- 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
- 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
- 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
- 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
- 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
- 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
- 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
- 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
- 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
- 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
- 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
- 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
- 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
- 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
- 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
- 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
- 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
- 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
- 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
- 0x8A, 0x39, 0xE8, 0x7D, 0x53, 0x1F, 0x35, 0x27,
- 0xC2, 0x07, 0xED, 0xCC, 0x1D, 0xB7, 0xFA, 0xDD,
- 0xCF, 0x96, 0x28, 0x39, 0x18, 0x79, 0xB3, 0x35,
- 0xC7, 0x07, 0x83, 0x9A, 0x0D, 0xB0, 0x51, 0xA8,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
- 0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
- 0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
- 0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
- 0x45, 0x19, 0x79, 0xEB, 0xFA, 0x5E, 0x4E, 0x31,
- 0x12, 0xC7, 0xC0, 0xAD, 0xF9, 0x98, 0x24, 0xBB,
- 0x52, 0x6F, 0x2C, 0x35, 0x50, 0x74, 0x8E, 0xD0,
- 0xE1, 0x34, 0xF0, 0x45, 0x7A, 0x7C, 0x61, 0xF9,
- 0xF5, 0x26, 0xF0, 0x02, 0xBA, 0xAD, 0xC0, 0x3F,
- 0xC1, 0x3E, 0x38, 0x13, 0x12, 0x19, 0x51, 0x3C,
- 0x3E, 0xDE, 0x06, 0x16, 0x61, 0xE7, 0x4F, 0x60,
- 0x3C, 0x4F, 0xCF, 0x79, 0x51, 0xC8, 0xE5, 0x2C,
- 0x9C, 0x21, 0x3B, 0x0D, 0x22, 0xD9, 0x29, 0x36,
- 0x63, 0xD6, 0x69, 0xA6, 0xB5, 0x8E, 0xD8, 0xFC,
- 0xEF, 0xCF, 0x82, 0x49, 0xD7, 0xBB, 0x52, 0x98,
- 0xF5, 0x57, 0x61, 0x44, 0x5B, 0x2B, 0x83, 0xCE,
- 0x7F, 0x00, 0x5C, 0xB0, 0x42, 0x48, 0xAE, 0xC8,
- 0xBD, 0xA2, 0x2F, 0xD2, 0xD4, 0x2A, 0xA7, 0x66,
- 0x32, 0x20, 0x14, 0xEA, 0x03, 0x8C, 0xC3, 0x2C,
- 0x55, 0xC8, 0xE4, 0xB9, 0xE2, 0x8E, 0xC9, 0x11,
- 0x9F, 0x52, 0x73, 0x41, 0xE4, 0xF6, 0x6A, 0x03,
- 0x51, 0x21, 0x07, 0x3B, 0x85, 0xDE, 0x67, 0x06,
- 0xDA, 0x19, 0xE0, 0x83, 0x8A, 0x9F, 0x33, 0xB7,
- 0x19, 0xA6, 0x8F, 0x03, 0x9B, 0x66, 0x4D, 0xC0,
- 0x02, 0x65, 0x9E, 0xAB, 0xFC, 0x39, 0x86, 0x79,
- 0xAA, 0x70, 0x09, 0xCE, 0x0C, 0xD0, 0x1C, 0xDA,
- 0xFB, 0x6C, 0xD2, 0xA2, 0x6F, 0xE4, 0x10, 0x16,
- 0x72, 0xC9, 0x8F, 0xF5, 0x8F, 0x7C, 0x47, 0xD5,
- 0xBD, 0xA2, 0x90, 0x66, 0x53, 0xB3, 0xA6, 0xF9,
- 0x65, 0x1F, 0x7A, 0x12, 0x1E, 0xA7, 0x7E, 0xA7,
- 0x47, 0x23, 0xFA, 0xE5, 0xB8, 0x73, 0xF9, 0xBB,
- 0x7B, 0x66, 0x4F, 0x0C, 0x8A, 0x93, 0x83, 0x1E,
- 0xF9, 0xD5, 0x1C, 0x7C, 0xC1, 0xEF, 0x44, 0xAC,
- 0x0E, 0x55, 0xA5, 0x5C, 0xA7, 0x6D, 0x13, 0x7F,
- 0xE9, 0xB7, 0x5F, 0x40, 0x50, 0x9C, 0xEF, 0x15,
- 0x6E, 0x5A, 0xD1, 0x8F, 0x9F, 0xB9, 0x99, 0x68,
- 0x00, 0x08, 0xE5, 0x47, 0xD5, 0x5E, 0xEC, 0xD5,
- 0xB4, 0xD1, 0xCB, 0x1D, 0x9F, 0x07, 0x6C, 0xEC,
- 0x21, 0x50, 0x1C, 0x74, 0x02, 0x50, 0x9E, 0xCB,
- 0x77, 0xAF, 0xB2, 0xCB, 0x9A, 0x61, 0x34, 0x0A,
- 0x8B, 0xD1, 0x51, 0x4C, 0x6E, 0x71, 0xB4, 0xAA,
- 0x45, 0xE4, 0x7E, 0xC3, 0x75, 0x12, 0x27, 0x1B,
- 0x91, 0x1F, 0x8F, 0xB4, 0x6C, 0x90, 0x82, 0xC9,
- 0xDF, 0x07, 0x20, 0x4A, 0xBB, 0x5A, 0x50, 0xE6,
- 0xE3, 0x64, 0x7A, 0x8A, 0xD4, 0xD8, 0xD5, 0xD7,
- 0xBF, 0xF1, 0x9C, 0x8A, 0x50, 0x93, 0x08, 0xBC,
- 0xFB, 0x89, 0x55, 0x36, 0xD0, 0x45, 0xCA, 0x2B,
- 0x97, 0xCB, 0x16, 0xA2, 0x9B, 0xB7, 0x18, 0x1C,
- 0xAD, 0x05, 0x09, 0xDD, 0xB9, 0x17, 0x35, 0x02,
- 0x8E, 0xBA, 0x8C, 0x31, 0xD7, 0x4B, 0xD2, 0x75,
- 0xEA, 0xA6, 0x5B, 0x53, 0x40, 0xB3, 0xA4, 0x3F,
- 0xBF, 0xE0, 0xB3, 0x06, 0x1D, 0x6B, 0xAE, 0x7E,
- 0x75, 0xB7, 0x09, 0x8C, 0xDA, 0xBE, 0x91, 0xD4,
- 0xB3, 0x1E, 0x36, 0xC9, 0xAA, 0x7A, 0x82, 0x98,
- 0x86, 0x2A, 0xD6, 0x3C, 0x8F, 0xD2, 0x82, 0xE0,
- 0x3B, 0x46, 0x0B, 0x3A, 0xB4, 0x64, 0xCE, 0x0F,
- 0x27, 0xB1, 0xC3, 0xD1, 0x11, 0x55, 0xAC, 0xAA,
- 0x01, 0x1E, 0xB9, 0xE2, 0xAE, 0x3E, 0x6D, 0xDA,
- 0x07, 0xD6, 0xF4, 0x91, 0x73, 0x7C, 0xBC, 0xE9,
- 0xB0, 0x5F, 0x9B, 0xC5, 0x6B, 0xE2, 0x0E, 0x8D,
- 0x32, 0x6B, 0xA1, 0x32, 0xC5, 0x7F, 0xB2, 0x35,
- 0x16, 0x11, 0x44, 0x51, 0x9C, 0xDF, 0x40, 0x56,
- 0x0F, 0xBE, 0x27, 0x9B, 0xDE, 0x41, 0x1E, 0x11,
- 0x25, 0x31, 0xF8, 0x26, 0xD6, 0xAB, 0x10, 0xD4,
- 0x54, 0x73, 0x50, 0xAD, 0xD2, 0xA9, 0xDE, 0x8D,
- 0x62, 0xC2, 0xAC, 0x82, 0xCA, 0xBE, 0x68, 0x15,
- 0x64, 0x6F, 0x4D, 0xC9, 0x74, 0x2B, 0xB0, 0xC2,
- 0xA3, 0xF7, 0x7E, 0xC7, 0xB4, 0x6C, 0x6B, 0x53,
- 0x76, 0x05, 0xFA, 0x31, 0x79, 0x8C, 0xD8, 0x92,
- 0x81, 0x22, 0x1A, 0x33, 0xDF, 0xB9, 0x79, 0x6E,
- 0x64, 0x43, 0x05, 0x63, 0x03, 0x32, 0xC2, 0xCB,
- 0x93, 0x14, 0x08, 0xAB, 0x48, 0x1A, 0x16, 0xD9,
- 0x53, 0xF6, 0xBE, 0xAE, 0x38, 0x91, 0xD6, 0xD9,
- 0xAC, 0x1F, 0xAB, 0x38, 0x22, 0x2D, 0x92, 0x71,
- 0x87, 0x2D, 0x9D, 0x0C, 0xAD, 0xB9, 0x1A, 0xBE,
- 0x9B, 0x4E, 0x26, 0x5F, 0x75, 0xC6, 0xE5, 0xE8,
- 0x29, 0xE1, 0x46, 0xC3, 0xD8, 0xCE, 0x1E, 0x9D,
- 0x12, 0xE0, 0xD1, 0x29, 0x80, 0x19, 0x57, 0xF4,
- 0x6B, 0x0D, 0x2D, 0xBE, 0x1F, 0x74, 0x9B, 0x1D,
- 0x08, 0xE2, 0x34, 0x5F, 0x62, 0x39, 0xA7, 0x31,
- 0x34, 0x2E, 0xB7, 0x5B, 0x0C, 0xF1, 0xBF, 0x41,
- 0x17, 0x49, 0xBC, 0x2C, 0xAF, 0x28, 0x10, 0xB7,
- 0x88, 0xC6, 0xB7, 0x23, 0x8B, 0x4D, 0x3D, 0xA2,
- 0xD6, 0x31, 0x5C, 0xE9, 0x54, 0x2E, 0x24, 0x40,
- 0x4F, 0x14, 0x57, 0x55, 0xA3, 0x0A, 0xB8, 0x51,
- 0xE4, 0x44, 0x58, 0x41, 0xBD, 0x33, 0xF7, 0x16,
- 0xA5, 0x86, 0x88, 0x48, 0x88, 0xEC, 0xC6, 0xBC,
- 0x64, 0x98, 0xAA, 0x32, 0x91, 0x9A, 0xE8, 0x1D,
- 0x20, 0xC2, 0x69, 0x73, 0xC2, 0xBD, 0x54, 0x58,
- 0x2A, 0x0F, 0x6A, 0xD9, 0x8A, 0xBF, 0xD2, 0x62,
- 0x7E, 0x15, 0x69, 0x0A, 0x72, 0x7E, 0x69, 0xF5,
- 0x81, 0xDD, 0x2A, 0x71, 0x27, 0x98, 0x2A, 0x90,
- 0xE3, 0x3E, 0x2D, 0x4A, 0x03, 0xFE, 0x33, 0x91,
- 0x42, 0xC7, 0xE4, 0x4C, 0x32, 0x6A, 0xC4, 0x6E,
- 0xD3, 0x95, 0xA2, 0x25, 0xD3, 0x03, 0x33, 0x89,
- 0x91, 0x73, 0x28, 0xB4, 0x53, 0x16, 0xB1, 0x58,
- 0x5A, 0x01, 0xB2, 0xC3, 0x04, 0xB2, 0x94, 0x4E,
- 0x90, 0x3A, 0xBB, 0xB3, 0xEC, 0x56, 0x19, 0x44,
- 0x1C, 0xFC, 0x89, 0x65, 0xA4, 0x46, 0xDF, 0x75,
- 0xDE, 0xFA, 0x80, 0xC6, 0xE1, 0x5A, 0xDB, 0xD5,
- 0x06, 0xB7, 0xAB, 0x2D, 0xE1, 0x2D, 0xDA, 0x9B,
- 0xC8, 0x14, 0x41, 0xCF, 0xC8, 0x90, 0x52, 0xE2,
- 0xE5, 0x80, 0x8F, 0x71, 0x26, 0xC6, 0xFD, 0x3A,
- 0xC6, 0xAC, 0x80, 0x81, 0x25, 0x8A, 0x84, 0xA0,
- 0x9A, 0xE5, 0x0F, 0x6C, 0xD7, 0xCC, 0x0F, 0x4A,
- 0xF3, 0x36, 0xFD, 0x1D, 0x64, 0x3E, 0x99, 0x07,
- 0x99, 0x96, 0x26, 0x8C, 0x2D, 0x32, 0xD9, 0x09,
- 0xF2, 0x2E, 0x35, 0x04, 0xF0, 0x7F, 0xBB, 0x56,
- 0x31, 0x96, 0xD4, 0x31, 0x2F, 0xDD, 0xB9, 0x33,
- 0x5D, 0x5C, 0x1D, 0x36, 0xE8, 0xC5, 0xEE, 0xA2,
- 0x27, 0x8D, 0xBA, 0x23, 0xB9, 0x4D, 0x19, 0x3C,
- 0x94, 0x7C, 0xC4, 0x1C, 0xA9, 0x93, 0xDC, 0x7D,
- 0xB1, 0x39, 0x63, 0x40, 0xAD, 0x9C, 0x4F, 0xE6,
- 0x87, 0xDD, 0x7B, 0x8D, 0x0C, 0x7A, 0x51, 0x20,
- 0xAE, 0x02, 0x04, 0xF2, 0xC6, 0x65, 0xBD, 0x5F,
- 0x47, 0x3D, 0x64, 0x4C, 0x7F, 0xF2, 0x6B, 0xFF,
- 0xBA, 0x7A, 0x36, 0x98, 0x08, 0x30, 0x70, 0x21,
- 0x28, 0xA7, 0xE6, 0x61, 0xD6, 0x77, 0xA0, 0x92,
- 0xA3, 0x6E, 0x74, 0x28, 0xA4, 0x13, 0x9F, 0xB2,
- 0x9B, 0x00, 0x95, 0xCC, 0x11, 0x08, 0x6F, 0x44,
- 0x7D, 0x2A, 0x9E, 0xF6, 0xC9, 0xB1, 0x61, 0xF1,
- 0x89, 0xC6, 0x29, 0x9E, 0x08, 0x4C, 0xB7, 0xAA,
- 0x00, 0xFA, 0xF7, 0x87, 0x79, 0x7B, 0xFB, 0x06,
- 0x9F, 0xBC, 0x08, 0x7F, 0xDE, 0x26, 0x25, 0x2A,
- 0x16, 0x64, 0xF1, 0x9C, 0x5A, 0x8A, 0x22, 0xEC,
- 0x5E, 0xE1, 0xAE, 0xB0, 0x76, 0x35, 0x7B, 0x7D,
- 0xC3, 0x7E, 0x6B, 0x0F, 0x15, 0x20, 0xF9, 0x58,
- 0xF7, 0x85, 0x1B, 0xAC, 0xB9, 0x2C, 0x89, 0xFD,
- 0x11, 0x4A, 0x72, 0xFE, 0xAC, 0x54, 0x65, 0x2D,
- 0x45, 0xB0, 0x9E, 0x1A, 0xE7, 0x65, 0x1A, 0xBD,
- 0x16, 0x4B, 0xCD, 0x53, 0x7D, 0x58, 0xFA, 0x39,
- 0xD3, 0xEC, 0x8A, 0xCD, 0xCD, 0xF9, 0x84, 0x25,
- 0x00, 0x58, 0x62, 0xFA, 0x59, 0x69, 0x2D, 0xE1,
- 0x62, 0xB7, 0x7E, 0x62, 0x97, 0xC6, 0x62, 0x33,
- 0x34, 0x84, 0x08, 0xA8, 0xAB, 0x69, 0x5C, 0xE2,
- 0xF2, 0x72, 0x8D, 0xB9, 0xFB, 0xE2, 0x7E, 0x95,
- 0x89, 0x67, 0xEC, 0x59, 0x74, 0x76, 0x7C, 0x5A,
- 0x66, 0x02, 0x30, 0x74, 0xB4, 0xA7, 0x1A, 0xFD,
- 0x26, 0x4A, 0xD2, 0x89, 0x0E, 0x97, 0x0A, 0x1F,
- 0x31, 0xD6, 0xE3, 0x31, 0x1B, 0x73, 0x6F, 0x9F,
- 0x94, 0x88, 0x79, 0x3D, 0xDC, 0x88, 0xF2, 0x34,
- 0x58, 0x06, 0x42, 0x54, 0xC8, 0x2A, 0x1D, 0x9E,
- 0x59, 0xEA, 0xD2, 0xFC, 0xEC, 0x40, 0xB4, 0x30,
- 0x68, 0x7C, 0x4B, 0x7E, 0x28, 0x96, 0x09, 0x26,
- 0xAF, 0xCA, 0xCC, 0x9B, 0xD7, 0x56, 0xA7, 0x10,
- 0x88, 0xC7, 0x84, 0x50, 0xE2, 0x0A, 0x2E, 0x98,
- 0x0A, 0xED, 0xE9, 0xEB, 0xED, 0xFE, 0x7F, 0xAB,
- 0xD6, 0xAB, 0xFE, 0x96, 0xF9, 0x34, 0xC4, 0xB0,
- 0x2C, 0x01, 0xCA, 0x19, 0x4D, 0x01, 0xB7, 0x3C,
- 0x25, 0xD5, 0x99, 0x70, 0x39, 0xD3, 0xFC, 0xD0,
- 0xF0, 0x99, 0x52, 0x1F, 0x70, 0xCA, 0xEE, 0x69,
- 0x11, 0x0A, 0xC1, 0xFC, 0x5A, 0x99, 0x91, 0x7A,
- 0xD7, 0x52, 0xFC, 0x96, 0xAD, 0xFA, 0xD7, 0x18,
- 0x6D, 0x0A, 0x7C, 0x9C, 0xFE, 0x56, 0x01, 0xC0,
- 0x75, 0x14, 0xEA, 0x64, 0x48, 0xD6, 0x61, 0xC5,
- 0x7A, 0xA2, 0x02, 0x42, 0x10, 0x3C, 0x42, 0x76,
- 0xA0, 0x70, 0xA4, 0x89, 0xA4, 0xCB, 0x6B, 0xCA,
- 0x0F, 0x9E, 0xCC, 0x43, 0x79, 0xFB, 0x22, 0x02,
- 0x15, 0xFD, 0x91, 0xF8, 0x10, 0x19, 0xD5, 0xB0,
- 0xAE, 0x61, 0x93, 0x58, 0xB5, 0x24, 0x68, 0xF2,
- 0x72, 0xC1, 0x78, 0xE3, 0xA7, 0x4C, 0xF6, 0x77,
- 0x5A, 0xA9, 0x24, 0xFE, 0x32, 0x9C, 0x31, 0x75,
- 0xD9, 0xE4, 0xC3, 0xE2, 0x1A, 0xB9, 0xEC, 0x83,
- 0x6E, 0xDC, 0x3A, 0xCA, 0xB2, 0xE3, 0x89, 0x1E,
- 0xE8, 0xDE, 0xDA, 0x51, 0x5D, 0x39, 0xAF, 0x9B,
- 0x8D, 0xDD, 0x0E, 0xE7, 0xB0, 0x16, 0x4F, 0x80,
- 0x5C, 0x38, 0x35, 0xF6, 0xD2, 0xBA, 0xBD, 0xB3,
- 0x0E, 0xAB, 0x47, 0x56, 0xE7, 0xEC, 0x7F, 0x82,
- 0x9E, 0xCE, 0x01, 0xE8, 0xEA, 0xDF, 0xBB, 0xED,
- 0x12, 0xFC, 0x28, 0x3B, 0x3D, 0x4C, 0x69, 0xF5,
- 0x75, 0xE7, 0xF8, 0x04, 0x17, 0x68, 0x9F, 0xDF,
- 0xCF, 0xC7, 0xBE, 0x27, 0xEE, 0x3B, 0x8C, 0xDF,
- 0x57, 0xAA, 0xEB, 0xEC, 0x4A, 0x95, 0xB7, 0xE5,
- 0xBB, 0x58, 0x5B, 0x85, 0x22, 0x7F, 0x7C, 0x32,
- 0xBE, 0x30, 0xDB, 0x3E, 0x65, 0xE4, 0x2E, 0x30,
- 0xDC, 0xF5, 0xA5, 0xFA, 0x07, 0x3D, 0xBA, 0x39,
- 0x9D, 0x94, 0x2F, 0x22, 0x22, 0xAD, 0xB9, 0xB9,
- 0x89, 0x81, 0x02, 0xAF, 0xE5, 0x43, 0x2E, 0xDC,
- 0x7F, 0x04, 0xAE, 0x34, 0xA8, 0xFE, 0xC2, 0xD8,
- 0x1C, 0xB4, 0x9A, 0x9A, 0x9B, 0x43, 0x81, 0x4C,
- 0xE7, 0x1D, 0x97, 0xF7, 0x26, 0xE2, 0xB1, 0xE8,
- 0xF6, 0x4B, 0x50, 0xE6, 0x5D, 0xFB, 0x48, 0x16,
- 0xE1, 0x2E, 0x82, 0xA3, 0x19, 0x74, 0x84, 0xA4,
- 0xE9, 0xBB, 0xA4, 0xD2, 0xD6, 0x9E, 0x3F, 0x19,
- 0xD0, 0xB7, 0x5C, 0x21, 0xE2, 0xBF, 0xFE, 0x9F,
- 0xC0, 0xC9, 0x8C, 0xF4, 0x8A, 0x3A, 0xAF, 0x08,
- 0xD4, 0x67, 0xF7, 0x26, 0x87, 0xDF, 0x01, 0x78,
- 0x17, 0x4B, 0x78, 0x97, 0xF7, 0x34, 0x34, 0x9B,
- 0x18, 0x1E, 0xCA, 0x86, 0xA5, 0x98, 0xA0, 0xC5,
- 0xE8, 0xC2, 0x59, 0x46, 0xF2, 0x4D, 0xC5, 0x57,
- 0x2B, 0xD3, 0x24, 0xA4, 0x04, 0x58, 0xA7, 0x88,
- 0xE5, 0x13, 0x7F, 0x3C, 0x7A, 0x7C, 0x97, 0xFC,
- 0x9F, 0x12, 0xA3, 0xC4, 0x63, 0xA8, 0xFE, 0x94,
- 0x49, 0x10, 0x1C, 0xCE, 0x96, 0x6D, 0x7C, 0x00,
- 0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4,
- 0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
- 0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
- 0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
- 0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
- 0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
- 0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER1024_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER1024_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER1024_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
- sizeof(kyber1024_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER_MAX_PUBLIC_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER_MAX_PRIVATE_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pub, kyber1024_pk, sizeof(kyber1024_pk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
- sizeof(kyber1024enc_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ct, kyber1024_ct, sizeof(kyber1024_ct)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber1024_ct));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_KYBER1024 */
- #endif /* WOLFSSL_WC_KYBER */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- int i;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *priv2 = NULL;
- byte *pub2 = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER_MAX_PRIVATE_KEY_SIZE];
- byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
- byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE];
- byte pub2[KYBER_MAX_PUBLIC_KEY_SIZE];
- byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- static const int testData[][4] = {
- #ifdef WOLFSSL_KYBER512
- { KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE,
- KYBER512_CIPHER_TEXT_SIZE },
- #endif
- #ifdef WOLFSSL_KYBER768
- { KYBER768, KYBER768_PRIVATE_KEY_SIZE, KYBER768_PUBLIC_KEY_SIZE,
- KYBER768_CIPHER_TEXT_SIZE },
- #endif
- #ifdef WOLFSSL_KYBER1024
- { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE,
- KYBER1024_CIPHER_TEXT_SIZE },
- #endif
- };
- WOLFSSL_ENTER("kyber_test");
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv2 = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub2 = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && priv2 && pub2 && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
- ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKey(key, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, testData[i][2]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, testData[i][1]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_DecodePublicKey(key, pub, testData[i][2]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Encapsulate(key, ct, ss, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub2, testData[i][2]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(pub, pub2, testData[i][2]) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_DecodePrivateKey(key, priv, testData[i][1]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(ss, ss_dec, KYBER_SS_SZ) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv2, testData[i][1]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- wc_FreeRng(&rng);
- #ifdef WOLFSSL_WC_KYBER
- #ifdef WOLFSSL_KYBER512
- ret = kyber512_kat();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_KYBER768
- ret = kyber768_kat();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_KYBER1024
- ret = kyber1024_kat();
- if (ret != 0)
- goto out;
- #endif
- #endif /* WOLFSSL_WC_KYBER */
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_HAVE_KYBER */
- #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
- static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz,
- void *context)
- {
- /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! Production applications should
- * write only to non-volatile storage. */
- XMEMCPY(context, priv, privSz);
- return WC_XMSS_RC_SAVED_TO_NV_MEMORY;
- }
- static enum wc_XmssRc xmss_read_key_mem(byte * priv, word32 privSz,
- void *context)
- {
- /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! */
- XMEMCPY(priv, context, privSz);
- return WC_XMSS_RC_READ_TO_MEMORY;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
- {
- int i = 0;
- int j = 0;
- XmssKey signingKey;
- XmssKey verifyKey;
- WC_RNG rng;
- word32 pkSz = 0;
- word32 skSz = 0;
- word32 sigSz = 0;
- word32 bufSz = 0;
- unsigned char * sk = NULL;
- unsigned char * old_sk = NULL;
- const char * msg = "XMSS post quantum signature test";
- word32 msgSz = (word32) XSTRLEN(msg);
- #if WOLFSSL_XMSS_MIN_HEIGHT <= 10
- const char * param = "XMSS-SHA2_10_256";
- #elif WOLFSSL_XMSS_MIN_HEIGHT <= 20
- const char * param = "XMSSMT-SHA2_20/4_256";
- #elif WOLFSSL_XMSS_MIN_HEIGHT <= 40
- const char * param = "XMSSMT-SHA2_40/8_256";
- #else
- const char * param = "XMSSMT-SHA2_60/12_256";
- #endif
- byte * sig = NULL;
- int ret2 = -1;
- int ret = WC_TEST_RET_ENC_NC;
- WOLFSSL_ENTER("xmss_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_Init(&signingKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Set the parameter string to the signing key, and
- * get sizes for secret key, pub key, and signature. */
- ret = wc_XmssKey_SetParamStr(&signingKey, param);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_GetPubLen(&signingKey, &pkSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (pkSz != XMSS_SHA256_PUBLEN) {
- return WC_TEST_RET_ENC_EC(pkSz);
- }
- ret = wc_XmssKey_GetPrivLen(&signingKey, &skSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_GetSigLen(&signingKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Allocate signature array. */
- sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sig == NULL) { return WC_TEST_RET_ENC_ERRNO; }
- bufSz = sigSz;
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "param: %s\n", param);
- fprintf(stderr, "pkSz: %d\n", pkSz);
- fprintf(stderr, "skSz: %d\n", skSz);
- fprintf(stderr, "sigSz: %d\n", sigSz);
- #endif
- /* Allocate current and old secret keys.*/
- sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
- old_sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (old_sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
- XMEMSET(sk, 0, skSz);
- XMEMSET(old_sk, 0, skSz);
- XMEMSET(sig, 0, sigSz);
- ret = wc_XmssKey_SetWriteCb(&signingKey, xmss_write_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_SetReadCb(&signingKey, xmss_read_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_SetContext(&signingKey, (void *) sk);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_MakeKey(&signingKey, &rng);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Export the pub to a verify key. */
- ret = wc_XmssKey_ExportPub(&verifyKey, &signingKey);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Repeat a few times to check that:
- * 1. The secret key is mutated on each sign.
- * 2. We can verify each new signature.
- * Only do a few times, because the full signature space
- * for this parameter set is huge. */
- for (i = 0; i < 10; ++i) {
- XMEMCPY(old_sk, sk, skSz);
- ret = wc_XmssKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- if (sigSz != bufSz) { return WC_TEST_RET_ENC_I(i); }
- /* Old secret key and current secret key should not match. */
- ret = XMEMCMP(old_sk, sk, skSz);
- if (ret == 0) { return WC_TEST_RET_ENC_I(i); }
- ret = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sigSz; j+= 4 * 32) {
- sig[j] ^= 1;
- ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
- msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- sig[j] ^= 1;
- }
- }
- /* Cleanup everything. */
- if (sig != NULL) {
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- sig = NULL;
- }
- if (sk != NULL) {
- XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- sk = NULL;
- }
- if (old_sk != NULL) {
- XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- old_sk = NULL;
- }
- wc_XmssKey_Free(&signingKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /*if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)*/
- #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_SMALL_STACK) && \
- WOLFSSL_XMSS_MIN_HEIGHT <= 10
- /* A simple xmss verify only test using:
- * XMSS-SHA2_10_256
- * pub len: 68
- * msg len: 32
- * sig len: 2500
- *
- * These were generated with the test xmss_fast, from the unpatched
- * xmss-reference repository:
- * https://github.com/XMSS/xmss-reference
- * */
- static const byte xmss_pub[XMSS_SHA256_PUBLEN] =
- {
- 0x00,0x00,0x00,0x01,0xA5,0x41,0x31,0x96,
- 0x0A,0xF9,0xF3,0xB2,0x4B,0x2E,0x5B,0x3E,
- 0xCA,0x74,0xAD,0x6C,0xA5,0x89,0xAD,0x2C,
- 0x0E,0x96,0xB3,0x54,0xFB,0x5B,0x63,0x50,
- 0x96,0x81,0xE2,0x59,0x72,0x10,0x09,0x54,
- 0xBB,0x39,0xAC,0xEE,0x78,0xEF,0x95,0xEC,
- 0x01,0x1D,0xF0,0x36,0x68,0xE2,0xC4,0xA5,
- 0x2F,0x60,0x42,0x7E,0xD3,0x8E,0xAA,0x27,
- 0xC9,0xB7,0x39,0x4E
- };
- static /* not const */ byte xmss_msg[32] =
- {
- 0x07,0x9F,0x80,0x86,0xDB,0x76,0x27,0xDF,
- 0xED,0x5B,0x2A,0x81,0x60,0x60,0x7D,0xB4,
- 0xE8,0x7A,0x69,0x45,0x20,0x6B,0xA2,0x96,
- 0xC0,0x21,0xA5,0x46,0x29,0x63,0x9B,0x37
- };
- /* This was actually the 5th signature produced from
- * xmss_fast test in xmss-reference. */
- static /* not const */ byte xmss_sig[2500] =
- {
- 0x00,0x00,0x00,0x05,0xF0,0x15,0x34,0xBA,
- 0x92,0x03,0x6A,0xB9,0xA5,0x23,0x86,0x11,
- 0xAE,0x65,0x0A,0x5C,0x78,0x2C,0xC9,0xBE,
- 0x7E,0xA6,0xDC,0xA2,0x8B,0xA9,0x9C,0x50,
- 0xF6,0x61,0x8D,0x9D,0xD7,0xE9,0xC0,0xF8,
- 0x67,0xCD,0x8A,0xC4,0x9B,0x74,0x96,0x07,
- 0x5D,0xF2,0xC9,0xCC,0x28,0x05,0xB1,0xBE,
- 0x5E,0xA4,0xBA,0xBE,0xAB,0xD8,0x21,0x6B,
- 0x21,0x5F,0xAB,0xB7,0x6C,0xEC,0x2F,0xC8,
- 0xC6,0x74,0x3E,0x97,0x1B,0xC3,0x45,0x57,
- 0xAF,0xAA,0x1E,0xA8,0xF2,0x86,0xA8,0xAA,
- 0x43,0x6D,0x66,0xE9,0x81,0x14,0xDE,0x09,
- 0x39,0xD2,0xAF,0xD1,0x4C,0xE7,0x75,0x18,
- 0x0D,0xAA,0x29,0xA1,0x92,0x53,0xCC,0xE9,
- 0xF3,0x0B,0x1E,0x3B,0xE2,0xAE,0x80,0x0C,
- 0xE7,0x7A,0x7C,0x13,0x8A,0x28,0xC6,0x5F,
- 0x0A,0xA4,0xA3,0x73,0x0A,0x3A,0xC2,0xA6,
- 0x3B,0xB4,0x30,0x67,0xC0,0x36,0x18,0xA1,
- 0x58,0xCD,0xAD,0x54,0x36,0x64,0xCE,0xFD,
- 0x52,0xFF,0x70,0x7E,0x09,0xFB,0x13,0xA2,
- 0xEA,0xDF,0x67,0x8D,0x6C,0x42,0xB2,0x78,
- 0xF5,0x7D,0x5C,0x4B,0xF7,0x8E,0xCF,0x3E,
- 0xB7,0xC6,0xC1,0x23,0xFA,0x65,0xDE,0xD2,
- 0xFA,0x40,0x51,0x97,0x0D,0x52,0x32,0x76,
- 0x7E,0x82,0x8D,0xD0,0xB9,0x1E,0x62,0xD9,
- 0x1E,0xC1,0xDB,0x40,0x43,0x37,0x4A,0x23,
- 0x8A,0x1D,0x35,0xFA,0xF4,0x53,0x11,0x5A,
- 0xB5,0x6D,0x1E,0x8B,0x22,0xC8,0x7D,0x2A,
- 0xE4,0x94,0xAA,0x25,0x20,0x40,0x96,0xDB,
- 0x82,0x62,0xBA,0x8F,0x8B,0x45,0xCB,0x4F,
- 0x35,0x88,0x33,0xEB,0xEF,0xB3,0xBA,0xA7,
- 0x09,0x72,0xB3,0x4C,0xEC,0xF2,0xC3,0xC7,
- 0x5E,0x02,0x6C,0x41,0x93,0xCB,0x3C,0x89,
- 0x12,0x09,0x68,0x54,0x8E,0xEC,0x6A,0x7E,
- 0x20,0xE1,0x70,0x3D,0x8C,0xEB,0xB4,0x36,
- 0xBE,0x91,0xBE,0x97,0xB5,0xA6,0x34,0x16,
- 0x95,0x0F,0x10,0x26,0xA9,0x13,0x80,0x88,
- 0x9C,0xAA,0x68,0xEC,0x34,0x70,0x4A,0x15,
- 0x9B,0x5E,0x57,0x05,0x87,0x1C,0xF8,0x35,
- 0x45,0x29,0xE9,0x6E,0xF2,0x70,0x13,0x42,
- 0x89,0x4E,0x77,0xC0,0x18,0xC7,0x55,0x6D,
- 0xE7,0xFA,0x0D,0x63,0x83,0x16,0x19,0x01,
- 0x2D,0xFD,0x31,0x14,0x94,0xCA,0x3E,0x0E,
- 0xD6,0x11,0x34,0x81,0x57,0x58,0xEC,0x24,
- 0xA4,0x17,0x63,0xD3,0x25,0x00,0xBF,0x7D,
- 0x78,0x5D,0xC5,0xD8,0xC6,0xC1,0xBD,0x8C,
- 0xD0,0x94,0x0A,0xB1,0x33,0xA5,0x4B,0x31,
- 0x25,0xF5,0xAF,0xE7,0x84,0x26,0xAA,0x05,
- 0xBB,0xF3,0x9A,0xAF,0x58,0x36,0x40,0xEF,
- 0x3D,0xA2,0xBD,0xCA,0xA1,0x8D,0x2F,0x6D,
- 0x54,0xD2,0x62,0x33,0x09,0xAE,0xE6,0x73,
- 0xD6,0x44,0xE8,0x7C,0x5C,0x39,0x2B,0x78,
- 0x94,0x14,0xC7,0xC9,0xAF,0xEC,0x77,0x36,
- 0xA1,0x61,0x61,0xF1,0xD0,0x09,0xA2,0xEE,
- 0xE7,0x55,0xD7,0x35,0x89,0x89,0x9B,0xCF,
- 0xFA,0xA6,0x09,0x1E,0x3B,0xBD,0x5D,0xD9,
- 0x25,0xE7,0xED,0xDD,0x7C,0xF0,0x1C,0x57,
- 0xE0,0x06,0xBB,0x08,0x39,0x59,0xDF,0xD7,
- 0xAF,0x4B,0x88,0x0D,0x87,0x8F,0x4A,0xF3,
- 0x1C,0xD4,0x4B,0xB3,0xE2,0xF3,0x1B,0x86,
- 0x4F,0xCD,0x35,0x75,0xE2,0x03,0xF9,0x1D,
- 0xBF,0x3E,0xD1,0x7B,0xC7,0x23,0x11,0x75,
- 0x5F,0x92,0x0D,0x98,0xEE,0x14,0xE1,0xDA,
- 0x7A,0x02,0x17,0x47,0x6B,0x41,0xEA,0x47,
- 0xA1,0xAF,0x06,0x79,0x1A,0x52,0x6F,0x19,
- 0x31,0x70,0x71,0xBD,0xC2,0x61,0x8D,0xB7,
- 0xEE,0x6B,0x69,0x2A,0xE8,0x21,0x7A,0x95,
- 0xBE,0x86,0x2A,0xA1,0xF4,0xE2,0x2F,0x17,
- 0x02,0xFD,0xAD,0x17,0x9F,0x0A,0x0A,0x78,
- 0xA9,0x92,0x30,0x21,0x72,0x2B,0x28,0xF8,
- 0xF2,0x3E,0x05,0xD5,0xAC,0xC0,0x82,0xF8,
- 0xD2,0xDA,0xD0,0xA3,0xBC,0x93,0xDB,0xA5,
- 0x46,0xDE,0x14,0x1E,0xD4,0x3A,0x5D,0x79,
- 0x3D,0x31,0x4B,0x06,0xCE,0x22,0x29,0x3C,
- 0x98,0xB6,0x18,0x8A,0xAE,0xF7,0xBA,0x22,
- 0x88,0xA1,0xEE,0xC0,0x14,0x4C,0x4A,0xA0,
- 0x57,0x0A,0xD3,0x18,0xA2,0x3D,0xDD,0xC7,
- 0x83,0x73,0xFC,0x38,0x9B,0x31,0xA3,0xE1,
- 0x17,0x76,0xA1,0xA2,0x69,0xFC,0xAB,0x08,
- 0x80,0x72,0x8D,0xF5,0xE4,0x14,0xB7,0x6B,
- 0x03,0xFF,0xE8,0x11,0x4B,0x06,0x55,0x7E,
- 0x36,0x21,0x2F,0xD7,0x54,0x82,0xC9,0x31,
- 0xB4,0x85,0x68,0x41,0xEF,0x75,0xB0,0x3A,
- 0xEA,0x4F,0xE0,0xEC,0x72,0xCC,0x33,0x96,
- 0xCE,0x7D,0xAD,0xDD,0x0D,0x27,0x05,0x6E,
- 0xA2,0xD4,0x11,0x07,0xD8,0x7D,0x27,0xD4,
- 0x80,0x8F,0x00,0x22,0xE4,0xFC,0x2C,0x9D,
- 0xD5,0xD8,0x18,0x7F,0x4E,0xF4,0xB9,0x7F,
- 0xEF,0xD6,0x00,0x08,0x5C,0x05,0x04,0x1E,
- 0x9A,0xC6,0x8D,0xCC,0x19,0xD9,0x0B,0x06,
- 0xCC,0x6A,0x17,0xE2,0x03,0x23,0xDB,0x1C,
- 0xBC,0xA2,0xB9,0xA2,0x95,0x3C,0x73,0xD8,
- 0xFF,0xE6,0x0E,0xAE,0x04,0xB2,0xFC,0x91,
- 0x4F,0xEF,0x8A,0x58,0xB7,0x31,0x68,0x4C,
- 0x1E,0xD0,0x5B,0x85,0xCC,0x03,0xDC,0xF4,
- 0xAC,0xDB,0x03,0x9B,0x35,0x33,0x08,0x71,
- 0xD0,0x50,0x8D,0xDC,0xE3,0x3A,0x98,0x40,
- 0x41,0x80,0xDD,0x35,0xE1,0xA2,0xAF,0x14,
- 0x9A,0xDB,0xD3,0x68,0x14,0xE2,0x50,0x7A,
- 0x76,0x3F,0xE4,0xA4,0x1B,0xAA,0xC1,0x06,
- 0x87,0x9A,0x92,0xF9,0xBE,0x9E,0x86,0x8C,
- 0x92,0x1D,0x74,0xB1,0x7F,0x27,0x43,0xC0,
- 0xEE,0x2E,0xC2,0x6C,0x6D,0xAA,0x0C,0x0E,
- 0x71,0xC9,0x56,0xD6,0x3A,0x56,0xCB,0x90,
- 0xD1,0x7E,0x6E,0x1C,0x6A,0x00,0x2D,0x02,
- 0x2C,0x96,0xF0,0x2A,0x37,0x37,0x18,0x07,
- 0x0B,0xF4,0xB4,0x8C,0x30,0xF2,0xA4,0xAB,
- 0x66,0xFB,0x8B,0x22,0xC0,0x00,0x7E,0x05,
- 0xB6,0xF9,0x95,0x49,0x33,0xA1,0xDC,0x97,
- 0x0C,0x5C,0x61,0x46,0xE2,0xD7,0x87,0x4B,
- 0xC4,0xC7,0x5F,0x26,0x06,0x84,0xD7,0x47,
- 0x05,0xF1,0x33,0xFF,0x85,0x85,0xB2,0xBD,
- 0x1F,0x44,0xC6,0xC2,0x7D,0x51,0xBE,0x0E,
- 0xB5,0xC4,0x44,0x2F,0xFE,0x73,0x5F,0xF4,
- 0xA4,0xEF,0xE2,0xF1,0x73,0x0B,0xEF,0x3E,
- 0x2B,0xD7,0xCC,0x9F,0xDA,0x1A,0x7E,0x92,
- 0x39,0xA1,0x55,0xBF,0x60,0x0A,0xDB,0x23,
- 0x74,0xFE,0xE7,0x05,0x63,0xA9,0x85,0x52,
- 0x9F,0xCC,0xC3,0xFF,0xF6,0x6C,0x1B,0x4E,
- 0x4F,0x01,0xBD,0xC3,0xEB,0x37,0xEC,0x29,
- 0x21,0x3B,0x2C,0xC9,0x2E,0x93,0x20,0x3E,
- 0x19,0xC0,0x8B,0xE8,0x33,0xCD,0xC6,0x6A,
- 0x6E,0x72,0x13,0x15,0xA1,0x90,0x20,0x0C,
- 0x14,0x66,0xED,0xCC,0xA4,0xDD,0x7F,0x58,
- 0x53,0xBC,0x4A,0x68,0xFC,0x86,0x3E,0xAA,
- 0xF1,0x17,0x0F,0x3E,0x20,0x54,0x93,0xF4,
- 0x98,0xBF,0xB4,0x07,0x05,0xBD,0x70,0xE7,
- 0xD7,0x34,0xFD,0xE3,0x69,0xDF,0xCD,0xF5,
- 0x1A,0x73,0x6E,0xC9,0x2B,0x21,0xFB,0xB8,
- 0x7E,0x44,0x10,0x83,0x56,0xCE,0xD5,0x15,
- 0x9A,0x75,0xFC,0x91,0x8E,0x6B,0x9E,0x1A,
- 0x3A,0x33,0x39,0x35,0xB4,0x0D,0x74,0xF4,
- 0xFB,0x4C,0x0E,0x37,0xFE,0x82,0x95,0x46,
- 0x6B,0xD2,0x6E,0xEE,0xCD,0x4D,0x38,0xAF,
- 0x0A,0xAA,0xF1,0xD5,0xA4,0x7C,0x04,0xD8,
- 0xB9,0xDB,0x11,0x68,0x88,0x35,0x41,0xDE,
- 0x31,0x33,0x0C,0xDC,0x2D,0x4C,0xA8,0x20,
- 0xCC,0x2C,0x4C,0x63,0xAB,0xBA,0xDF,0x48,
- 0x84,0xD5,0x25,0xBC,0x70,0xE3,0x49,0xAA,
- 0x43,0xCA,0x8B,0xE7,0x9F,0xDD,0x20,0x76,
- 0x9B,0x38,0xF4,0xBA,0x4D,0x4E,0x34,0x4A,
- 0xAF,0x81,0xE7,0x0B,0xEC,0xE9,0x59,0xC1,
- 0x35,0x22,0x7F,0x69,0x46,0x62,0xD2,0x18,
- 0x6E,0x1F,0x79,0xD1,0xAD,0xC3,0x84,0x95,
- 0x96,0xB2,0x18,0x58,0x5E,0x7E,0x0C,0x25,
- 0x0A,0x0F,0x69,0xA3,0x1D,0xEC,0x29,0xCB,
- 0xDA,0xA2,0xD1,0x1A,0x10,0xA5,0x52,0xC3,
- 0x62,0x1E,0xC5,0x83,0xFF,0xA3,0x56,0xC2,
- 0xFD,0x87,0x3B,0x57,0x52,0x98,0x36,0x95,
- 0x77,0x6B,0xE5,0x49,0x10,0x8E,0x39,0xDD,
- 0xCA,0x4B,0xB3,0x9F,0x4C,0x0C,0x11,0x62,
- 0xF3,0x22,0x78,0xDB,0x48,0xEB,0x68,0xFE,
- 0xE4,0x2A,0xE9,0xAA,0x8F,0x7A,0x2F,0x69,
- 0xA5,0xC5,0x03,0x2D,0xEF,0x62,0xA8,0x71,
- 0x65,0x06,0x40,0x84,0x10,0x0F,0xF2,0xED,
- 0xBC,0x70,0x71,0x69,0x24,0xA2,0xBF,0x83,
- 0x39,0xDD,0xFA,0xA2,0x7B,0xE5,0xEC,0x3D,
- 0xFE,0x3B,0x52,0x6E,0x3D,0x82,0xA6,0x2A,
- 0x86,0x01,0x61,0x51,0x63,0xBF,0xF9,0x0A,
- 0x06,0x72,0xF1,0xD5,0x39,0x0C,0xBA,0xC9,
- 0x78,0xC6,0x77,0x22,0xE4,0x96,0x6E,0xB1,
- 0x48,0x62,0x84,0x62,0x2D,0xEA,0x49,0x56,
- 0x50,0x86,0x3F,0x90,0xC3,0x01,0x42,0x45,
- 0xED,0xE6,0x9A,0x65,0x19,0x93,0x7F,0x48,
- 0x16,0xF2,0x50,0xA7,0x70,0xB3,0xF5,0xDB,
- 0x0E,0x5E,0x22,0x9E,0x64,0x04,0x26,0x69,
- 0xC1,0x16,0xEE,0x65,0x08,0x82,0x27,0x65,
- 0xEC,0x3D,0xDF,0x51,0x5E,0x2D,0xE8,0x76,
- 0xF2,0xE3,0xE4,0x24,0x04,0x88,0x06,0x0F,
- 0xB2,0x7B,0x9B,0x72,0x3D,0x4C,0x7D,0x6A,
- 0x1F,0xB2,0xA2,0xD2,0x35,0xD6,0x40,0x25,
- 0xC2,0x0B,0x25,0xF9,0xDF,0x26,0xE4,0xDC,
- 0xFB,0xB1,0x84,0x84,0x77,0x1B,0x45,0x51,
- 0x60,0xD5,0xF0,0xB6,0x09,0xE6,0xBC,0xE3,
- 0x1C,0x70,0x96,0x2C,0xD3,0x9D,0x7D,0x7F,
- 0xB1,0x70,0xDA,0x79,0xB8,0x74,0x99,0xBF,
- 0x84,0x95,0xCC,0x93,0xD7,0x51,0xDD,0x66,
- 0xD3,0x70,0x0C,0x75,0x86,0x09,0x06,0xFD,
- 0x66,0x14,0x80,0xCD,0xF3,0x59,0xB4,0x92,
- 0x5F,0xE4,0xEE,0x00,0xA8,0xB0,0x8B,0x5C,
- 0x3E,0xDB,0x8A,0x9C,0x0B,0xB5,0x99,0xC2,
- 0x0D,0x81,0x09,0x06,0x6C,0x28,0xC0,0x7E,
- 0xA5,0x07,0x70,0x64,0xD7,0x41,0xF4,0xC3,
- 0x66,0x61,0x1C,0xA8,0x51,0xF6,0x3C,0xBA,
- 0xE0,0x94,0xA3,0x11,0x8C,0x2E,0xBA,0x13,
- 0xB2,0x47,0x48,0x93,0xB4,0x1A,0x2C,0x9A,
- 0x6E,0x8E,0x30,0x66,0x7B,0xD3,0xBB,0x3B,
- 0x5D,0x97,0x0D,0xE4,0xEA,0x24,0x28,0x9E,
- 0xB4,0x88,0xCE,0x1D,0x7D,0x6F,0x39,0xB3,
- 0x87,0x21,0xE5,0x08,0x93,0xF0,0xD4,0x9D,
- 0x2D,0x91,0xC9,0xFD,0x0C,0x74,0x34,0xB4,
- 0x1F,0xFE,0xDA,0xDC,0x10,0x5B,0x8D,0x2B,
- 0x87,0xD3,0x42,0xB4,0xAE,0x32,0x9C,0xAE,
- 0x4C,0x99,0xD8,0xED,0x44,0x41,0x07,0xE0,
- 0x8F,0xBD,0xA5,0x7C,0x5A,0xDF,0x91,0x29,
- 0x00,0xB5,0x4B,0xC3,0x3A,0x40,0x6C,0x48,
- 0xAB,0x2A,0xF3,0x02,0xCB,0xB3,0x69,0xDA,
- 0x06,0x0C,0x4D,0x5C,0x45,0xC3,0x28,0xAC,
- 0x7A,0x01,0xD4,0xF8,0xCB,0x07,0x63,0x89,
- 0x09,0x34,0x78,0xA7,0x14,0x39,0xCF,0x2D,
- 0x94,0x8D,0x7A,0x4E,0x4E,0xBD,0xC4,0x32,
- 0xAB,0x21,0xC9,0xDA,0x3F,0x5F,0x04,0x6B,
- 0x14,0x40,0x18,0x18,0x2F,0xF9,0x46,0x17,
- 0x57,0x54,0x9B,0x28,0x7B,0xBD,0xF9,0xA2,
- 0x13,0xAC,0x69,0x24,0xB1,0x31,0x39,0xBF,
- 0x8D,0x75,0xC3,0xFD,0x03,0x54,0x5A,0xFD,
- 0xD4,0x7A,0xB7,0x56,0x4F,0x66,0x43,0x57,
- 0x1B,0xFB,0xF9,0x92,0x7A,0x83,0xE6,0xFF,
- 0xB4,0xBA,0x83,0xD2,0x61,0x8E,0x4A,0x82,
- 0x82,0xA8,0xF5,0x0C,0xD2,0x43,0x53,0xA8,
- 0x85,0x0A,0xD4,0x69,0x7B,0x04,0x71,0x3B,
- 0x80,0x49,0x27,0x47,0x12,0xB6,0xB0,0xEA,
- 0x90,0x0A,0xFA,0xA8,0xC8,0x78,0x61,0xDE,
- 0x30,0x12,0xBB,0xDC,0xA6,0x57,0x56,0x30,
- 0x6E,0xF1,0xA8,0x3B,0xF6,0x09,0x07,0xEA,
- 0x31,0xE2,0x08,0x23,0x31,0x0F,0xD4,0x34,
- 0xE3,0x60,0xC2,0x2B,0xDB,0x5A,0x99,0xCF,
- 0xD4,0x6B,0x4E,0x75,0x65,0x35,0xE8,0x8B,
- 0x93,0x7D,0xCA,0x11,0x47,0xF0,0x3E,0x11,
- 0x5C,0xD1,0xEE,0x4B,0x11,0xB4,0x65,0x2B,
- 0x6B,0x79,0xC0,0x86,0x60,0xA4,0x4B,0x24,
- 0xA0,0x5C,0x70,0x34,0xC3,0x7C,0xE7,0x4F,
- 0x97,0x89,0x4D,0xFE,0x22,0x89,0x3A,0xE9,
- 0x07,0xB9,0x1A,0x86,0xB8,0x7A,0x12,0x38,
- 0xE1,0x24,0x46,0xBC,0x9B,0x21,0xCD,0xAC,
- 0x30,0xAB,0x98,0x21,0x31,0xC5,0x17,0x3F,
- 0x1E,0x56,0xC3,0x18,0xCE,0xF0,0xA1,0xCC,
- 0xFF,0x9D,0xA8,0x53,0xAF,0x74,0x77,0x54,
- 0x02,0x9A,0x8F,0xA4,0xD4,0xBD,0xB2,0x1A,
- 0xBA,0x52,0x2E,0x19,0xBE,0x49,0x11,0x45,
- 0x02,0x01,0x7A,0xBF,0x28,0xD6,0x18,0xED,
- 0xBD,0xCE,0xE4,0xDE,0xB5,0xF1,0x53,0x5D,
- 0x65,0xF9,0x5F,0x83,0x8F,0x2D,0xF2,0x82,
- 0xA0,0x2D,0x28,0xD3,0x0A,0x9E,0x0F,0x7F,
- 0xC7,0xC4,0x43,0x7F,0xC3,0x0E,0x06,0xEB,
- 0x4E,0xB4,0x2D,0xFA,0xDD,0x48,0xAB,0xF4,
- 0x7D,0x41,0x48,0x33,0x5A,0xE6,0x70,0x02,
- 0xE7,0x71,0x8D,0xD9,0x6B,0x0C,0x5A,0x8F,
- 0xA4,0xC1,0xB7,0x4E,0x96,0x83,0xD6,0xA7,
- 0x1D,0xF1,0x88,0xB3,0x6E,0xF4,0x12,0xA9,
- 0xF6,0x31,0x69,0x66,0xFE,0xFE,0x02,0xF2,
- 0x86,0x6D,0xBB,0x57,0x51,0x8C,0x4C,0xE9,
- 0x7C,0x92,0x3E,0x3A,0xD3,0x2D,0xA8,0x82,
- 0x53,0x84,0x26,0x89,0xBB,0xCC,0x13,0x12,
- 0x3D,0x94,0xBB,0xDF,0x3D,0x4C,0xDF,0x27,
- 0x9B,0x1F,0xB8,0xB6,0xE4,0xEA,0xA2,0x07,
- 0xF8,0x4D,0x42,0x8F,0x29,0x90,0xFE,0x21,
- 0x20,0xE9,0x55,0x02,0xAD,0x90,0xA7,0x77,
- 0x4E,0x29,0xB6,0xD9,0x14,0x94,0xB2,0x25,
- 0xA4,0xB2,0x0E,0x96,0x31,0xAB,0x9E,0x93,
- 0x49,0xAC,0xA9,0xCB,0x68,0x22,0xBA,0xB8,
- 0x57,0x5C,0x9D,0x65,0xC1,0xF1,0xFC,0x99,
- 0x7C,0x3C,0xE9,0xEA,0x4B,0x29,0x22,0x2F,
- 0xDB,0x17,0x21,0x8D,0xB0,0x13,0xBF,0xEE,
- 0x7D,0xE4,0x8B,0x6D,0x17,0xE0,0x53,0x92,
- 0x0B,0x32,0x6B,0xB1,0x65,0x2E,0xA7,0x83,
- 0xFD,0x62,0x62,0xE3,0xAA,0x81,0xE8,0xD6,
- 0xF7,0xB1,0x30,0x65,0x80,0x9F,0x77,0x1E,
- 0x4A,0xEA,0xE8,0x45,0x32,0x12,0x3A,0xFB,
- 0x22,0xE9,0xA9,0xF6,0xCB,0xAB,0xA8,0x0C,
- 0x20,0xA8,0x7C,0xF9,0xF7,0x53,0xC1,0xB4,
- 0xC0,0x5D,0x06,0x45,0xDD,0x7E,0xA7,0x34,
- 0xA1,0x21,0xC2,0x62,0xAB,0x22,0x45,0x3D,
- 0x73,0x4C,0x26,0xD1,0x1A,0xB2,0xF0,0xB2,
- 0x6D,0x11,0x70,0x58,0xAA,0xF5,0xA4,0xF5,
- 0xF8,0x0B,0x3D,0xC1,0xF6,0x17,0x70,0x15,
- 0xCD,0x72,0x02,0x7E,0x4E,0x94,0x96,0x0A,
- 0x56,0xCC,0xA5,0xA3,0xB3,0x7E,0xDD,0x5A,
- 0x72,0xD2,0xFB,0xAC,0x3D,0x0E,0x66,0x65,
- 0xE9,0x08,0x6C,0xB0,0x1C,0xE2,0x1A,0x82,
- 0xF6,0xF3,0x34,0x89,0x73,0x02,0x5B,0x42,
- 0x6D,0x40,0x61,0xB6,0xE0,0xE6,0x53,0x32,
- 0xA5,0x72,0x17,0x4F,0x3B,0x51,0x4F,0xBC,
- 0x00,0xE0,0x69,0x26,0xA9,0xAE,0x83,0xE3,
- 0x73,0x7F,0x71,0x97,0xE0,0xDC,0x7C,0x63,
- 0x9C,0x85,0x5F,0xDF,0x7D,0xE4,0x6C,0xD8,
- 0xA9,0x3A,0x6F,0x5E,0x4A,0x2E,0xB0,0xE7,
- 0x8B,0x45,0xE2,0x90,0x05,0x37,0xE8,0xAB,
- 0x49,0x48,0x4C,0xC0,0x59,0x1D,0x8C,0x46,
- 0x5B,0x84,0xE0,0x83,0xCE,0xEA,0x4B,0xF9,
- 0xD4,0xDC,0x63,0xDF,0x79,0xB7,0x5C,0x11,
- 0x25,0x7F,0x90,0x2E,0x0A,0x38,0x03,0xEA,
- 0xEA,0xA1,0x26,0x52,0x20,0x19,0xA3,0xBE,
- 0xFC,0x9D,0xB7,0x6E,0xA6,0x58,0x8E,0x6D,
- 0xC5,0x58,0xE9,0xED,0x2F,0x55,0x43,0x8B,
- 0x03,0x8B,0xE6,0xA4,0xC2,0x25,0x4B,0x36,
- 0xBA,0xD3,0x27,0x48,0x40,0x2E,0x87,0xA2,
- 0xD4,0x12,0xC6,0x05,0x36,0x03,0x11,0x51,
- 0xD1,0xF2,0xAC,0x71,0x2C,0xB6,0xC3,0xA5,
- 0x57,0x0F,0xAF,0x4B,0xBD,0xCD,0x47,0x4C,
- 0x3A,0x52,0x6F,0x47,0xE7,0x0B,0xB7,0xD5,
- 0xF7,0xA6,0x39,0x63,0x82,0x08,0x4C,0x41,
- 0x0E,0x2A,0x52,0x42,0x5A,0xEA,0x59,0xC7,
- 0x94,0xFB,0xD0,0x88,0x47,0x27,0xF6,0x97,
- 0x03,0x9E,0x29,0xB8,0x3A,0x67,0xE6,0xF3,
- 0x95,0xA7,0x42,0xC1,0x96,0xD1,0x9A,0xA6,
- 0xF0,0x09,0x0C,0xEA,0xE0,0xAB,0x0F,0x15,
- 0xE9,0xC3,0xEB,0xA5,0x89,0x86,0x98,0x32,
- 0x83,0xAB,0x30,0x33,0xAE,0x90,0x8D,0x2E,
- 0xB3,0xAA,0x91,0xA6,0xD9,0xA4,0x4A,0x54,
- 0xE0,0xD3,0x08,0xCC,0x79,0xCE,0xE4,0x15,
- 0x31,0xA6,0xCE,0x61,0xCF,0x03,0x06,0xEE,
- 0x8E,0xE2,0x64,0x29,0xD1,0x54,0x9B,0xD0,
- 0x5F,0x09,0x2B,0x8B,0xD5,0xF8,0xD4,0x7D,
- 0xF1,0x97,0x32,0xD9,0xEA,0x5A,0x0E,0x10,
- 0x8C,0x4D,0xFB,0x55,0xE6,0x27,0x0C,0xBA,
- 0xC1,0x73,0xC1,0x73,0xE3,0x1C,0x09,0xB3,
- 0x6F,0xB4,0x12,0xFA,0xF3,0x29,0xDC,0x23,
- 0x32,0xED,0x80,0x87,0x83,0xC2,0xF6,0x07,
- 0xB5,0xA9,0x22,0xDE,0x66,0x1A,0xA7,0x4A,
- 0x86,0xF1,0x39,0x9B,0xF4,0xE7,0x50,0x15,
- 0x4A,0x55,0x3C,0x93,0xB9,0xF9,0xFD,0xDC,
- 0xB3,0x5D,0x73,0x52
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
- {
- XmssKey verifyKey;
- unsigned char pub_raw[XMSS_SHA256_PUBLEN];
- word32 pub_len = sizeof(pub_raw);
- word32 pkSz = 0;
- word32 sigSz = 0;
- const char * param = "XMSS-SHA2_10_256";
- int j = 0;
- int ret2 = WC_TEST_RET_ENC_NC;
- int ret = WC_TEST_RET_ENC_NC;
- int n_diff = 0;
- WOLFSSL_ENTER("xmss_test_verify_only");
- XMEMSET(pub_raw, 0, sizeof(pub_raw));
- ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_SetParamStr(&verifyKey, param);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_GetPubLen(&verifyKey, &pkSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (pkSz != XMSS_SHA256_PUBLEN) {
- return WC_TEST_RET_ENC_EC(pkSz);
- }
- ret = wc_XmssKey_GetSigLen(&verifyKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "param: %s\n", param);
- fprintf(stderr, "pkSz: %d\n", pkSz);
- fprintf(stderr, "sigSz: %d\n", sigSz);
- #endif
- if (sigSz != sizeof(xmss_sig)) {
- return WC_TEST_RET_ENC_EC(sigSz);
- }
- ret = wc_XmssKey_ImportPubRaw(&verifyKey, xmss_pub, XMSS_SHA256_PUBLEN);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if (ret != 0) {
- printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Now test the ExportPubRaw API, verify we recover the original pub. */
- ret = wc_XmssKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
- if (ret != 0) {
- printf("error: wc_XmssKey_ExportPubRaw returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (pub_len != XMSS_SHA256_PUBLEN) {
- printf("error: xmss pub len %u, expected %d\n", pub_len,
- XMSS_SHA256_PUBLEN);
- return WC_TEST_RET_ENC_EC(pub_len);
- }
- n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub));
- if (n_diff != 0) {
- printf("error: exported and imported pub raw do not match: %d\n",
- n_diff);
- return WC_TEST_RET_ENC_EC(n_diff);
- }
- /* Flip bits in message. This should fail. */
- xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
- ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
- return WC_TEST_RET_ENC_EC(ret2);
- }
- /* Flip it back. This should pass again. */
- xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
- ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if (ret != 0) {
- printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sizeof(xmss_sig); j+= 4 * 32) {
- xmss_sig[j] ^= 1;
- ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- xmss_sig[j] ^= 1;
- }
- /* Cleanup everything. */
- wc_XmssKey_Free(&verifyKey);
- return ret;
- }
- #endif /* WOLFSSL_HAVE_XMSS && !WOLFSSL_SMALL_STACK &&
- * WOLFSSL_XMSS_MIN_HEIGHT <= 10 */
- #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
- static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
- {
- /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! Production applications should
- * write only to non-volatile storage. */
- XMEMCPY(context, priv, privSz);
- return WC_LMS_RC_SAVED_TO_NV_MEMORY;
- }
- static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
- {
- /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! */
- XMEMCPY(priv, context, privSz);
- return WC_LMS_RC_READ_TO_MEMORY;
- }
- /* LMS signature sizes are a function of their parameters. This
- * test has a signature of 8688 bytes. */
- #define WC_TEST_LMS_SIG_LEN (8688)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
- {
- int i = 0;
- int j = 0;
- int ret = WC_TEST_RET_ENC_NC;
- int ret2 = WC_TEST_RET_ENC_NC;
- int sigsLeft = 0;
- LmsKey signingKey;
- LmsKey verifyKey;
- WC_RNG rng;
- word32 sigSz = 0;
- const char * msg = "LMS HSS post quantum signature test";
- word32 msgSz = (word32) XSTRLEN(msg);
- unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN];
- unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte * sig = XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sig == NULL) {
- return WC_TEST_RET_ENC_ERRNO;
- }
- #else
- byte sig[WC_TEST_LMS_SIG_LEN];
- #endif
- WOLFSSL_ENTER("lms_test");
- XMEMSET(priv, 0, sizeof(priv));
- XMEMSET(old_priv, 0, sizeof(old_priv));
- XMEMSET(sig, 0, WC_TEST_LMS_SIG_LEN);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* This test:
- * levels: 1
- * height: 5
- * winternitz: 1
- *
- * max sigs: 2 ** (1 * 5) = 32
- * signature length: 8688
- */
- ret = wc_LmsKey_Init(&signingKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetParameters(&signingKey, 1, 5, 1);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetWriteCb(&signingKey, lms_write_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetReadCb(&signingKey, lms_read_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetContext(&signingKey, (void *) priv);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_MakeKey(&signingKey, &rng);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- XMEMCPY(old_priv, priv, sizeof(priv));
- ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (sigSz != WC_TEST_LMS_SIG_LEN) {
- printf("error: got %u, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
- return WC_TEST_RET_ENC_EC(sigSz);
- }
- /* 2 ** 5 should be the max number of signatures */
- for (i = 0; i < 32; ++i) {
- /* We should have remaining signstures. */
- sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
- if (sigsLeft == 0) {
- return WC_TEST_RET_ENC_EC(sigsLeft);
- }
- /* Sign with key. The private key will be updated on every signature. */
- ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- /* The updated private key should not match the old one. */
- if (XMEMCMP(old_priv, priv, sizeof(priv)) == 0) {
- printf("error: current priv key should not match old: %d\n", i);
- return WC_TEST_RET_ENC_I(i);
- }
- XMEMCPY(old_priv, priv, sizeof(priv));
- ret = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sigSz; j+= 4 * 32) {
- sig[j] ^= 1;
- ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
- msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- sig[j] ^= 1;
- }
- }
- /* This should be the last signature. */
- sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
- if (sigsLeft != 0) {
- return WC_TEST_RET_ENC_EC(sigsLeft);
- }
- wc_LmsKey_Free(&signingKey);
- wc_LmsKey_Free(&verifyKey);
- wc_FreeRng(&rng);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
- #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
- #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
- defined(HAVE_LIBLMS)
- /* A simple LMS verify only test.
- *
- * Note: LMS signature sizes are a function of their parameters. This
- * test has a signature of 1456 bytes:
- * levels: 1
- * height: 10
- * winternitz: 8
- * max sigs: 2 ** (1 * 10) = 1024
- * signature length: 1456
- * */
- /* "wolfSSL LMS example message!" without null terminator. */
- static byte lms_msg[28] =
- {
- 0x77,0x6F,0x6C,0x66,0x53,0x53,0x4C,0x20,
- 0x4C,0x4D,0x53,0x20,0x65,0x78,0x61,0x6D,
- 0x70,0x6C,0x65,0x20,0x6D,0x65,0x73,0x73,
- 0x61,0x67,0x65,0x21
- };
- static const byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
- {
- 0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x06,
- 0x00,0x00,0x00,0x04,0xA1,0x26,0x76,0xF8,
- 0xBB,0x0B,0xC0,0x82,0x21,0x71,0x0B,0x2E,
- 0x8C,0xA6,0xEF,0x12,0xED,0x41,0x0E,0x8C,
- 0xAF,0x11,0x93,0x34,0x7B,0x49,0x79,0xB7,
- 0xDE,0x63,0x1C,0xFE,0x1F,0xD1,0x17,0x49,
- 0xCD,0x5C,0xD4,0x26,0xA0,0x53,0x26,0x1A,
- 0xC5,0xB4,0x8F,0x23
- };
- #define LMS_L1H10W8_SIGLEN (1456)
- static byte lms_L1H10W8_sig[LMS_L1H10W8_SIGLEN] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x04,0x18,0x70,0x09,0x2E,
- 0x21,0xC9,0x6A,0xC9,0x5C,0xB6,0xB0,0xAA,
- 0xC3,0xED,0x6E,0x66,0x2F,0xCC,0x45,0x81,
- 0xBC,0xBA,0x44,0x96,0x1C,0xBF,0x4E,0xFB,
- 0x7A,0x46,0xFB,0xBE,0x9A,0x0C,0xE4,0x50,
- 0x90,0xC7,0x92,0xAC,0x53,0xAE,0x53,0x76,
- 0x29,0xA6,0x65,0xF1,0x09,0xED,0x1A,0x8E,
- 0x03,0x2E,0x5A,0x06,0x51,0xE3,0x1E,0xE6,
- 0xF6,0xFE,0x3A,0x6E,0xD1,0x92,0x31,0x1D,
- 0xA1,0x6A,0x5C,0x30,0x3A,0xC7,0xFD,0x5B,
- 0xFE,0x71,0x2C,0x5C,0x2F,0x5B,0x5B,0xCF,
- 0xBC,0x7F,0xBF,0x6C,0xAF,0x44,0x8A,0xAE,
- 0x14,0x60,0xAB,0x88,0xED,0x0E,0x4F,0xF8,
- 0xC7,0x1B,0x74,0x28,0x72,0xB3,0x96,0xA6,
- 0xE6,0x46,0x22,0x82,0xCF,0x1F,0x4D,0xA6,
- 0xEA,0x22,0x06,0x07,0x52,0xF5,0x26,0x16,
- 0x0B,0x90,0xE3,0xFF,0x64,0xA9,0xE4,0x61,
- 0x1E,0x9C,0x12,0x9C,0xF6,0xD4,0x63,0x29,
- 0xEA,0x02,0xF7,0x18,0x52,0x79,0x6C,0x43,
- 0xDC,0xCF,0x43,0x23,0xB9,0xCC,0x4A,0x25,
- 0x9D,0x10,0xAF,0xA3,0xE6,0x47,0x5A,0x1C,
- 0xFE,0x68,0x89,0xAF,0x1B,0x2D,0x88,0x3E,
- 0xCA,0xDC,0x70,0xEA,0xAC,0x11,0x00,0x8A,
- 0x6E,0xE0,0xC7,0xD0,0xD2,0x1A,0x36,0x18,
- 0x97,0xB3,0x5F,0x0E,0x75,0x48,0x28,0xF8,
- 0xA8,0xF5,0x90,0xD1,0xA1,0x84,0xFB,0xA4,
- 0xAD,0x50,0xBE,0xE9,0x39,0x8C,0xC5,0xA1,
- 0x67,0x51,0xA1,0x8C,0xD6,0x6B,0x97,0x1F,
- 0x47,0x99,0xEE,0xE0,0x70,0x01,0xC7,0x07,
- 0x50,0xF3,0x5E,0x3F,0xE7,0x06,0xD6,0x8D,
- 0x26,0xD6,0x5A,0x59,0x18,0x72,0x6B,0x12,
- 0xD2,0xAF,0x9B,0xB4,0x2B,0xD0,0xB2,0xF2,
- 0x96,0x2F,0x40,0xEA,0xBE,0xE6,0xAC,0x1F,
- 0xB8,0x33,0xC2,0x76,0xDC,0x8C,0xAC,0xC1,
- 0x46,0x5E,0x04,0x84,0x1B,0xC8,0xB9,0x65,
- 0x8D,0xAD,0x96,0xB5,0xB1,0xF6,0x17,0x4A,
- 0x19,0x87,0xE7,0xBF,0x29,0xC7,0x9B,0xB9,
- 0xD6,0x11,0x2C,0x92,0x2F,0xB7,0x24,0xD5,
- 0x01,0x1D,0x80,0x37,0x54,0xED,0x33,0x32,
- 0xAB,0x7A,0x12,0xD4,0x02,0x1D,0x27,0x52,
- 0x89,0xDB,0x32,0xBF,0x61,0xD4,0xBB,0xB4,
- 0x46,0x78,0x1B,0x64,0x17,0x84,0x4B,0x8A,
- 0xBA,0xC6,0xC1,0xCF,0xC7,0x5D,0x8F,0x93,
- 0xC5,0x9A,0x27,0x90,0xAC,0x17,0x98,0xFF,
- 0xC8,0x22,0x59,0x55,0x90,0xB2,0x29,0x39,
- 0xA0,0xBE,0x00,0x23,0x55,0x6B,0xDA,0x83,
- 0xD8,0x5B,0x57,0x7C,0x67,0x1B,0xC3,0x6B,
- 0x6D,0xC7,0x9B,0x2B,0x9E,0xB7,0x95,0xB3,
- 0xF0,0x1B,0x89,0x5A,0xD7,0x4B,0x67,0xAF,
- 0xDC,0x9E,0xCF,0x7E,0x1A,0xBA,0x1B,0xB9,
- 0x3B,0x7A,0xDD,0x3F,0x0D,0xEE,0x4C,0x0B,
- 0xD1,0x4F,0x34,0xF2,0x93,0xF7,0x21,0x64,
- 0x2C,0x07,0x00,0x15,0x4F,0xE3,0x6A,0x9F,
- 0x08,0x52,0xC2,0x65,0x47,0x1F,0x34,0x64,
- 0x66,0x07,0xBC,0xEA,0xAF,0x9B,0xAA,0x39,
- 0x15,0x8B,0x08,0x8C,0x24,0x41,0x9B,0x46,
- 0x1B,0x5B,0x91,0x11,0xC4,0xFD,0xA9,0x88,
- 0x35,0x0E,0x7D,0xAF,0xFD,0xB7,0x90,0x7E,
- 0xD7,0x29,0x02,0x0A,0xDC,0xC8,0x3F,0xC0,
- 0xFD,0x97,0xAF,0x50,0x49,0xA6,0x5E,0x12,
- 0xC1,0xCD,0xEC,0x52,0xC5,0x51,0xF2,0x80,
- 0x17,0x61,0xC7,0x7E,0xBE,0xD1,0x1B,0x65,
- 0xA4,0xAB,0x92,0x8D,0x89,0xB2,0xC5,0x8F,
- 0xFF,0xA5,0x6F,0xFA,0x62,0x75,0xE4,0xA1,
- 0xD4,0x22,0xA8,0x9E,0x40,0x04,0x27,0x1F,
- 0xCC,0x81,0xBA,0x28,0x67,0xA0,0x1C,0x80,
- 0xEB,0xCA,0xB0,0x61,0xA5,0x48,0xD0,0x8A,
- 0x25,0xEB,0x9E,0x67,0x8C,0x8E,0x9B,0xD1,
- 0xAD,0xBB,0xC3,0xEA,0xD3,0xD4,0xC5,0x12,
- 0x7B,0xDD,0x00,0x57,0x7F,0xF6,0xF7,0xF6,
- 0x3C,0x05,0xCF,0xFC,0x12,0xE1,0x93,0x05,
- 0xE5,0x9B,0x79,0x87,0x69,0xD8,0x82,0xD9,
- 0xD7,0x1D,0x41,0x73,0xE4,0x52,0x1D,0x3E,
- 0xE5,0x8C,0x8D,0x34,0xE1,0x75,0xA9,0xF1,
- 0x9D,0x09,0xA2,0x5B,0xEF,0xDA,0x96,0x6E,
- 0x76,0x3D,0xEA,0x50,0xD9,0xCF,0x4F,0xAC,
- 0xAD,0x1D,0x35,0x72,0x1B,0x88,0x8B,0xCD,
- 0x8C,0x8A,0x8A,0xE0,0x96,0x04,0xD8,0xBB,
- 0x28,0x43,0x16,0x77,0x60,0x98,0x63,0xF9,
- 0xB9,0x71,0x46,0xB7,0xE1,0xA7,0xA9,0x84,
- 0xC3,0x65,0x82,0xE1,0x1B,0x67,0x04,0x2D,
- 0x55,0x6B,0xF9,0xC0,0x79,0x09,0x09,0xE7,
- 0xFD,0x06,0x4D,0x09,0x9B,0x1A,0xCE,0x35,
- 0xFA,0x27,0x6F,0x2F,0x01,0x65,0x0D,0xA0,
- 0x97,0x59,0x11,0xF0,0x48,0xD2,0xE7,0x46,
- 0xBE,0xB4,0x0A,0xA3,0xE2,0x75,0x0E,0x09,
- 0x94,0xD9,0x69,0x28,0xD4,0xDA,0x64,0xBA,
- 0xFE,0xA4,0xB9,0xF0,0xBA,0xEB,0xBA,0xAC,
- 0xA8,0xF9,0xD3,0x82,0x4C,0x36,0x80,0xFA,
- 0xE5,0xF6,0x76,0xC3,0x80,0xFA,0x90,0x29,
- 0xF4,0x85,0xA4,0xC6,0x25,0x22,0x79,0x7E,
- 0x39,0x1E,0x30,0xB8,0x65,0x72,0xCF,0xE1,
- 0x99,0xF0,0x75,0xE8,0x09,0xB4,0x92,0x96,
- 0x1B,0x68,0x50,0x88,0xF1,0x2C,0x97,0xE3,
- 0x2D,0x26,0x8F,0xC5,0x30,0xCF,0x24,0xCB,
- 0xB2,0x60,0x77,0xDC,0x02,0x72,0x0D,0xD9,
- 0x2E,0xF2,0x52,0xEA,0x00,0xF6,0x32,0x65,
- 0xA5,0xC6,0x43,0x29,0x29,0x69,0xAB,0x27,
- 0x0C,0x39,0xDF,0x76,0x3E,0x93,0x95,0xB1,
- 0x2C,0xA2,0x0D,0x18,0xCE,0xA0,0x97,0x10,
- 0x3C,0x90,0xC0,0xEF,0x0E,0x04,0xA6,0xC8,
- 0xA0,0x21,0x3C,0x0B,0x22,0x77,0x7A,0x66,
- 0xA5,0x90,0x25,0xA4,0x09,0x3E,0xD5,0x27,
- 0x1F,0x6C,0x99,0x85,0x5C,0xA2,0x99,0x7A,
- 0x25,0xEE,0x8D,0x32,0x3D,0xD3,0xDC,0xF5,
- 0x00,0x5A,0x34,0x61,0xB6,0xCD,0x4E,0xBC,
- 0x26,0x36,0xFB,0x44,0x97,0x35,0xBD,0x06,
- 0x7D,0x2E,0x4A,0xA2,0xDC,0x24,0xFE,0x70,
- 0x0A,0xF9,0x57,0xE3,0xEE,0xAB,0xD1,0x17,
- 0xF3,0x7C,0xD6,0x37,0x26,0xFA,0x83,0x9F,
- 0xDD,0xB2,0xE1,0xD7,0xF9,0xC7,0x0E,0x15,
- 0x01,0xA6,0x58,0x32,0x98,0x04,0x32,0xD4,
- 0xDE,0xB9,0xEF,0x09,0xFA,0xE4,0x5A,0xD7,
- 0xDD,0x09,0x1C,0xC9,0xAC,0xB8,0x6A,0xF5,
- 0x00,0x5D,0x6B,0x95,0x12,0x8C,0x2F,0xCC,
- 0xD8,0xB9,0x50,0x3A,0xEB,0x74,0x86,0xD2,
- 0x3F,0xA1,0x05,0x8F,0x6E,0xEF,0xF5,0xA4,
- 0xD6,0x6E,0x53,0xFA,0x9E,0xFA,0xCE,0xDB,
- 0x99,0x46,0xE7,0xC5,0xDA,0x92,0x51,0x4F,
- 0x22,0x07,0xF3,0xA5,0x38,0x26,0xD3,0xEC,
- 0xD6,0x01,0xDD,0x31,0x3A,0x48,0x93,0xF6,
- 0x69,0x4F,0xD8,0xF6,0xC2,0x91,0xA5,0x7C,
- 0xDF,0x51,0x64,0xF1,0x3B,0x79,0xBC,0x0A,
- 0x2C,0xDC,0x33,0x5A,0x29,0xF6,0xB2,0x09,
- 0x66,0xCA,0x24,0x9F,0x1A,0x18,0xF3,0x76,
- 0x4C,0x5E,0x0B,0x81,0x7F,0x29,0x84,0xD8,
- 0x7A,0xA8,0xD6,0x11,0xAC,0xEC,0xD9,0x07,
- 0x91,0xEC,0xB6,0x6D,0xEC,0xDB,0xBE,0x6F,
- 0x9F,0xC5,0x19,0x5E,0x56,0x87,0x20,0x80,
- 0x75,0xD5,0x64,0xE9,0x80,0xBF,0x2D,0xD5,
- 0x94,0x9F,0x8C,0xA4,0x54,0x41,0xAB,0xB1,
- 0x8E,0xAD,0x51,0xE4,0x3C,0x24,0xF7,0x1D,
- 0xFE,0x02,0x48,0x7C,0x6D,0xED,0xF1,0xAC,
- 0xD9,0x79,0x42,0xE5,0x3A,0xCF,0x6A,0x4C,
- 0x6D,0xE2,0x13,0xD2,0x2B,0x9D,0xAB,0x1F,
- 0x70,0xD3,0xC0,0x6F,0x81,0xE9,0x9A,0x86,
- 0x33,0x39,0x60,0xE7,0x6A,0x00,0x1F,0x97,
- 0xEB,0xE5,0x1D,0x0D,0x66,0x15,0xC9,0xA2,
- 0xB1,0xC0,0xF0,0x2E,0xF4,0x07,0xA2,0x2E,
- 0x49,0x92,0x95,0x13,0xA3,0x18,0x46,0x25,
- 0xB9,0x3C,0xA1,0x4B,0x00,0x00,0x00,0x06,
- 0xAB,0xAA,0xF9,0x3F,0x7E,0x21,0xF4,0x0E,
- 0xCE,0xFD,0xE0,0x44,0xAC,0xC7,0x1A,0x30,
- 0x22,0x9D,0x0A,0xD7,0x96,0x2D,0x8F,0x9A,
- 0x99,0x1F,0x40,0x75,0x7F,0x62,0xF9,0xC1,
- 0x81,0x7B,0x4A,0x1B,0xFA,0xD6,0x87,0xB9,
- 0xEF,0x58,0x48,0xE4,0x5C,0x79,0xE5,0xB1,
- 0x2C,0x59,0xA4,0x42,0xDB,0xA6,0x53,0x70,
- 0x80,0x61,0x17,0xD4,0xD3,0x77,0xBD,0x53,
- 0x26,0x7C,0x0E,0x0E,0xFF,0x30,0x4B,0xD0,
- 0x86,0xFC,0x02,0x20,0x24,0x46,0x5B,0xF5,
- 0xE3,0x99,0x73,0x85,0x60,0x00,0x36,0x47,
- 0x17,0xEE,0x0C,0xD2,0x80,0x71,0x46,0x0E,
- 0x2B,0xB0,0xEF,0x7F,0xFE,0x3B,0xE5,0xE1,
- 0x87,0xC2,0xAF,0x1A,0x6F,0x63,0xF4,0x5A,
- 0xC4,0x16,0xF7,0xAD,0x07,0x70,0x71,0x85,
- 0x7D,0x3D,0x67,0x08,0xB8,0xD8,0xE2,0xF0,
- 0xA1,0xAC,0xD2,0x94,0x7D,0x93,0x03,0xDD,
- 0x54,0xF9,0x64,0x19,0xB3,0xED,0x24,0x22,
- 0x01,0xD7,0x12,0x5E,0xC1,0x2B,0x39,0x10,
- 0x13,0xE2,0x56,0x1C,0xEE,0xF4,0x2A,0x49,
- 0x7B,0xFB,0x36,0x8D,0xF8,0xAF,0x60,0xDF,
- 0x10,0xF0,0x72,0xA2,0xED,0xB6,0x53,0x88,
- 0xA9,0x0C,0xED,0x9C,0x18,0x33,0x7D,0x65,
- 0x9B,0xB2,0x9C,0x3E,0xE9,0x1E,0x43,0x51,
- 0x7E,0xBE,0x01,0x95,0xF6,0x60,0x65,0xBE,
- 0xD1,0xF4,0xE2,0x83,0x6B,0xCA,0x7A,0x70,
- 0x41,0x83,0x72,0xC0,0x23,0x51,0x13,0x11,
- 0x2D,0xF9,0xC0,0x0D,0x7D,0x73,0x76,0xA5,
- 0x30,0x83,0x68,0x10,0x35,0xA2,0x18,0x22,
- 0x4E,0x21,0x93,0x27,0x6A,0x19,0x28,0x83,
- 0x7F,0xDD,0xDD,0xFF,0xC3,0x8A,0x64,0x00,
- 0x5F,0x1C,0x0D,0xF8,0xBB,0xD7,0x15,0xB9,
- 0xEF,0xE0,0x07,0x62,0x05,0x9E,0xCF,0xFC,
- 0x08,0x52,0x1E,0x65,0x41,0x56,0x6A,0xEB,
- 0x81,0x53,0x30,0x7B,0xF2,0xFD,0x65,0xFF,
- 0xA2,0x14,0xF5,0x62,0x1E,0x24,0x48,0x47,
- 0xA5,0x41,0x80,0xB4,0xC5,0xDC,0xB2,0xB4,
- 0x2D,0x17,0xE7,0xBE,0x49,0x53,0x7A,0x25,
- 0xC5,0x0D,0x19,0x59,0xF4,0x88,0x59,0xED,
- 0x92,0x13,0xEE,0x7A,0x4F,0x12,0x98,0x4C
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
- {
- LmsKey verifyKey;
- unsigned char pub_raw[HSS_MAX_PUBLIC_KEY_LEN];
- word32 pub_len = sizeof(pub_raw);
- word32 sigSz = 0;
- word32 msgSz = sizeof(lms_msg);
- word32 pubSz = 0;
- int levels = 0;
- int height = 0;
- int winternitz = 0;
- int ret = WC_TEST_RET_ENC_NC;
- int ret2 = WC_TEST_RET_ENC_NC;
- int j = 0;
- int n_diff = 0;
- WOLFSSL_ENTER("lms_test_verify_only");
- XMEMSET(pub_raw, 0, sizeof(pub_raw));
- ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetParameters(&verifyKey, 1, 10, 8);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_ImportPubRaw(&verifyKey, lms_L1H10W8_pub,
- HSS_MAX_PUBLIC_KEY_LEN);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Verify parameters, pub length, and sig length are correct. */
- ret = wc_LmsKey_GetParameters(&verifyKey, &levels, &height, &winternitz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (levels != 1 || height != 10 || winternitz != 8) {
- printf("error: invalid LMS parameters: L%d-H%d-W%d\n", levels, height,
- winternitz);
- return WC_TEST_RET_ENC_NC;
- }
- ret = wc_LmsKey_GetPubLen(&verifyKey, &pubSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (pubSz != HSS_MAX_PUBLIC_KEY_LEN) {
- printf("error: got %u, expected %d\n", pubSz, HSS_MAX_PUBLIC_KEY_LEN);
- return WC_TEST_RET_ENC_EC(pubSz);
- }
- ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (sigSz != LMS_L1H10W8_SIGLEN) {
- printf("error: got %u, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
- return WC_TEST_RET_ENC_EC(sigSz);
- }
- ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if (ret != 0) {
- printf("error: wc_LmsKey_Verify returned %d\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Now test the ExportPubRaw API, verify we recover the original pub. */
- ret = wc_LmsKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
- if (ret != 0) {
- printf("error: wc_LmsKey_ExportPubRaw returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
- printf("error: LMS pub len %u, expected %d\n", pub_len,
- HSS_MAX_PUBLIC_KEY_LEN);
- return WC_TEST_RET_ENC_EC(pub_len);
- }
- n_diff = XMEMCMP(pub_raw, lms_L1H10W8_pub, sizeof(lms_L1H10W8_pub));
- if (n_diff != 0) {
- printf("error: exported and imported pub raw do not match: %d\n",
- n_diff);
- return WC_TEST_RET_ENC_EC(n_diff);
- }
- /* Flip bits in message. This should fail. */
- lms_msg[msgSz / 2] ^= 1;
- ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Flip it back. This should pass again. */
- lms_msg[msgSz / 2] ^= 1;
- ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if (ret != 0) {
- printf("error: wc_LmsKey_Verify returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sigSz; j+= 4 * 32) {
- lms_L1H10W8_sig[j] ^= 1;
- ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
- LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- lms_L1H10W8_sig[j] ^= 1;
- }
- wc_LmsKey_Free(&verifyKey);
- return ret;
- }
- #endif
- #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */
- static const int fiducial3 = WC_TEST_RET_LN; /* source code reference point --
- * see print_fiducials() below.
- */
- #ifdef WOLFCRYPT_HAVE_ECCSI
- static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
- ecc_point* pvt)
- {
- wc_test_ret_t ret;
- byte id[1] = { 0x00 };
- int valid;
- word32 sz;
- byte data[256];
- byte hash[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[257];
- word32 sigSz;
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeEccsiKey(NULL);
- /* Create a valid key. */
- ret = wc_InitEccsiKey(key, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key set */
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key set */
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(key, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(key, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key created so no curve information. */
- ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key to export */
- ret = wc_ExportEccsiKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key to export */
- ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key to export */
- ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
- &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(NULL, hash, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Key not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, ssk, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Identity hash not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeEccsiKey(key);
- return 0;
- }
- /* RFC 6507: Appendix A */
- static wc_test_ret_t eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- int verified;
- const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
- word32 msgSz = sizeof(msg);
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashSz = WC_SHA256_DIGEST_SIZE;
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- word32 idSz = sizeof(id);
- static const byte sig[] = {
- 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
- 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
- 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
- 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
- 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
- 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
- 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
- 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
- 0x04,
- 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
- 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
- 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
- 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
- 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
- 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
- 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
- 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
- };
- word32 sigSz = sizeof(sig);
- static const byte pubData[] = {
- 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
- 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
- 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
- 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
- 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
- 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
- 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
- 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
- };
- static const byte expHash[] = {
- 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
- 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
- 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
- 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
- };
- ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
- &hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (hashSz != sizeof(expHash))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hash, expHash, hashSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetEccsiHash(key, hash, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- byte data[32 * 3];
- word32 sz;
- ecc_point* decPvt = NULL;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *decSsk = (mp_int *)XMALLOC(sizeof(*decSsk), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decSsk == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #else
- mp_int decSsk[1];
- #endif
- ret = mp_init(decSsk);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- decPvt = wc_ecc_new_point();
- if (decPvt == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 3)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32* 3)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiPair(priv, data, sz, decSsk, decPvt);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = mp_cmp(ssk, decSsk);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_ecc_cmp_point(pvt, decPvt);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiSsk(priv, data, sz, decSsk);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = mp_cmp(ssk, decSsk);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 2)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 2)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ecc_cmp_point(pvt, decPvt);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- sz = sizeof(data);
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 2 + 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ecc_cmp_point(pvt, decPvt);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- wc_ecc_del_point(decPvt);
- out:
- mp_free(decSsk);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(decSsk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
- {
- wc_test_ret_t ret;
- byte data[32 * 3];
- byte out[32 * 3];
- word32 sz;
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 3)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(priv, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 3)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiKey(priv, out, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 3)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, out, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(priv, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, out, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
- {
- wc_test_ret_t ret;
- byte data[32 * 2 + 1];
- byte pubData[32 * 2 + 1];
- word32 sz;
- ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 2)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 2)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, pubData, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 2 + 1)
- return WC_TEST_RET_ENC_NC;
- if (pubData[0] != 0x04)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- static wc_test_ret_t eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- int valid;
- ret = wc_MakeEccsiKey(priv, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = eccsi_imp_exp_key_test(priv);
- if (ret < 0)
- return ret;
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret < 0)
- return ret;
- ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!valid)
- return WC_TEST_RET_ENC_NC;
- ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
- if (ret != 0)
- return ret;
- return 0;
- }
- static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- byte hashPriv[WC_MAX_DIGEST_SIZE];
- byte hashPub[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[144];
- word32 sigSz;
- int verified, valid;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- byte msg[] = { 0x00 };
- word32 msgSz = sizeof(msg);
- #ifdef WOLFSSL_SHA384
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
- &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
- &hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (hashSz != 32)
- return WC_TEST_RET_ENC_NC;
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
- &hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (hashSz != 32)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(priv, ssk, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
- &sigSz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sigSz != 129)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
- &sigSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that changing HS results in verification failure. */
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (verified)
- return WC_TEST_RET_ENC_NC;
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Check that changing msg results in verification failure. */
- msg[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (verified)
- return WC_TEST_RET_ENC_NC;
- msg[0] ^= 0x80;
- /* Check that changing signature results in verification failure. */
- sig[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (verified)
- return WC_TEST_RET_ENC_NC;
- sig[0] ^= 0x80;
- /* Check that key state hasn't been invalidated. */
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that verifying with the private key works. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that the KPAK is converted from montgomery form. */
- ret = eccsi_imp_exp_key_test(priv);
- if (ret != 0)
- return ret;
- /* Check that KPAK can converted to Montgomery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that the KPAK is converted from montgomery form. */
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!valid)
- return WC_TEST_RET_ENC_NC;
- /* Check that KPAK can converted to Montgomery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that the KPAK is converted from montgomery form. */
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret != 0)
- return ret;
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void)
- {
- wc_test_ret_t ret = 0;
- WC_RNG rng;
- int rng_inited = 0;
- EccsiKey* priv = NULL;
- EccsiKey* pub = NULL;
- mp_int* ssk = NULL;
- ecc_point* pvt = NULL;
- WOLFSSL_ENTER("eccsi_test");
- priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(priv, 0, sizeof(*priv));
- if (ret == 0) {
- pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(pub, 0, sizeof(*pub));
- }
- if (ret == 0) {
- ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ssk == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(ssk, 0, sizeof(*ssk));
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- else
- rng_inited = 1;
- }
- if (ret == 0) {
- pvt = wc_ecc_new_point();
- if (pvt == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- ret = mp_init(ssk);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = eccsi_api_test(&rng, priv, ssk, pvt);
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = eccsi_kat_verify_test(pub, pvt);
- }
- if (ret == 0) {
- ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
- }
- if (ret == 0) {
- ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
- }
- if (pvt != NULL)
- wc_ecc_del_point(pvt);
- if (rng_inited)
- wc_FreeRng(&rng);
- if (ssk != NULL) {
- mp_free(ssk);
- XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub != NULL) {
- wc_FreeEccsiKey(pub);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (priv != NULL) {
- wc_FreeEccsiKey(priv);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_ECCSI */
- #ifdef WOLFCRYPT_HAVE_SAKKE
- static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
- {
- wc_test_ret_t ret;
- byte id[1] = { 0x00 };
- int valid;
- byte data[256];
- word32 sz;
- byte auth[257];
- word16 authSz;
- byte ssv[256];
- word16 ssvSz;
- word32 len;
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(NULL);
- XMEMSET(key, 0, sizeof(*key));
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(NULL, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(key, id, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePrivateKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePrivateKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(NULL, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(key, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(NULL, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(key, data, 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- len--;
- ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkeAuthSize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkeAuthSize(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkeAuthSize(NULL, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(key, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- len--;
- ret = wc_GenerateSakkePointITable(key, data, &len);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(key, data, 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ClearSakkePointITable(NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkePointI(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkePointI(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkePointI(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- sz = 1;
- ret = wc_GetSakkePointI(key, data, &sz);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- sz = 256;
- ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ssvSz = sizeof(ssv);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(key, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ssvSz = sizeof(ssv);
- authSz = sizeof(auth);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(key, rsk, data, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(key);
- return 0;
- }
- static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- WOLFSSL_SMALL_STACK_STATIC const byte rskData[] = {
- 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
- 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
- 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
- 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
- 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
- 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
- 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
- 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
- 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
- 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
- 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
- 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
- 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
- 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
- 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
- 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
- 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
- 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
- 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
- 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
- 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
- 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
- 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
- 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
- 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
- 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
- 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
- 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
- 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
- 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
- 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
- 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
- };
- WOLFSSL_SMALL_STACK_STATIC const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte auth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- WOLFSSL_SMALL_STACK_STATIC const byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- wc_test_ret_t ret;
- int valid;
- byte pubKey[sizeof(pubData) + 1];
- word32 sz = sizeof(pubKey);
- byte tmpSsv[sizeof(encSsv)];
- byte* iTable = NULL;
- word32 iTableLen;
- byte* table = NULL;
- word32 len;
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (valid != 1)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, sizeof(id));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_MakeSakkePointI(key, id, sizeof(id));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- iTableLen = 0;
- ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (iTableLen != 0) {
- iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (iTable == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- len = 0;
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (len > 0) {
- table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_SetSakkeRsk(key, rsk, table, len);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Don't reference table that is about to be freed. */
- ret = wc_ClearSakkePointITable(key);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Dispose of tables */
- if (iTable != NULL)
- XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table != NULL)
- XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- /* Make sure the key public key is exportable - convert to Montgomery form
- * in Validation.
- */
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != sizeof(pubData))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
- return WC_TEST_RET_ENC_NC;
- sz = sizeof(pubData) + 1;
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != sizeof(pubData) + 1)
- return WC_TEST_RET_ENC_NC;
- if (pubKey[0] != 0x04)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t sakke_kat_encapsulate_test(SakkeKey* key)
- {
- static const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- static const word32 idSz = sizeof(id);
- byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- static const word16 ssvSz = sizeof(ssv);
- static const byte expAuth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- static const byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- wc_test_ret_t ret;
- byte auth[257];
- word16 authSz = sizeof(auth);
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(auth, expAuth, authSz) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
- WC_RNG* rng, ecc_point* rsk)
- {
- wc_test_ret_t ret;
- byte data[440];
- byte pubData[257];
- word32 sz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- int valid;
- ecc_point* pubKey = rsk;
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(priv, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 384)
- return WC_TEST_RET_ENC_NC;
- sz--;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- sz++;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 384)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkeKey(key, data, sz - 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkeKey(key, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 128)
- return WC_TEST_RET_ENC_NC;
- sz--;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- sz++;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 128)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePrivateKey(key, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(key, pubKey);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- sz--;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- sz++;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, pubData, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (valid != 1)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (valid != 1)
- return WC_TEST_RET_ENC_NC;
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sz = sizeof(pubData);
- ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != sizeof(pubData))
- return WC_TEST_RET_ENC_NC;
- ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(key);
- return 0;
- }
- static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
- ecc_point* rsk)
- {
- wc_test_ret_t ret;
- byte ssv[16];
- word16 ssvSz;
- byte auth[257];
- word16 authSz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- byte pointI[256];
- word32 sz;
- ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (ssvSz != 16)
- return WC_TEST_RET_ENC_NC;
- ssvSz += 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ssvSz -= 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (ssvSz != 16)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetSakkeAuthSize(pub, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(pub, id, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- NULL, &authSz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- authSz--;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- authSz++;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetSakkePointI(pub, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetSakkePointI(pub, pointI, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(priv, id, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- authSz--;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- authSz++;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ssv[0] ^= 0x80;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != SAKKE_VERIFY_FAIL_E)
- return WC_TEST_RET_ENC_EC(ret);
- ssv[0] ^= 0x80;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
- {
- wc_test_ret_t ret = 0;
- WC_RNG rng;
- int rng_inited = 0;
- SakkeKey* priv = NULL;
- SakkeKey* pub = NULL;
- SakkeKey* key = NULL;
- ecc_point* rsk = NULL;
- WOLFSSL_ENTER("sakke_test");
- priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(priv, 0, sizeof(*priv));
- if (ret == 0) {
- pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(pub, 0, sizeof(*pub));
- }
- if (ret == 0) {
- key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(key, 0, sizeof(*key));
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret == 0)
- rng_inited = 1;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- rsk = wc_ecc_new_point();
- if (rsk == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = sakke_api_test(&rng, key, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_derive_test(pub, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_encapsulate_test(pub);
- }
- if (ret == 0) {
- ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
- }
- if (ret == 0) {
- ret = sakke_op_test(priv, pub, &rng, rsk);
- }
- if (rsk != NULL) {
- wc_ecc_forcezero_point(rsk);
- wc_ecc_del_point(rsk);
- }
- if (rng_inited)
- wc_FreeRng(&rng);
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub != NULL) {
- wc_FreeSakkeKey(pub);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (priv != NULL) {
- wc_FreeSakkeKey(priv);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_SAKKE */
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- typedef struct CMAC_Test_Case {
- int type;
- int partial;
- const byte* m;
- word32 mSz;
- const byte* k;
- word32 kSz;
- const byte* t;
- word32 tSz;
- } CMAC_Test_Case;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
- {
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
- {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- #define KLEN_128 (sizeof(k128))
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
- {
- 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
- 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
- 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
- };
- #define KLEN_192 (sizeof(k192))
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
- {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
- #define KLEN_256 (sizeof(k256))
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte m[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
- };
- #define MLEN_0 (0)
- #define MLEN_128 (128/8)
- #define MLEN_320 (320/8)
- #define MLEN_319 (MLEN_320 - 1)
- #define MLEN_512 (512/8)
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
- {
- 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
- 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
- {
- 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
- 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
- {
- 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
- 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
- {
- 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
- 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
- {
- 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
- 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
- {
- 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
- 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
- {
- 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
- 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
- {
- 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
- 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
- {
- 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
- 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
- {
- 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
- 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
- {
- 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
- 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
- {
- 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
- 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
- {
- 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
- 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
- };
- #endif
- const CMAC_Test_Case testCases[] =
- {
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_192
- {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_256
- {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
- #endif
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Cmac *cmac;
- #else
- Cmac cmac[1];
- #endif
- byte tag[AES_BLOCK_SIZE];
- const CMAC_Test_Case* tc;
- word32 i, tagSz;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("cmac_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- for (i = 0, tc = testCases;
- i < sizeof(testCases)/sizeof(CMAC_Test_Case);
- i++, tc++) {
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = AES_BLOCK_SIZE;
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
- ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
- #else
- ret = wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL);
- #endif
- if (ret != 0)
- {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (tc->partial) {
- ret = wc_CmacUpdate(cmac, tc->m,
- tc->mSz/2 - tc->partial);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
- tc->mSz/2 + tc->partial);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- else {
- ret = wc_CmacUpdate(cmac, tc->m, tc->mSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_CmacFinal(cmac, tag, &tagSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = sizeof(tag);
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
- ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
- tc->k, tc->kSz, NULL, devId);
- #else
- ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
- tc->k, tc->kSz);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
- ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
- tc->k, tc->kSz, HEAP_HINT, devId);
- #else
- ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
- tc->k, tc->kSz);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
- /* Test that keyless generate with init is the same */
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = sizeof(tag);
- ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
- NULL, 0, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif
- }
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (cmac)
- XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
- #endif
- return ret;
- }
- #endif /* NO_AES && WOLFSSL_CMAC */
- #if defined(WOLFSSL_SIPHASH)
- #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
- /* Test vectors from:
- * https://github.com/veorq/SipHash/blob/master/vectors.h
- */
- static const unsigned char siphash_key[SIPHASH_KEY_SIZE] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- static const unsigned char siphash_msg[64] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
- };
- static const unsigned char siphash_r8[64][SIPHASH_MAC_SIZE_8] = {
- { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
- { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
- { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
- { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
- { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
- { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
- { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
- { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
- { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
- { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
- { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
- { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
- { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
- { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
- { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
- { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
- { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
- { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
- { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
- { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
- { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
- { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
- { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
- { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
- { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
- { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
- { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
- { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
- { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
- { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
- { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
- { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
- { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
- { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
- { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
- { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
- { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
- { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
- { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
- { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
- { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
- { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
- { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
- { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
- { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
- { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
- { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
- { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
- { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
- { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
- { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
- { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
- { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
- { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
- { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
- { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
- { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
- { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
- { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
- { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
- { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
- { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
- { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
- { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, },
- };
- static const unsigned char siphash_r16[64][SIPHASH_MAC_SIZE_16] = {
- { 0xa3, 0x81, 0x7f, 0x04, 0xba, 0x25, 0xa8, 0xe6,
- 0x6d, 0xf6, 0x72, 0x14, 0xc7, 0x55, 0x02, 0x93, },
- { 0xda, 0x87, 0xc1, 0xd8, 0x6b, 0x99, 0xaf, 0x44,
- 0x34, 0x76, 0x59, 0x11, 0x9b, 0x22, 0xfc, 0x45, },
- { 0x81, 0x77, 0x22, 0x8d, 0xa4, 0xa4, 0x5d, 0xc7,
- 0xfc, 0xa3, 0x8b, 0xde, 0xf6, 0x0a, 0xff, 0xe4, },
- { 0x9c, 0x70, 0xb6, 0x0c, 0x52, 0x67, 0xa9, 0x4e,
- 0x5f, 0x33, 0xb6, 0xb0, 0x29, 0x85, 0xed, 0x51, },
- { 0xf8, 0x81, 0x64, 0xc1, 0x2d, 0x9c, 0x8f, 0xaf,
- 0x7d, 0x0f, 0x6e, 0x7c, 0x7b, 0xcd, 0x55, 0x79, },
- { 0x13, 0x68, 0x87, 0x59, 0x80, 0x77, 0x6f, 0x88,
- 0x54, 0x52, 0x7a, 0x07, 0x69, 0x0e, 0x96, 0x27, },
- { 0x14, 0xee, 0xca, 0x33, 0x8b, 0x20, 0x86, 0x13,
- 0x48, 0x5e, 0xa0, 0x30, 0x8f, 0xd7, 0xa1, 0x5e, },
- { 0xa1, 0xf1, 0xeb, 0xbe, 0xd8, 0xdb, 0xc1, 0x53,
- 0xc0, 0xb8, 0x4a, 0xa6, 0x1f, 0xf0, 0x82, 0x39, },
- { 0x3b, 0x62, 0xa9, 0xba, 0x62, 0x58, 0xf5, 0x61,
- 0x0f, 0x83, 0xe2, 0x64, 0xf3, 0x14, 0x97, 0xb4, },
- { 0x26, 0x44, 0x99, 0x06, 0x0a, 0xd9, 0xba, 0xab,
- 0xc4, 0x7f, 0x8b, 0x02, 0xbb, 0x6d, 0x71, 0xed, },
- { 0x00, 0x11, 0x0d, 0xc3, 0x78, 0x14, 0x69, 0x56,
- 0xc9, 0x54, 0x47, 0xd3, 0xf3, 0xd0, 0xfb, 0xba, },
- { 0x01, 0x51, 0xc5, 0x68, 0x38, 0x6b, 0x66, 0x77,
- 0xa2, 0xb4, 0xdc, 0x6f, 0x81, 0xe5, 0xdc, 0x18, },
- { 0xd6, 0x26, 0xb2, 0x66, 0x90, 0x5e, 0xf3, 0x58,
- 0x82, 0x63, 0x4d, 0xf6, 0x85, 0x32, 0xc1, 0x25, },
- { 0x98, 0x69, 0xe2, 0x47, 0xe9, 0xc0, 0x8b, 0x10,
- 0xd0, 0x29, 0x93, 0x4f, 0xc4, 0xb9, 0x52, 0xf7, },
- { 0x31, 0xfc, 0xef, 0xac, 0x66, 0xd7, 0xde, 0x9c,
- 0x7e, 0xc7, 0x48, 0x5f, 0xe4, 0x49, 0x49, 0x02, },
- { 0x54, 0x93, 0xe9, 0x99, 0x33, 0xb0, 0xa8, 0x11,
- 0x7e, 0x08, 0xec, 0x0f, 0x97, 0xcf, 0xc3, 0xd9, },
- { 0x6e, 0xe2, 0xa4, 0xca, 0x67, 0xb0, 0x54, 0xbb,
- 0xfd, 0x33, 0x15, 0xbf, 0x85, 0x23, 0x05, 0x77, },
- { 0x47, 0x3d, 0x06, 0xe8, 0x73, 0x8d, 0xb8, 0x98,
- 0x54, 0xc0, 0x66, 0xc4, 0x7a, 0xe4, 0x77, 0x40, },
- { 0xa4, 0x26, 0xe5, 0xe4, 0x23, 0xbf, 0x48, 0x85,
- 0x29, 0x4d, 0xa4, 0x81, 0xfe, 0xae, 0xf7, 0x23, },
- { 0x78, 0x01, 0x77, 0x31, 0xcf, 0x65, 0xfa, 0xb0,
- 0x74, 0xd5, 0x20, 0x89, 0x52, 0x51, 0x2e, 0xb1, },
- { 0x9e, 0x25, 0xfc, 0x83, 0x3f, 0x22, 0x90, 0x73,
- 0x3e, 0x93, 0x44, 0xa5, 0xe8, 0x38, 0x39, 0xeb, },
- { 0x56, 0x8e, 0x49, 0x5a, 0xbe, 0x52, 0x5a, 0x21,
- 0x8a, 0x22, 0x14, 0xcd, 0x3e, 0x07, 0x1d, 0x12, },
- { 0x4a, 0x29, 0xb5, 0x45, 0x52, 0xd1, 0x6b, 0x9a,
- 0x46, 0x9c, 0x10, 0x52, 0x8e, 0xff, 0x0a, 0xae, },
- { 0xc9, 0xd1, 0x84, 0xdd, 0xd5, 0xa9, 0xf5, 0xe0,
- 0xcf, 0x8c, 0xe2, 0x9a, 0x9a, 0xbf, 0x69, 0x1c, },
- { 0x2d, 0xb4, 0x79, 0xae, 0x78, 0xbd, 0x50, 0xd8,
- 0x88, 0x2a, 0x8a, 0x17, 0x8a, 0x61, 0x32, 0xad, },
- { 0x8e, 0xce, 0x5f, 0x04, 0x2d, 0x5e, 0x44, 0x7b,
- 0x50, 0x51, 0xb9, 0xea, 0xcb, 0x8d, 0x8f, 0x6f, },
- { 0x9c, 0x0b, 0x53, 0xb4, 0xb3, 0xc3, 0x07, 0xe8,
- 0x7e, 0xae, 0xe0, 0x86, 0x78, 0x14, 0x1f, 0x66, },
- { 0xab, 0xf2, 0x48, 0xaf, 0x69, 0xa6, 0xea, 0xe4,
- 0xbf, 0xd3, 0xeb, 0x2f, 0x12, 0x9e, 0xeb, 0x94, },
- { 0x06, 0x64, 0xda, 0x16, 0x68, 0x57, 0x4b, 0x88,
- 0xb9, 0x35, 0xf3, 0x02, 0x73, 0x58, 0xae, 0xf4, },
- { 0xaa, 0x4b, 0x9d, 0xc4, 0xbf, 0x33, 0x7d, 0xe9,
- 0x0c, 0xd4, 0xfd, 0x3c, 0x46, 0x7c, 0x6a, 0xb7, },
- { 0xea, 0x5c, 0x7f, 0x47, 0x1f, 0xaf, 0x6b, 0xde,
- 0x2b, 0x1a, 0xd7, 0xd4, 0x68, 0x6d, 0x22, 0x87, },
- { 0x29, 0x39, 0xb0, 0x18, 0x32, 0x23, 0xfa, 0xfc,
- 0x17, 0x23, 0xde, 0x4f, 0x52, 0xc4, 0x3d, 0x35, },
- { 0x7c, 0x39, 0x56, 0xca, 0x5e, 0xea, 0xfc, 0x3e,
- 0x36, 0x3e, 0x9d, 0x55, 0x65, 0x46, 0xeb, 0x68, },
- { 0x77, 0xc6, 0x07, 0x71, 0x46, 0xf0, 0x1c, 0x32,
- 0xb6, 0xb6, 0x9d, 0x5f, 0x4e, 0xa9, 0xff, 0xcf, },
- { 0x37, 0xa6, 0x98, 0x6c, 0xb8, 0x84, 0x7e, 0xdf,
- 0x09, 0x25, 0xf0, 0xf1, 0x30, 0x9b, 0x54, 0xde, },
- { 0xa7, 0x05, 0xf0, 0xe6, 0x9d, 0xa9, 0xa8, 0xf9,
- 0x07, 0x24, 0x1a, 0x2e, 0x92, 0x3c, 0x8c, 0xc8, },
- { 0x3d, 0xc4, 0x7d, 0x1f, 0x29, 0xc4, 0x48, 0x46,
- 0x1e, 0x9e, 0x76, 0xed, 0x90, 0x4f, 0x67, 0x11, },
- { 0x0d, 0x62, 0xbf, 0x01, 0xe6, 0xfc, 0x0e, 0x1a,
- 0x0d, 0x3c, 0x47, 0x51, 0xc5, 0xd3, 0x69, 0x2b, },
- { 0x8c, 0x03, 0x46, 0x8b, 0xca, 0x7c, 0x66, 0x9e,
- 0xe4, 0xfd, 0x5e, 0x08, 0x4b, 0xbe, 0xe7, 0xb5, },
- { 0x52, 0x8a, 0x5b, 0xb9, 0x3b, 0xaf, 0x2c, 0x9c,
- 0x44, 0x73, 0xcc, 0xe5, 0xd0, 0xd2, 0x2b, 0xd9, },
- { 0xdf, 0x6a, 0x30, 0x1e, 0x95, 0xc9, 0x5d, 0xad,
- 0x97, 0xae, 0x0c, 0xc8, 0xc6, 0x91, 0x3b, 0xd8, },
- { 0x80, 0x11, 0x89, 0x90, 0x2c, 0x85, 0x7f, 0x39,
- 0xe7, 0x35, 0x91, 0x28, 0x5e, 0x70, 0xb6, 0xdb, },
- { 0xe6, 0x17, 0x34, 0x6a, 0xc9, 0xc2, 0x31, 0xbb,
- 0x36, 0x50, 0xae, 0x34, 0xcc, 0xca, 0x0c, 0x5b, },
- { 0x27, 0xd9, 0x34, 0x37, 0xef, 0xb7, 0x21, 0xaa,
- 0x40, 0x18, 0x21, 0xdc, 0xec, 0x5a, 0xdf, 0x89, },
- { 0x89, 0x23, 0x7d, 0x9d, 0xed, 0x9c, 0x5e, 0x78,
- 0xd8, 0xb1, 0xc9, 0xb1, 0x66, 0xcc, 0x73, 0x42, },
- { 0x4a, 0x6d, 0x80, 0x91, 0xbf, 0x5e, 0x7d, 0x65,
- 0x11, 0x89, 0xfa, 0x94, 0xa2, 0x50, 0xb1, 0x4c, },
- { 0x0e, 0x33, 0xf9, 0x60, 0x55, 0xe7, 0xae, 0x89,
- 0x3f, 0xfc, 0x0e, 0x3d, 0xcf, 0x49, 0x29, 0x02, },
- { 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1,
- 0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b, },
- { 0xf7, 0xe5, 0xae, 0xf5, 0x49, 0xf7, 0x82, 0xcf,
- 0x37, 0x90, 0x55, 0xa6, 0x08, 0x26, 0x9b, 0x16, },
- { 0x43, 0x8d, 0x03, 0x0f, 0xd0, 0xb7, 0xa5, 0x4f,
- 0xa8, 0x37, 0xf2, 0xad, 0x20, 0x1a, 0x64, 0x03, },
- { 0xa5, 0x90, 0xd3, 0xee, 0x4f, 0xbf, 0x04, 0xe3,
- 0x24, 0x7e, 0x0d, 0x27, 0xf2, 0x86, 0x42, 0x3f, },
- { 0x5f, 0xe2, 0xc1, 0xa1, 0x72, 0xfe, 0x93, 0xc4,
- 0xb1, 0x5c, 0xd3, 0x7c, 0xae, 0xf9, 0xf5, 0x38, },
- { 0x2c, 0x97, 0x32, 0x5c, 0xbd, 0x06, 0xb3, 0x6e,
- 0xb2, 0x13, 0x3d, 0xd0, 0x8b, 0x3a, 0x01, 0x7c, },
- { 0x92, 0xc8, 0x14, 0x22, 0x7a, 0x6b, 0xca, 0x94,
- 0x9f, 0xf0, 0x65, 0x9f, 0x00, 0x2a, 0xd3, 0x9e, },
- { 0xdc, 0xe8, 0x50, 0x11, 0x0b, 0xd8, 0x32, 0x8c,
- 0xfb, 0xd5, 0x08, 0x41, 0xd6, 0x91, 0x1d, 0x87, },
- { 0x67, 0xf1, 0x49, 0x84, 0xc7, 0xda, 0x79, 0x12,
- 0x48, 0xe3, 0x2b, 0xb5, 0x92, 0x25, 0x83, 0xda, },
- { 0x19, 0x38, 0xf2, 0xcf, 0x72, 0xd5, 0x4e, 0xe9,
- 0x7e, 0x94, 0x16, 0x6f, 0xa9, 0x1d, 0x2a, 0x36, },
- { 0x74, 0x48, 0x1e, 0x96, 0x46, 0xed, 0x49, 0xfe,
- 0x0f, 0x62, 0x24, 0x30, 0x16, 0x04, 0x69, 0x8e, },
- { 0x57, 0xfc, 0xa5, 0xde, 0x98, 0xa9, 0xd6, 0xd8,
- 0x00, 0x64, 0x38, 0xd0, 0x58, 0x3d, 0x8a, 0x1d, },
- { 0x9f, 0xec, 0xde, 0x1c, 0xef, 0xdc, 0x1c, 0xbe,
- 0xd4, 0x76, 0x36, 0x74, 0xd9, 0x57, 0x53, 0x59, },
- { 0xe3, 0x04, 0x0c, 0x00, 0xeb, 0x28, 0xf1, 0x53,
- 0x66, 0xca, 0x73, 0xcb, 0xd8, 0x72, 0xe7, 0x40, },
- { 0x76, 0x97, 0x00, 0x9a, 0x6a, 0x83, 0x1d, 0xfe,
- 0xcc, 0xa9, 0x1c, 0x59, 0x93, 0x67, 0x0f, 0x7a, },
- { 0x58, 0x53, 0x54, 0x23, 0x21, 0xf5, 0x67, 0xa0,
- 0x05, 0xd5, 0x47, 0xa4, 0xf0, 0x47, 0x59, 0xbd, },
- { 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a,
- 0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, },
- };
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
- {
- wc_test_ret_t ret = 0;
- int i;
- #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
- unsigned char res[SIPHASH_MAC_SIZE_16];
- unsigned char tmp[SIPHASH_MAC_SIZE_8];
- SipHash siphash;
- WOLFSSL_ENTER("siphash_test (1)");
- for (i = 0; i < 64; i++) {
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- for (i = 0; i < 64; i++) {
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- #else
- WOLFSSL_ENTER("siphash_test (1)");
- #endif
- /* Testing bad parameters. */
- ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, siphash_key, 7);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Test cache with multiple non blocksize bytes */
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, 5);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, siphash_msg + 5, 4);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, 9);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, tmp, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(res, tmp, SIPHASH_MAC_SIZE_8) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* WOLFSSL_SIPHASH */
- #ifdef HAVE_LIBZ
- static const byte sample_text[] =
- "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
- "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
- "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
- "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
- "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
- "small batch meggings kogi dolore food truck bespoke gastropub.\n"
- "\n"
- "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
- "four loko you probably haven't heard of them high life. Messenger bag\n"
- "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
- "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
- "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
- "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
- "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
- "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
- "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
- "four loko whatever street art yr farm-to-table.\n"
- "\n"
- "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
- "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
- "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
- "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
- "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
- "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
- "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
- "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
- "locavore.\n"
- "\n"
- "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
- "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
- "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
- "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
- "small batch american apparel. Put a bird on it cosby sweater before they\n"
- "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
- "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
- "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
- "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
- "neutra PBR selvage.\n"
- "\n"
- "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
- "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
- "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
- "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
- "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
- "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
- "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
- "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
- "mollit magna, sriracha sartorial helvetica.\n"
- "\n"
- "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
- "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
- "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
- "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
- "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
- "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
- "Veniam sunt food truck leggings, sint vinyl fap.\n"
- "\n"
- "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
- "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
- "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
- "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
- "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
- "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
- "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
- "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
- "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
- "\n"
- "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
- "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
- "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
- "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
- "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
- "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
- "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
- "bag dolor terry richardson sapiente.\n";
- static const byte sample_text_gz[] = {
- 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
- 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
- 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
- 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
- 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
- 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
- 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
- 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
- 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
- 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
- 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
- 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
- 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
- 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
- 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
- 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
- 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
- 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
- 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
- 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
- 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
- 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
- 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
- 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
- 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
- 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
- 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
- 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
- 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
- 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
- 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
- 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
- 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
- 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
- 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
- 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
- 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
- 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
- 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
- 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
- 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
- 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
- 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
- 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
- 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
- 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
- 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
- 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
- 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
- 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
- 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
- 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
- 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
- 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
- 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
- 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
- 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
- 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
- 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
- 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
- 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
- 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
- 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
- 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
- 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
- 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
- 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
- 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
- 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
- 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
- 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
- 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
- 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
- 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
- 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
- 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
- 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
- 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
- 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
- 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
- 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
- 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
- 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
- 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
- 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
- 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
- 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
- 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
- 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
- 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
- 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
- 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
- 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
- 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
- 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
- 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
- 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
- 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
- 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
- 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
- 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
- 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
- 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
- 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
- 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
- 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
- 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
- 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
- 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
- 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
- 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
- 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
- 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
- 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
- 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
- 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
- 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
- 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
- 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
- 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
- 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
- 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
- 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
- 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
- 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
- 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
- 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
- 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
- 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
- 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
- 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
- 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
- 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
- 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
- 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
- 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
- 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
- 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
- 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
- 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
- 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
- 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
- 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
- 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
- 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
- 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
- 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
- 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
- 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
- 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
- {
- wc_test_ret_t ret = 0;
- word32 dSz = sizeof(sample_text);
- word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
- byte *c;
- byte *d;
- WOLFSSL_ENTER("compress_test");
- c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (c == NULL || d == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- /* follow calloc and initialize to 0 */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- cSz = (word32)ret;
- if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- dSz = (word32)ret;
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- /* GZIP tests */
- cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- cSz = (word32)ret;
- ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- /* Try with gzip generated output */
- XMEMSET(d, 0, dSz);
- ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
- LIBZ_WINBITS_GZIP);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- dSz = (word32)ret;
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- ret = 0; /* success */
- exit:
- if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_LIBZ */
- #ifdef HAVE_PKCS7
- /* External Debugging/Testing Note:
- *
- * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
- * additional testing. To dump bundles to files DER encoded files, please
- * define:
- *
- * #define PKCS7_OUTPUT_TEST_BUNDLES
- */
- /* Loads certs and keys for use with PKCS7 tests, from either files
- * or buffers.
- *
- * rsaClientCertBuf - output buffer for RSA client cert
- * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
- * rsaClientPrivKeyBuf - output buffer for RSA client private key
- * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
- *
- * rsaServerCertBuf - output buffer for RSA server cert
- * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
- * rsaServerPrivKeyBuf - output buffer for RSA server private key
- * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
- *
- * rsaCaCertBuf - output buffer for RSA CA cert
- * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
- * rsaCaPrivKeyBuf - output buffer for RSA CA private key
- * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
- *
- * eccClientCertBuf - output buffer for ECC cert
- * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
- * eccClientPrivKeyBuf - output buffer for ECC private key
- * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
- *
- * Returns 0 on success, negative on error
- */
- static wc_test_ret_t pkcs7_load_certs_keys(
- byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32* eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
- {
- #ifndef NO_FILESYSTEM
- XFILE certFile;
- XFILE keyFile;
- (void)certFile;
- (void)keyFile;
- #endif
- #ifndef NO_RSA
- if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
- rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- #ifdef HAVE_ECC
- if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
- eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- /* RSA */
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
- sizeof_client_cert_der_1024);
- *rsaClientCertBufSz = sizeof_client_cert_der_1024;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
- sizeof_server_cert_der_1024);
- *rsaServerCertBufSz = sizeof_server_cert_der_1024;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- *rsaCaCertBufSz = sizeof_ca_cert_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
- sizeof_client_cert_der_2048);
- *rsaClientCertBufSz = sizeof_client_cert_der_2048;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
- sizeof_server_cert_der_2048);
- *rsaServerCertBufSz = sizeof_server_cert_der_2048;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- *rsaCaCertBufSz = sizeof_ca_cert_der_2048;
- }
- #else
- certFile = XFOPEN(clientCert, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
- *rsaClientCertBufSz, certFile);
- XFCLOSE(certFile);
- if (*rsaClientCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- if (rsaServerCertBuf != NULL) {
- certFile = XFOPEN(rsaServerCertDerFile, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
- *rsaServerCertBufSz, certFile);
- XFCLOSE(certFile);
- if (*rsaServerCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- if (rsaCaCertBuf != NULL) {
- certFile = XFOPEN(rsaCaCertDerFile, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
- certFile);
- XFCLOSE(certFile);
- if (*rsaCaCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
- sizeof_client_key_der_1024);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
- sizeof_server_key_der_1024);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
- sizeof_client_key_der_2048);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
- sizeof_server_key_der_2048);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
- }
- #else
- keyFile = XFOPEN(clientKey, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
- *rsaClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*rsaClientPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- if (rsaServerPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
- *rsaServerPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*rsaServerPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaCaKeyFile, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
- *rsaCaPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*rsaCaPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif /* USE_CERT_BUFFERS */
- #endif /* NO_RSA */
- /* ECC */
- #ifdef HAVE_ECC
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- *eccClientCertBufSz = sizeof_cliecc_cert_der_256;
- #else
- certFile = XFOPEN(eccClientCert, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
- *eccClientCertBufSz, certFile);
- XFCLOSE(certFile);
- if (*eccClientCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- #endif /* USE_CERT_BUFFERS_256 */
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
- #else
- keyFile = XFOPEN(eccClientKey, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
- *eccClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*eccClientPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* HAVE_ECC */
- #ifdef NO_RSA
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- #endif
- #ifndef HAVE_ECC
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- #endif
- #ifndef NO_FILESYSTEM
- (void)certFile;
- (void)keyFile;
- #endif
- return 0;
- }
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- const byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- const byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- const char* password;
- word32 passwordSz;
- const byte* salt;
- word32 saltSz;
- int kdfOID;
- int hashOID;
- int kdfIterations;
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7EnvelopedVector;
- static const byte asnDataOid[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
- };
- /* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
- * and giving wolfCrypt the value for oriOID and oriValue to place in
- * OtherRecipientInfo.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
- word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
- void* ctx)
- {
- int i;
- /* make sure buffers are large enough */
- if (*oriValueSz < (2 + cekSz))
- return WC_TEST_RET_ENC_NC;
- if (*oriTypeSz < sizeof(asnDataOid))
- return WC_TEST_RET_ENC_NC;
- /* our simple encryption algorithm will be take the bitwise complement */
- oriValue[0] = 0x04; /*ASN OCTET STRING */
- oriValue[1] = (byte)cekSz; /* length */
- for (i = 0; i < (int)cekSz; i++) {
- oriValue[2 + i] = ~cek[i];
- }
- *oriValueSz = 2 + cekSz;
- /* set oriType to ASN.1 encoded data OID */
- XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
- *oriTypeSz = sizeof(asnDataOid);
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- /* ORI decrypt callback, responsible for providing a decrypted content
- * encryption key (CEK) placed into decryptedKey and size placed into
- * decryptedKeySz. oriOID and oriValue are given to the callback to help
- * in decrypting the encrypted CEK.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
- byte* oriValue, word32 oriValueSz, byte* decryptedKey,
- word32* decryptedKeySz, void* ctx)
- {
- int i;
- /* make sure oriType matches what we expect */
- if (oriTypeSz != sizeof(asnDataOid))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* make sure decrypted buffer is large enough */
- if (*decryptedKeySz < oriValueSz)
- return WC_TEST_RET_ENC_NC;
- /* decrypt encrypted CEK using simple bitwise complement,
- only for example */
- for (i = 0; i < (int)oriValueSz - 2; i++) {
- decryptedKey[i] = ~oriValue[2 + i];
- }
- *decryptedKeySz = oriValueSz - 2;
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- /* returns 0 on success */
- static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
- byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
- byte* in, int inSz, byte* out, void* usrCtx)
- {
- wc_test_ret_t ret;
- int keyId = -1, keySz;
- word32 keyIdSz = 8;
- const byte* key;
- byte keyIdRaw[8];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- /* looking for KEY ID
- * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
- */
- WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
- /* 0x06, 0x0B do not pass in tag and length */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- /* test user context passed in */
- if (usrCtx == NULL || *(int*)usrCtx != 1) {
- return WC_TEST_RET_ENC_NC;
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- /* if needing to find keyIdSz can call with NULL */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
- &keyIdSz);
- if (ret != LENGTH_ONLY_E) {
- printf("Unexpected error %d when getting keyIdSz\n", ret);
- printf("Possibly no KEY ID attribute set\n");
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- else {
- XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
- &keyIdSz);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (keyIdSz < 3) {
- printf("keyIdSz is smaller than expected\n");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- if (keyIdSz > 2 + sizeof(int)) {
- printf("example case was only expecting a keyId of int size\n");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- #ifdef BIG_ENDIAN_ORDER
- if (keyIdRaw[1] == 0x01) {
- keyId = 1;
- }
- #else
- XMEMCPY(&keyId, keyIdRaw + 2, sizeof(keyId));
- #endif
- }
- /* Use keyID here if found to select key and decrypt in HSM or in this
- * example just select key and do software decryption */
- if (keyId == 1) {
- key = altKey;
- keySz = sizeof(altKey);
- }
- else {
- key = defKey;
- keySz = sizeof(defKey);
- }
- switch (encryptOID) {
- #ifdef WOLFSSL_AES_256
- case AES256CBCb:
- if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
- WARNING_OUT(BAD_FUNC_ARG, out);
- break;
- #endif
- #ifdef WOLFSSL_AES_128
- case AES128CBCb:
- if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
- ERROR_OUT(BAD_FUNC_ARG, out);
- break;
- #endif
- default:
- printf("Unsupported content cipher type for example");
- ERROR_OUT(ALGO_ID_E, out);
- };
- ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz);
- wc_AesFree(aes);
- }
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- (void)aad;
- (void)aadSz;
- (void)authTag;
- (void)authTagSz;
- return (int)ret;
- }
- #endif /* !NO_AES && HAVE_AES_CBC */
- #define PKCS7_BUF_SIZE 2048
- static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- wc_test_ret_t ret = 0;
- int testSz = 0, i;
- int envelopedSz, decodedSz;
- byte *enveloped = NULL;
- byte *decoded = NULL;
- PKCS7* pkcs7 = NULL;
- #ifdef ECC_TIMING_RESISTANT
- WC_RNG rng;
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
- defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
- byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
- !defined(NO_SHA)
- /* encryption key for kekri recipient types */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
- !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
- #else
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- #define MAX_TESTVECTORS_LEN 13
- #define ADD_PKCS7ENVELOPEDVECTOR(...) { \
- pkcs7EnvelopedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
- }
- pkcs7EnvelopedVector *testVectors = NULL;
- #ifdef ECC_TIMING_RESISTANT
- XMEMSET(&rng, 0, sizeof(rng));
- #endif
- testVectors = (pkcs7EnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #ifndef NO_DES3
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataDES3.der");
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC.der");
- #endif
- #ifdef WOLFSSL_AES_192
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES192CBC.der");
- #endif
- #ifdef WOLFSSL_AES_256
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC.der");
- /* explicitly using SKID for SubjectKeyIdentifier */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_SKID.der");
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der");
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der");
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der");
- /* with optional user keying material (ukm) */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der");
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* !NO_AES && HAVE_AES_CBC */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
- secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_KEKRI.der");
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
- (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der");
- #endif
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
- /* ori (OtherRecipientInfo) recipient types */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
- NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der");
- #endif
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7ENVELOPEDVECTOR
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef ECC_TIMING_RESISTANT
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- (byte *)testVectors[i].secretKey, testVectors[i].secretKeySz,
- (byte *)testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, (byte *)testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].password != NULL) {
- #if !defined(NO_PWDBASED) && !defined(NO_SHA)
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte *)testVectors[i].password, testVectors[i].passwordSz,
- (byte *)testVectors[i].salt, testVectors[i].saltSz,
- testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].encryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif /* ! NO_PWDBASED && ! NO_SHA */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
- }
- /* decode envelopedData */
- pkcs7->contentOID = 0;
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, (word32)envelopedSz,
- decoded, PKCS7_BUF_SIZE);
- if (pkcs7->contentOID != testVectors[i].contentOID ||
- decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #ifdef ECC_TIMING_RESISTANT
- wc_FreeRng(&rng);
- #endif
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- out:
- if (testVectors)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- WOLFSSL_ENTER("pkcs7enveloped_test");
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_NC;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- PKCS7Attrib* authAttribs;
- word32 authAttribsSz;
- PKCS7Attrib* unauthAttribs;
- word32 unauthAttribsSz;
- /* KARI / KTRI specific */
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- char* password; /* password */
- word32 passwordSz; /* password size, bytes */
- byte* salt; /* KDF salt */
- word32 saltSz; /* KDF salt size, bytes */
- int kdfOID; /* KDF OID */
- int hashOID; /* KDF hash algorithm OID */
- int kdfIterations; /* KDF iterations */
- int kekEncryptOID; /* KEK encryption algorithm OID */
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7AuthEnvelopedVector;
- static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- wc_test_ret_t ret = 0;
- int testSz = 0, i;
- int envelopedSz, decodedSz;
- byte *enveloped = NULL;
- byte *decoded = NULL;
- WC_RNG rng;
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- byte senderNonce[PKCS7_NONCE_SZ + 2];
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- PKCS7Attrib attribs[] =
- {
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- #endif
- #endif
- #endif
- #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
- defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM)
- WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- /* encryption key for kekri recipient types */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- #define MAX_TESTVECTORS_LEN 20
- #define ADD_PKCS7AUTHENVELOPEDVECTOR(...) { \
- pkcs7AuthEnvelopedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, \
- sizeof _this_vector); \
- }
- pkcs7AuthEnvelopedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7AuthEnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES128GCM.der");
- #endif
- #ifdef WOLFSSL_AES_192
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES192GCM.der");
- #endif
- #ifdef WOLFSSL_AES_256
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES256GCM.der");
- /* test with contentType set to FirmwarePkgData */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
- rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
- 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
- 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der");
- /* explicitly using SKID for SubjectKeyIdentifier */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der");
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
- CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
- #endif
- #else /* NO_AES || !HAVE_AESGCM */
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif /* NO_AES || !HAVE_AESGCM */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der");
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der");
- /* with authenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der");
- /* with unauthenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, attribs,
- (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der");
- /* with authenticated AND unauthenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der");
- /* with authenticated AND unauthenticated attributes AND
- * contentType of FirmwarePkgData */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der");
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der");
- /* with optional user keying material (ukm) */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
- 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* NO_AES */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
- (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_KEKRI.der");
- #endif
- #endif
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
- (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der");
- #endif
- #endif
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- /* ori (OtherRecipientInfo) recipient types */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
- "pkcs7authEnvelopedDataAES128GCM_ORI.der");
- #endif
- #endif
- }
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7AUTHENVELOPEDVECTOR
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* generate senderNonce */
- {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0) {
- wc_FreeRng(&rng);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- testVectors[i].secretKey, testVectors[i].secretKeySz,
- testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].password != NULL) {
- #if !defined(NO_PWDBASED) && !defined(NO_SHA)
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte*)testVectors[i].password,
- testVectors[i].passwordSz, testVectors[i].salt,
- testVectors[i].saltSz, testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif /* ! NO_PWDBASED && ! NO_SHA */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
- enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #endif
- /* decode envelopedData */
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
- (word32)envelopedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- wc_FreeRng(&rng);
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- (void)secretKey;
- (void)secretKeyId;
- #endif
- #ifdef NO_RSA
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif
- out:
- if (testVectors)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- WOLFSSL_ENTER("pkcs7authenveloped_test");
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_NC;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_AESGCM || HAVE_AESCCM */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- static const byte p7DefKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static const byte p7AltKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
- word32 keyIdSz, byte* orginKey, word32 orginKeySz,
- byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
- {
- wc_test_ret_t ret;
- if (cek == NULL || out == NULL)
- return BAD_FUNC_ARG;
- /* test case sanity checks */
- if (keyIdSz != 1) {
- return WC_TEST_RET_ENC_NC;
- }
- if (keyId[0] != 0x00) {
- return WC_TEST_RET_ENC_NC;
- }
- if (type != (int)PKCS7_KEKRI) {
- return WC_TEST_RET_ENC_NC;
- }
- switch (keyWrapAlgo) {
- case AES256_WRAP:
- ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
- out, outSz, NULL);
- if (ret <= 0)
- return (int)ret;
- break;
- default:
- WOLFSSL_MSG("Unsupported key wrap algorithm in example");
- return BAD_KEYWRAP_ALG_E;
- };
- (void)pkcs7;
- (void)direction;
- (void)orginKey; /* used with KAKRI */
- (void)orginKeySz;
- return (int)ret;
- }
- /* returns key size on success */
- static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
- {
- wc_test_ret_t ret;
- word32 atrSz;
- byte atr[256];
- /* Additionally can look for fwWrappedFirmwareKey
- * 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- /* 0x06, 0x0B */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- /* find keyID in fwWrappedFirmwareKey */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
- if (ret == LENGTH_ONLY_E) {
- XMEMSET(atr, 0, sizeof(atr));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), atr, &atrSz);
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- if (ret > 0) {
- PKCS7* envPkcs7;
- envPkcs7 = wc_PKCS7_New(NULL, 0);
- if (envPkcs7 == NULL) {
- return MEMORY_E;
- }
- wc_PKCS7_Init(envPkcs7, NULL, 0);
- ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
- if (ret == 0) {
- /* expecting FIRMWARE_PKG_DATA content */
- envPkcs7->contentOID = FIRMWARE_PKG_DATA;
- ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
- key, keySz);
- if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) {
- /* the contentOID should have been set to the inner
- * FIRMWARE_PKG_DATA content */
- ret = BAD_STATE_E;
- }
- }
- wc_PKCS7_Free(envPkcs7);
- }
- }
- return ret;
- }
- /* create a KEKRI enveloped data
- * return size on success */
- static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out,
- word32 outSz)
- {
- wc_test_ret_t ret;
- PKCS7* pkcs7;
- WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- pkcs7->content = in;
- pkcs7->contentSz = inSz;
- pkcs7->contentOID = FIRMWARE_PKG_DATA;
- pkcs7->encryptOID = AES256CBCb;
- pkcs7->ukm = NULL;
- pkcs7->ukmSz = 0;
- /* add recipient (KEKRI type) */
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
- sizeof(p7DefKey), (byte*)keyId,
- sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
- if (ret < 0) {
- printf("wc_PKCS7_AddRecipient_KEKRI() failed\n");
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* encode envelopedData, returns size */
- ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
- if (ret <= 0) {
- printf("wc_PKCS7_EncodeEnvelopedData() failed\n");
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /*
- * keyHint is the KeyID to be set in the fwDecryptKeyID attribute
- * returns size of buffer output on success
- */
- static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
- word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
- byte* key, word32 keySz)
- {
- wc_test_ret_t ret;
- int attribNum = 1;
- PKCS7* pkcs7;
- /* KEY ID
- * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
- */
- const unsigned char fwDecryptKeyID[] = {
- 0x06, 0x0B,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- byte keyID[] = { 0x04, 0x01, 0x00 };
- byte env[256];
- char data[] = "Test of wolfSSL PKCS7 decrypt callback";
- PKCS7Attrib attribs[] =
- {
- { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
- { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
- };
- keyID[2] = keyHint;
- /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
- sizeof(env));
- if (ret <= 0) {
- return ret;
- }
- attribs[1].valueSz = (word32)ret;
- attribNum++;
- }
- /* init PKCS7 */
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
- if (ret != 0) {
- printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* encode Signed Encrypted FirmwarePkgData */
- if (encryptKeySz == 16) {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, (word32)attribNum, out, *outSz);
- }
- else {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, (word32)attribNum, out, *outSz);
- }
- if (ret <= 0) {
- printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
- "ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- } else {
- *outSz = (word32)ret;
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /* test verification and decryption of PKCS7 bundle
- * return 0 on success
- */
- static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
- {
- wc_test_ret_t ret = 0;
- int usrCtx = 1; /* test value to pass as user context to callback */
- PKCS7* pkcs7 = NULL;
- byte* sid = NULL;
- word32 sidSz;
- byte key[256];
- word32 keySz = sizeof(key);
- byte *decoded = NULL;
- int decodedSz = FOURK_BUF/2;
- WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
- #ifdef NO_SHA
- #ifdef USE_CERT_BUFFERS_1024
- 0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9,
- 0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2,
- 0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06,
- 0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9
- #else
- 0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36,
- 0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e,
- 0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4,
- 0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71
- #endif
- #else /* !NO_SHA */
- #ifdef USE_CERT_BUFFERS_1024
- 0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
- 0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
- 0x10, 0x69, 0x59, 0xec,
- #else
- 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
- 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
- 0xD7, 0x85, 0x65, 0xC0
- #endif
- #endif /* !NO_SHA */
- };
- decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
- if (pkcs7 == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- /* Test verify */
- ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
- if (ret != 0)
- goto out;
- /* Get size of SID and print it out */
- ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
- if (ret != LENGTH_ONLY_E)
- goto out;
- sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sid == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
- if (ret != 0)
- goto out;
- ret = XMEMCMP(sid, expectedSid, sidSz);
- if (ret != 0) {
- ret = PKCS7_NO_SIGNER_E; /* close enough */
- goto out;
- }
- /* get expected fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = getFirmwareKey(pkcs7, key, keySz);
- if (ret < 0)
- goto out;
- pkcs7->encryptionKey = key;
- pkcs7->encryptionKeySz = (word32)ret;
- }
- else {
- decodedSz = PKCS7_BUF_SIZE;
- ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
- if (ret != 0)
- goto out;
- }
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, decoded, (word32)decodedSz);
- if (decodedSz < 0) {
- ret = decodedSz;
- goto out;
- }
- ret = 0;
- out:
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- if (sid)
- XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
- {
- wc_test_ret_t ret = 0;
- word32 derSz;
- byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_ENTER("pkcs7callback_test");
- if (! derBuf)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* Doing default generation and verify */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
- certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = verifyBundle(derBuf, derSz, 0);
- if (ret != 0)
- ERROR_OUT(ret, out);
- /* test choosing other key with keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(ret, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret != 0)
- ERROR_OUT(ret, out);
- /* test fail case with wrong keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(ret, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- ret = 0;
- out:
- if (derBuf)
- XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* !NO_AES && HAVE_AES_CBC */
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- byte* encryptionKey;
- word32 encryptionKeySz;
- PKCS7Attrib* attribs;
- word32 attribsSz;
- const char* outFileName;
- } pkcs7EncryptedVector;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
- {
- wc_test_ret_t ret = 0;
- int i, testSz;
- int encryptedSz, decodedSz, attribIdx;
- PKCS7* pkcs7;
- byte *encrypted;
- byte *decoded;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- PKCS7Attrib* expectedAttrib;
- PKCS7DecodedAttrib* decodedAttrib;
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_DES3
- byte desKey[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- byte des3Key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- byte aes128Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte aes192Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Attribute example from RFC 4134, Section 7.2
- * OID = 1.2.5555
- * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
- static const byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
- static const byte genAttr[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
- static const byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
- static const byte genAttr2[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
- PKCS7Attrib attribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
- };
- PKCS7Attrib multiAttribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
- { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
- };
- #endif
- #endif /* NO_AES */
- const pkcs7EncryptedVector testVectors[] =
- {
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
- NULL, 0, "pkcs7encryptedDataDES3.der"},
- {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
- NULL, 0, "pkcs7encryptedDataDES.der"},
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
- sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
- sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
- /* test with optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_attribs.der"},
- /* test with multiple optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), multiAttribs,
- (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
- /* test with contentType set to FirmwarePkgData */
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0,
- "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- };
- WOLFSSL_ENTER("pkcs7encrypted_test");
- encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! encrypted) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->encryptionKey = testVectors[i].encryptionKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
- pkcs7->unprotectedAttribs = testVectors[i].attribs;
- pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
- /* encode encryptedData */
- encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- PKCS7_BUF_SIZE);
- if (encryptedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(encryptedSz), out);
- }
- /* decode encryptedData */
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < encryptedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #endif
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* verify decoded unprotected attributes */
- if (pkcs7->decodedAttrib != NULL) {
- decodedAttrib = pkcs7->decodedAttrib;
- attribIdx = 1;
- while (decodedAttrib != NULL) {
- /* expected attribute, stored list is reversed */
- expectedAttrib = &(pkcs7->unprotectedAttribs
- [pkcs7->unprotectedAttribsSz - attribIdx]);
- /* verify oid */
- if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
- decodedAttrib->oidSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* verify value */
- if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
- decodedAttrib->valueSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- decodedAttrib = decodedAttrib->next;
- attribIdx++;
- }
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- else
- ret = 0;
- XFCLOSE(pkcs7File);
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- if (encrypted)
- XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- const char* outFileName;
- } pkcs7CompressedVector;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
- {
- wc_test_ret_t ret = 0;
- int i, testSz;
- int compressedSz, decodedSz;
- PKCS7* pkcs7;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *compressed;
- byte *decoded;
- #else
- byte compressed[PKCS7_BUF_SIZE];
- byte decoded[PKCS7_BUF_SIZE];
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- const pkcs7CompressedVector testVectors[] =
- {
- {data, (word32)sizeof(data), DATA,
- "pkcs7compressedData_data_zlib.der"},
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
- "pkcs7compressedData_firmwarePkgData_zlib.der"},
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! compressed) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- #endif
- WOLFSSL_ENTER("pkcs7compressed_test");
- testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- /* encode compressedData */
- compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
- PKCS7_BUF_SIZE);
- if (compressedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(compressedSz), out);
- }
- /* decode compressedData */
- decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
- compressedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, testVectors[i].content,
- testVectors[i].contentSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* make sure content type is the same */
- if (testVectors[i].contentOID != pkcs7->contentOID) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 compressedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- else
- ret = 0;
- XFCLOSE(pkcs7File);
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (compressed)
- XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- } /* pkcs7compressed_test() */
- #undef PKCS7_BUF_SIZE
- #endif /* HAVE_LIBZ */
- typedef struct {
- const byte* content;
- word32 contentSz;
- int hashOID;
- int signOID;
- byte* privateKey;
- word32 privateKeySz;
- byte* cert;
- size_t certSz;
- byte* caCert;
- size_t caCertSz;
- PKCS7Attrib* signedAttribs;
- word32 signedAttribsSz;
- const char* outFileName;
- int contentOID;
- const byte* contentType;
- word32 contentTypeSz;
- int sidType;
- int encryptOID; /* for single-shot encrypt alg OID */
- int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
- const byte* encryptKey; /* for single-shot, encryptedData */
- word32 encryptKeySz; /* for single-shot, encryptedData */
- PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
- word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
- word16 detachedSignature; /* generate detached signature (0:1) */
- } pkcs7SignedVector;
- static wc_test_ret_t pkcs7signed_run_vectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- wc_test_ret_t ret;
- int testSz = 0, i;
- int encodedSz;
- byte* out = NULL;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7 = NULL;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- static const byte transIdOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x07 };
- static const byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static const byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- #ifndef NO_SHA
- byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- static const byte messageType[] = { 0x13, 2, '1', '9' };
- byte senderNonce[PKCS7_NONCE_SZ + 2];
- PKCS7Attrib attribs[] =
- {
- { transIdOid, sizeof(transIdOid), transId,
- sizeof(transId) - 1 }, /* take off the null */
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- /* for testing custom contentType, FirmwarePkgData */
- static const byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
- 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x01, 0x10 };
- #define MAX_TESTVECTORS_LEN 20
- #define ADD_PKCS7SIGNEDVECTOR(...) { \
- const pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, \
- sizeof _this_vector); \
- }
- pkcs7SignedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- #ifndef NO_RSA
- #ifndef NO_SHA
- /* RSA with SHA */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
- 0, 0);
- /* RSA with SHA, no signed attributes */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA224
- /* RSA with SHA224 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifndef NO_SHA256
- /* RSA with SHA256 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* RSA with SHA256, detached signature */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 1);
- /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* RSA with SHA256 and custom contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* RSA with SHA256 and FirmwarePkgData contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* RSA with SHA256 using server cert and ca cert */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0);
- #endif
- #if defined(WOLFSSL_SHA384)
- /* RSA with SHA384 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #if defined(WOLFSSL_SHA512)
- /* RSA with SHA512 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- /* ECDSA with SHA */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA, no signed attributes */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA224
- /* ECDSA with SHA224 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifndef NO_SHA256
- /* ECDSA with SHA256 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* ECDSA with SHA256 and custom contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA256 and FirmwarePkgData contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA384
- /* ECDSA with SHA384 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA512
- /* ECDSA with SHA512 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #endif /* HAVE_ECC */
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7SIGNEDVECTOR
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < testSz; i++) {
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- pkcs7->rng = &rng;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->hashOID = testVectors[i].hashOID;
- pkcs7->encryptOID = testVectors[i].signOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->signedAttribs = testVectors[i].signedAttribs;
- pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
- /* optional custom contentType, default is DATA,
- overrides contentOID if set */
- if (testVectors[i].contentType != NULL) {
- ret = wc_PKCS7_SetContentType(pkcs7,
- (byte *)testVectors[i].contentType,
- testVectors[i].contentTypeSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* generate senderNonce */
- {
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* generate transactionID (used with SCEP) */
- {
- #ifndef NO_SHA
- wc_Sha sha;
- byte digest[WC_SHA_DIGEST_SIZE];
- #else
- wc_Sha256 sha;
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- int j,k;
- transId[0] = 0x13;
- transId[1] = sizeof(digest) * 2;
- #ifndef NO_SHA
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_ShaFinal(&sha, digest);
- wc_ShaFree(&sha);
- #else
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_Sha256Final(&sha, digest);
- wc_Sha256Free(&sha);
- #endif
- for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
- #if defined(WOLF_C89)
- XSPRINTF((char*)&transId[k], "%02x", digest[j]);
- #else
- (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
- #endif
- }
- }
- /* enable detached signature generation, if set */
- if (testVectors[i].detachedSignature == 1) {
- ret = wc_PKCS7_SetDetached(pkcs7, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
- if (encodedSz < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- if (ret != (int)encodedSz)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (testVectors[i].detachedSignature == 1) {
- /* set content for verifying detached signatures */
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- }
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* verify contentType extracted successfully for custom content types */
- if (testVectors[i].contentTypeSz > 0) {
- if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
- pkcs7->contentTypeSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- {
- /* check getting signed attributes */
- #ifndef NO_SHA
- byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- const byte* oidPt = transIdOid + 2; /* skip object id tag and size */
- int oidSz = (int)sizeof(transIdOid) - 2;
- int bufSz = 0;
- if (testVectors[i].signedAttribs != NULL) {
- ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
- NULL, (word32*)&bufSz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = 0;
- }
- if (bufSz > (int)sizeof(buf))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
- buf, (word32*)&bufSz);
- if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
- (testVectors[i].signedAttribs == NULL && bufSz > 0))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- file = XFOPEN("./pkcs7cert.der", "wb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- else
- ret = 0;
- XFCLOSE(file);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- }
- out:
- if (pkcs7 != NULL)
- wc_PKCS7_Free(pkcs7);
- if (out != NULL)
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors != NULL)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- return ret;
- }
- static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- wc_test_ret_t ret;
- int testSz = 0, i;
- int encodedSz;
- byte* out = NULL;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7 = NULL;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
- !defined(NO_PKCS7_ENCRYPTED_DATA)
- byte* encryptedTmp = NULL;
- int encryptedTmpSz;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- static const byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- static const byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static const byte messageType[] = { 0x13, 2, '1', '9' };
- PKCS7Attrib attribs[] =
- {
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- };
- #define MAX_TESTVECTORS_LEN 19
- #define ADD_PKCS7SIGNEDVECTOR(...) { \
- pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, \
- sizeof _this_vector); \
- }
- pkcs7SignedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- #ifndef NO_RSA
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
- 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, RSA, SHA256, attrs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0);
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0);
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* HAVE_ECC */
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7SIGNEDVECTOR
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < testSz; i++) {
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (testVectors[i].encCompFlag == 0) {
- /* encode Signed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 1) {
- /* encode Signed Encrypted FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
- (byte *)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- } else if (testVectors[i].encCompFlag == 2) {
- /* encode Signed Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 3) {
- /* encode Signed Encrypted Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
- (byte*)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- } else {
- /* unsupported SignedData single-shot combination */
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- file = NULL;
- if (ret != (int)encodedSz)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef NO_PKCS7_STREAM
- {
- word32 z;
- for (z = 0; z < outSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
- if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", ret);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- }
- #endif
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (testVectors[i].encCompFlag == 0) {
- /* verify decoded content matches expected */
- if ((pkcs7->contentSz != testVectors[i].contentSz) ||
- XMEMCMP(pkcs7->content, testVectors[i].content,
- pkcs7->contentSz)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 1) {
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = (byte *)testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* compare decrypted to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- else if (testVectors[i].encCompFlag == 2) {
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 3) {
- encryptedTmpSz = FOURK_BUF;
- encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encryptedTmp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- XMEMSET(encryptedTmp, 0, encryptedTmpSz);
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = (byte*)testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, encryptedTmp,
- encryptedTmpSz);
- if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
- encryptedTmpSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- }
- out:
- if (pkcs7 != NULL)
- wc_PKCS7_Free(pkcs7);
- if (out != NULL)
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
- !defined(NO_PKCS7_ENCRYPTED_DATA)
- if (encryptedTmp != NULL)
- XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (testVectors != NULL)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* rsaClientCertBuf = NULL;
- byte* rsaServerCertBuf = NULL;
- byte* rsaCaCertBuf = NULL;
- byte* eccClientCertBuf = NULL;
- byte* rsaClientPrivKeyBuf = NULL;
- byte* rsaServerPrivKeyBuf = NULL;
- byte* rsaCaPrivKeyBuf = NULL;
- byte* eccClientPrivKeyBuf = NULL;
- word32 rsaClientCertBufSz = 0;
- word32 rsaServerCertBufSz = 0;
- word32 rsaCaCertBufSz = 0;
- word32 eccClientCertBufSz = 0;
- word32 rsaClientPrivKeyBufSz = 0;
- word32 rsaServerPrivKeyBufSz = 0;
- word32 rsaCaPrivKeyBufSz = 0;
- word32 eccClientPrivKeyBufSz = 0;
- WOLFSSL_ENTER("pkcs7signed_test");
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaClientCertBuf == NULL)
- ret = WC_TEST_RET_ENC_NC;
- rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- rsaClientCertBufSz = FOURK_BUF;
- rsaClientPrivKeyBufSz = FOURK_BUF;
- /* read server RSA cert and key in DER format */
- rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerCertBuf == NULL)
- ret = WC_TEST_RET_ENC_NC;
- rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- rsaServerCertBufSz = FOURK_BUF;
- rsaServerPrivKeyBufSz = FOURK_BUF;
- /* read CA RSA cert and key in DER format, for use with server cert */
- rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaCertBuf == NULL)
- ret = WC_TEST_RET_ENC_NC;
- rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- rsaCaCertBufSz = FOURK_BUF;
- rsaCaPrivKeyBufSz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientCertBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- eccClientCertBufSz = FOURK_BUF;
- eccClientPrivKeyBufSz = FOURK_BUF;
- #endif /* HAVE_ECC */
- if (ret >= 0)
- ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
- rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
- rsaServerCertBuf, &rsaServerCertBufSz,
- rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
- rsaCaCertBuf, &rsaCaCertBufSz,
- rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
- eccClientCertBuf, &eccClientCertBufSz,
- eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
- if (ret < 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret >= 0)
- ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- if (ret >= 0)
- ret = pkcs7signed_run_SingleShotVectors(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC)
- if (ret >= 0)
- ret = pkcs7callback_test(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
- #endif
- XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_PKCS7 */
- #if defined(WOLFSSL_PUBLIC_MP) && \
- ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(USE_FAST_MATH))
- /* Maximum number of bytes in a number to test. */
- #define MP_MAX_TEST_BYTE_LEN 32
- static wc_test_ret_t randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
- {
- byte d[MP_MAX_TEST_BYTE_LEN];
- wc_test_ret_t ret;
- (void)heap;
- do {
- ret = wc_RNG_GenerateBlock(rng, d, (word32)len);
- if (ret != 0)
- return ret;
- ret = mp_read_unsigned_bin(n, d, (word32)len);
- if (ret != 0)
- return ret;
- } while (mp_iszero(n));
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- static wc_test_ret_t mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int i, j;
- mp_digit rem;
- mp_digit rem2;
- wc_test_ret_t ret;
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- for (i = 0; i < 10; i++) {
- for (j = 1; j < 10; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_3(a, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_d(r, 3, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(r, rem, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- ret = mp_div_3(a, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_NC;
- ret = mp_div_3(a, a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_div_d(a, 10, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 10, a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_div_d(a, 12, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 12, a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- if (rem != rem2)
- return WC_TEST_RET_ENC_NC;
- #endif
- (void)a;
- (void)r;
- (void)rng;
- (void)i;
- (void)j;
- (void)rem;
- (void)rem2;
- (void)ret;
- return 0;
- }
- #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j;
- int size;
- char str[30];
- WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
- WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, MP_RADIX_DEC, &size);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(a, str, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_read_radix(r, str, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, r);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- ret = mp_read_radix(r, badStr1, MP_RADIX_DEC);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, zeros, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(r, 1);
- ret = mp_read_radix(r, empty, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_DEC, &size);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (size != 2)
- return WC_TEST_RET_ENC_NC;
- ret = mp_toradix(a, str, MP_RADIX_DEC);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_read_radix(r, str, MP_RADIX_DEC);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- defined(HAVE_ECC))
- static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j;
- int size;
- char str[30];
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- static char longStr[2 * sizeof(a->dp) + 2];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_radix_size(a, MP_RADIX_HEX, &size);
- mp_toradix(a, str, MP_RADIX_HEX);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(r, str, MP_RADIX_HEX);
- ret = mp_cmp(a, r);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- ret = mp_read_radix(r, empty2, MP_RADIX_HEX);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(r, 1);
- ret = mp_read_radix(r, empty, MP_RADIX_HEX);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- /* Fixed MP data size - string can be too long. */
- longStr[0] = '8';
- XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
- longStr[sizeof(longStr)-1] = '\0';
- ret = mp_read_radix(r, longStr, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_HEX, &size);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- if (size != 3)
- #else
- if (size != 2)
- #endif
- return WC_TEST_RET_ENC_NC;
- ret = mp_toradix(a, str, MP_RADIX_HEX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_read_radix(r, str, MP_RADIX_HEX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_SP_MATH
- ret = mp_toradix(a, str, 8);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, 8, &size);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
- {
- int i;
- wc_test_ret_t ret;
- ret = randNum(a, 4, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < 4; i++) {
- mp_copy(r1, a);
- ret = mp_lshd(r1, i);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_MATH
- mp_rshd(r1, i);
- #else
- mp_rshb(r1, i * SP_WORD_SIZE);
- #endif
- ret = mp_cmp(a, r1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- #ifndef WOLFSSL_SP_MATH
- for (i = 0; i < DIGIT_BIT+1; i++) {
- ret = mp_mul_2d(a, i, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_rshb(r1, i);
- ret = mp_cmp(a, r1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- return 0;
- }
- static wc_test_ret_t mp_test_add_sub_d(mp_int* a, mp_int* r1)
- {
- int i, j;
- wc_test_ret_t ret;
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- mp_set_bit(a, i);
- if ((int)a->used != (i + DIGIT_BIT) / DIGIT_BIT)
- return WC_TEST_RET_ENC_NC;
- for (j = 0; j < i && j < DIGIT_BIT; j++) {
- mp_zero(r1);
- mp_set_bit(r1, i);
- ret = mp_sub_d(r1, (mp_digit)1 << j, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(r1, (mp_digit)1 << j, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, r1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- mp_zero(r1);
- ret = mp_add_d(r1, 1, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (r1->used != 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sub_d(r1, 1, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (r1->used != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
- 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
- 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
- };
- byte out[24];
- int i, j, k;
- const byte* p;
- wc_test_ret_t ret;
- for (i = 0; i < (int)sizeof(in); i++) {
- p = in + sizeof(in) - i;
- ret = mp_read_unsigned_bin(a, p, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = i; j < (int)sizeof(out); j++) {
- XMEMSET(out, 0xff, sizeof(out));
- ret = mp_to_unsigned_bin_len(a, out, j);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (k = 0; k < j - i; k++) {
- if (out[k] != 0)
- return WC_TEST_RET_ENC_NC;
- }
- for (; k < j; k++) {
- if (out[k] != p[k - (j - i)])
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- /* Length too small. */
- ret = mp_to_unsigned_bin_len(a, out, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(a, NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_set_int(mp_int* a)
- {
- #if SP_ULONG_BITS == 64
- unsigned long n = 0xfedcba9876543210UL;
- byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
- byte out[8] = { 0 };
- #elif SP_ULONG_BITS == 32
- unsigned long n = 0xfedcba98UL;
- byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
- byte out[4] = { 0 };
- #elif SP_ULONG_BITS == 16
- unsigned long n = 0xfedc;
- byte exp[2] = { 0xfe, 0xdc };
- byte out[2] = { 0 };
- #elif SP_ULONG_BITS == 8
- unsigned long n = 0xfe;
- byte exp[1] = { 0xfe };
- byte out[1] = { 0 };
- #endif
- wc_test_ret_t ret;
- ret = mp_set_int(a, n);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_unsigned_bin_size(a);
- if (ret != sizeof(exp))
- return WC_TEST_RET_ENC_NC;
- ret = mp_to_unsigned_bin(a, out);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(exp, out, sizeof(exp)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
- {
- byte buffer[16];
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- char hexStr[] = "abcdef0123456789";
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- char negStr[] = "-1234";
- #endif
- #endif
- #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- char decStr[] = "0987654321";
- #endif
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_digit rho;
- int size;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- int result;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- mp_digit rd;
- #endif
- (void)rng;
- (void)r;
- ret = mp_init(NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- mp_free(NULL);
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = mp_grow(NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH
- ret = mp_grow(a, SP_INT_DIGITS + 1);
- if (ret != MP_MEM)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- mp_clear(NULL);
- ret = mp_abs(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_abs(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_abs(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_read_radix(NULL, NULL, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(a, NULL, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(NULL, hexStr, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- ret = mp_read_radix(a, negStr, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_read_radix(a, negStr, 10);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* WOLFSSL_SP_MATH_ALL */
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- #endif
- #ifndef WOLFSSL_SP_MATH_ALL
- /* Radix 10 only supported with ALL. */
- ret = mp_read_radix(a, decStr, 10);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- /* Radix 8 not supported SP_INT. */
- ret = mp_read_radix(a, "0123", 8);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_count_bits(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_is_bit_set(NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_leading_bit(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(a);
- ret = mp_leading_bit(a);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- !defined(NO_RSA)
- ret = mp_set_bit(NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_to_unsigned_bin(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin(NULL, buffer);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_len(a, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_copy(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_copy(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_copy(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
- ret = sp_2expt(NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = mp_set(NULL, 0);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(NULL, 0);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(NULL, NULL);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(a, NULL);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(NULL, b);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_rshd(NULL, 1);
- #endif
- mp_zero(NULL);
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_lshd(NULL, 0);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lshd(a, SP_INT_DIGITS + 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_div(NULL, NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(NULL, b, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_mod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_set_int(NULL, 0);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, a, 1, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, a, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, a, 1, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, a, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, a, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, a, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- ret = mp_rand_prime(NULL, 32, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(a, 32, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(NULL, 32, rng, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(a, 0, rng, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_mul(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sqr(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_sqrmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(a, NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
- !defined(NO_RSA) || !defined(NO_DSA)
- ret = mp_add_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
- ret = mp_sub_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub_d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub_d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ret = mp_div_d(NULL, 0, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 0, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- ret = mp_mod_d(NULL, 0, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 0, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(NULL, 0, &rd);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- ret = mp_gcd(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(a, NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
- ret = mp_div_2_mod_ct(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2(NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
- ret = mp_invmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(a, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
- ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(a, b, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(a, NULL, a, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(NULL, b, a, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- ret = mp_lcm(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, b, 1, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, b, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, b, 1, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- ret = mp_cnt_lsb(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_prime_is_prime(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(NULL, 1, &result);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 0, &result);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 1024, &result);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
- ret = mp_exch(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exch(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exch(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_mul_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_add(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sub(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
- defined(WOLFSSL_CUSTOM_CURVES))
- ret = mp_addmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_submod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_div_2d(NULL, 1, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_montgomery_reduce(NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(a, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(NULL, b, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(b);
- ret = mp_montgomery_reduce(a, b, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_montgomery_setup(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_setup(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_setup(NULL, &rho);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_tohex(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_tohex(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_tohex(NULL, hexStr);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ret = mp_todecimal(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_todecimal(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_todecimal(NULL, decStr);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(a, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(a, hexStr, 3);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, 3, &size);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_set_is_bit(mp_int* a)
- {
- int i, j;
- wc_test_ret_t ret;
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- for (j = 0; j < i; j++) {
- if (!mp_is_bit_set(a, j))
- return WC_TEST_RET_ENC_NC;
- }
- if (mp_set_bit(a, i) != 0)
- return WC_TEST_RET_ENC_NC;
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- if (mp_set_bit(a, i) != 0)
- return WC_TEST_RET_ENC_NC;
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return WC_TEST_RET_ENC_NC;
- }
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef WOLFSSL_KEY_GEN
- for (i = 0; i < DIGIT_BIT * 2; i++) {
- mp_set(a, 1);
- ret = mp_2expt(a, i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return WC_TEST_RET_ENC_NC;
- }
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- #ifdef WOLFSSL_SP_MATH
- mp_zero(a);
- for (j = 1; j <= 3; j++) {
- i = SP_INT_MAX_BITS - j;
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- if (mp_set_bit(a, i) != 0)
- return WC_TEST_RET_ENC_NC;
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_KEY_GEN
- ret = mp_2expt(a, i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- #endif
- }
- mp_zero(a);
- for (j = 0; j <= 3; j++) {
- i = SP_INT_MAX_BITS + j;
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- if (mp_set_bit(a, i) != MP_VAL)
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_KEY_GEN
- ret = mp_2expt(a, i);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- }
- #endif
- (void)ret;
- return 0;
- }
- #endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
- static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
- {
- wc_test_ret_t ret;
- mp_zero(a);
- mp_zero(b);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(a, 1);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 1);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(a, 1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(a, 2);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, b);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
- ret = mp_cmp_d(b, -1);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, b);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, a);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
- defined(WOLFSSL_SP_INT_NEGATIVE)
- mp_read_radix(a, "-1", MP_RADIX_HEX);
- mp_read_radix(a, "1", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, a);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(b, "-2", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, a);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(a, "-2", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #endif
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
- defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING)
- mp_zero(a);
- mp_zero(b);
- ret = mp_cmp_ct(a, b, 1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(a, a, a->used);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_cmp_ct(a, NULL, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(NULL, a, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- mp_read_radix(a, "1", MP_RADIX_HEX);
- ret = mp_cmp_ct(a, b, 1);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(b, a, 1);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(a, "0123456789abcdef0123456789abcdef", MP_RADIX_HEX);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(b, "1123456789abcdef0123456789abcdef", MP_RADIX_HEX);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(b, "0123456789abcdef0123456789abcdf0", MP_RADIX_HEX);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(b, "0123456789abcdf0", MP_RADIX_HEX);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j, k;
- #ifndef WOLFSSL_SP_MATH
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_copy(a, b);
- for (k = 0; k <= DIGIT_BIT * 2; k++) {
- ret = mp_mul_2d(a, k, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_rshb(a, k);
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- #endif
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_copy(a, b);
- for (k = 0; k < 10; k++) {
- ret = mp_lshd(a, k);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_MATH
- mp_rshd(a, k);
- #else
- mp_rshb(a, k * SP_WORD_SIZE);
- #endif
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- #ifndef WOLFSSL_SP_MATH
- mp_zero(a);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 1);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 1);
- mp_rshd(a, 2);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- #endif
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
- WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j, k;
- mp_zero(a);
- mp_zero(d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(d, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < 100; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) {
- ret = randNum(d, j, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) {
- ret = randNum(a, k, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_mul(r, d, r);
- mp_add(r, rem, r);
- if (mp_cmp(r, a) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_add(d, d, a);
- mp_set(rem, 1);
- mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(r, 1);
- mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (mp_cmp_d(r, 2) != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(r, 1);
- mp_set(rem, 1);
- mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (mp_cmp_d(r, 2) != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 0xfe);
- mp_lshd(a, 3);
- mp_add_d(a, 0xff, a);
- mp_set(d, 0xfe);
- mp_lshd(d, 2);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_mul(r, d, d);
- mp_add(rem, d, d);
- if (mp_cmp(a, d) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
- * a digit. So mp_div must detect and handle.
- * For example: 0x800000 / 0x8001, DIGIT_BIT = 8
- */
- mp_zero(a);
- mp_set_bit(a, DIGIT_BIT * 3 - 1);
- mp_zero(d);
- mp_set_bit(d, DIGIT_BIT * 2 - 1);
- mp_add_d(d, 1, d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* Make sure [d | d] / d is handled. */
- mp_zero(a);
- mp_set_bit(a, DIGIT_BIT * 2 - 1);
- mp_set_bit(a, DIGIT_BIT * 1 - 1);
- mp_zero(d);
- mp_set_bit(d, DIGIT_BIT - 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(a);
- mp_set_bit(a, DIGIT_BIT);
- mp_set_bit(a, 0);
- mp_zero(d);
- if (mp_cmp(r, a) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- if (mp_cmp(rem, d) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int res;
- ret = mp_rand_prime(a, 1, rng, NULL);
- #if defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifndef WOLFSSL_SP_MATH
- ret = mp_rand_prime(a, -5, rng, NULL);
- if (ret != 0 || (a->dp[0] & 3) != 3)
- return WC_TEST_RET_ENC_NC;
- #endif
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_MATH
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- #else
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- #endif
- ret = mp_prime_is_prime(a, 0, &res);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, -1, &res);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 257, &res);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- mp_set(a, 2);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- mp_set(a, 0xfb);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- mp_set(a, 0x6);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- mp_set_int(a, 0x655 * 0x65b);
- ret = mp_prime_is_prime(a, 10, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 10, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- return 0;
- }
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
- WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i;
- WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
- { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
- { 12, 56, 168 }, { 56, 12, 168 }
- };
- (void)exp;
- mp_set(a, 0);
- mp_set(b, 1);
- ret = mp_lcm(a, a, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(b, a, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
- mp_set(a, kat[i][0]);
- mp_set(b, kat[i][1]);
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(exp, kat[i][2]);
- ret = mp_cmp(r, exp);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- (void)rng;
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- ret = mp_rand_prime(a, 20, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(b, 20, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, exp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, exp);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_lcm(b, a, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, exp);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #endif
- mp_set(a, 11);
- mp_zero(b);
- ret = mp_gcd(a, b, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 11);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(b, a, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 11);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(b, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i;
- int j;
- mp_set(a, 10);
- ret = mp_mod_2d(a, 0, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_mod_2d(a, 1, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_mod_2d(a, 2, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 2);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 2; i < 20; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 1; j <= mp_count_bits(a); j++) {
- /* Get top part */
- ret = mp_div_2d(a, j, t, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(t, j, t);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Get bottom part */
- ret = mp_mod_2d(a, j, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Reassemble */
- ret = mp_add(t, r, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, r);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE)
- /* Test negative value being moded. */
- for (j = 0; j < 20; j++) {
- ret = randNum(a, 2, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- a->sign = MP_NEG;
- for (i = 1; i < DIGIT_BIT * 3 + 1; i++) {
- ret = mp_mod_2d(a, i, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(t);
- ret = mp_set_bit(t, i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, t, t);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, t);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- #endif
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
- static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- mp_digit r;
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
- mp_digit rem;
- int i;
- #endif
- (void)rng;
- ret = mp_set(a, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 0, &r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(a);
- ret = mp_mod_d(a, 1, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 3, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 5, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
- for (i = MP_MAX_TEST_BYTE_LEN - 16; i <= MP_MAX_TEST_BYTE_LEN; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 3, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 3, a, &rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (r != rem)
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- return 0;
- }
- #endif
- static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
- WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i;
- for (i = 1; i < 16; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, a, r1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(a, r2);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r1, r2);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- ret = mp_set(b, 0);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r1))
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r1))
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_set(a, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- i = (SP_INT_DIGITS / 2) + 1;
- ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_set(b, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, a, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sqr(a, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && defined(FP_ECC))
- ret = mp_mulmod(a, b, b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, a, b, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
- ret = mp_sqrmod(a, b, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sqrmod(b, a, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
- #endif /* WOLFSSL_SP_MATH_ALL */
- return 0;
- }
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
- {
- wc_test_ret_t ret;
- mp_set(a, 0);
- mp_set(m, 1);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(m, a, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 2);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 3);
- mp_set(m, 6);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 5*9);
- mp_set(m, 6*9);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 3);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 3);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 3);
- mp_set(m, 5);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- /* Maximum 'a' */
- mp_set(a, 0);
- mp_set_bit(a, (r->size / 2)* SP_WORD_SIZE - 1);
- mp_sub_d(a, 1, a);
- /* Modulus too big. */
- mp_set(m, 0);
- mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- /* Maximum modulus - even. */
- mp_set(m, 0);
- mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE - 1);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
- mp_read_radix(a, "-3", 16);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- mp_set(a, 0);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 0);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 1);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 2);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
- {
- wc_test_ret_t ret;
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x0);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x1);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(b, 0x2);
- mp_set(e, 0x0);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(b, 0x0);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(b, 0x10);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(b, 0x7);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SP_MATH
- mp_set(b, 0x01);
- mp_mul_2d(b, DIGIT_BIT, b);
- mp_add_d(b, 1, b);
- mp_set(e, 0x3);
- mp_copy(b, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #endif
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x01);
- mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
- mp_add_d(m, 0x01, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
- * OPENSSL_EXTRA */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- mp_digit mp;
- static int exp[] = { 7, 8, 16, 27, 32, 64,
- 127, 128, 255, 256,
- #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
- 383, 384, 2033, 2048
- #endif
- };
- static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
- 0x01, 0x9f, 0x13, 0xbd,
- #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
- 0x1f, 0x13d, 0x45, 0x615
- #endif
- };
- int bits[] = { 256, 384,
- #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 4096
- 2048,
- #endif
- #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 6144
- 3072
- #endif
- };
- int i;
- int j;
- for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
- if (exp[i] >= DIGIT_BIT)
- continue;
- mp_zero(m);
- ret = mp_set_bit(m, exp[i]);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub_d(m, sub[i], m);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_setup(m, &mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(n, m);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 0; j < 10; j++) {
- ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, m, a);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* r = a * a */
- ret = mp_sqrmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* Convert to Montgomery form = a*n */
- ret = mp_mulmod(a, n, m, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* a*a mod m == ((a*n) * (a*n)) / n / n */
- ret = mp_sqr(a, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (mp_cmp(a, r) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- /* Force carries. */
- for (i = 0; i < (int)(sizeof(bits) / sizeof(*bits)); i++) {
- /* a = 2^(bits*2) - 1 */
- mp_zero(a);
- mp_set_bit(a, bits[i] * 2);
- mp_sub_d(a, 1, a);
- /* m = 2^(bits) - 1 */
- mp_zero(m);
- mp_set_bit(m, bits[i]);
- mp_sub_d(m, 1, m);
- mp = 1;
- /* result = r = 2^(bits) - 1 */
- mp_zero(r);
- mp_set_bit(r, bits[i]);
- mp_sub_d(r, 1, r);
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* Result is m or 0 if reduced to range of modulus. */
- if (mp_cmp(a, r) != MP_EQ && mp_iszero(a) != MP_YES)
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
- {
- WC_RNG rng;
- int rng_inited = 0;
- wc_test_ret_t ret;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- int i, j;
- #ifndef WOLFSSL_SP_MATH
- int k;
- #endif
- mp_digit d = 0;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *a = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *b = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *r1 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *r2 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *p = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if ((a == NULL) ||
- (b == NULL) ||
- (r1 == NULL) ||
- (r2 == NULL) ||
- (p == NULL))
- {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- mp_int a[1], b[1], r1[1], r2[1], p[1];
- #endif
- WOLFSSL_ENTER("mp_test");
- ret = mp_init_multi(a, b, r1, r2, NULL, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_init_copy(p, a);
- #else
- ret = mp_init(p);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- goto done;
- rng_inited = 1;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- mp_set_int(a, 0);
- if (a->used != 0 || a->dp[0] != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
- for (i = 0; i < 4 * j; i++) {
- /* New values to use. */
- ret = randNum(p, j, &rng, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = randNum(a, j, &rng, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = randNum(b, j, &rng, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- d &= MP_MASK;
- #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
- (defined(ECC_SHAMIR) || defined(FP_ECC)))
- /* Ensure sqrmod produce same result as mulmod. */
- ret = mp_sqrmod(a, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_mulmod(a, a, p, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(r1, r2) != 0) {
- WOLFSSL_MSG("Fail: mp_mulmod result does not match mp_sqrmod!");
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
- !defined(WOLFSSL_SP_INT_NEGATIVE))
- ret = mp_addmod(a, b, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_submod(r1, b, p, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_mod(a, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(r1, r2) != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #else
- /* Ensure add with mod produce same result as sub with mod. */
- ret = mp_addmod(a, b, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- b->sign ^= 1;
- ret = mp_submod(a, b, p, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(r1, r2) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #endif
- /* Ensure add digit produce same result as sub digit. */
- ret = mp_add_d(a, d, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_sub_d(r1, d, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(a, r2) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- /* Invert - if p is even it will use the slow impl.
- * - if p and a are even it will fail.
- */
- ret = mp_invmod(a, p, r1);
- if (ret != 0 && ret != MP_VAL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef WOLFSSL_SP_MATH
- /* Shift up and down number all bits in a digit. */
- for (k = 0; k < DIGIT_BIT; k++) {
- mp_mul_2d(a, k, r1);
- mp_div_2d(r1, k, r2, p);
- if (mp_cmp(a, r2) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (!mp_iszero(p))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- mp_rshb(r1, k);
- if (mp_cmp(a, r1) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- }
- }
- /* Test adding and subtracting zero from zero. */
- mp_zero(a);
- ret = mp_add_d(a, 0, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (!mp_iszero(r1)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = mp_sub_d(a, 0, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (!mp_iszero(r2)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #if DIGIT_BIT >= 32
- /* Check that setting a 32-bit digit works. */
- d &= 0xffffffffU;
- mp_set_int(a, d);
- if (a->used != 1 || a->dp[0] != d)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- /* Check setting a bit and testing a bit works. */
- for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
- mp_zero(a);
- mp_set_bit(a, i);
- if (!mp_is_bit_set(a, i))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- mp_zero(a);
- i = mp_cnt_lsb(a);
- if (i != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- mp_set(a, 1);
- i = mp_cnt_lsb(a);
- if (i != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- mp_set(a, 32);
- i = mp_cnt_lsb(a);
- if (i != 5)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- mp_zero(a);
- mp_set_bit(a, 129);
- i = mp_cnt_lsb(a);
- if (i != 129)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_param(a, b, r1, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- if ((ret = mp_test_div_3(a, r1, &rng)) != 0)
- goto done;
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- if ((ret = mp_test_radix_10(a, r1, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- defined(HAVE_ECC))
- if ((ret = mp_test_radix_16(a, r1, &rng)) != 0)
- goto done;
- #endif
- if ((ret = mp_test_shift(a, r1, &rng)) != 0)
- goto done;
- if ((ret = mp_test_add_sub_d(a, r1)) != 0)
- goto done;
- if ((ret = mp_test_read_to_bin(a)) != 0)
- goto done;
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_int(a)) != 0)
- goto done;
- #endif
- if ((ret = mp_test_cmp(a, r1)) != 0)
- goto done;
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- if ((ret = mp_test_shbd(a, b, &rng)) != 0)
- goto done;
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_is_bit(a)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- if ((ret = mp_test_prime(a, &rng)) != 0)
- goto done;
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- if ((ret = mp_test_lcm_gcd(a, b, r1, r2, &rng)) != 0)
- goto done;
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_mod_2d(a, r1, p, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
- if ((ret = mp_test_mod_d(a, &rng)) != 0)
- goto done;
- #endif
- if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0)
- goto done;
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- if ((ret = mp_test_invmod(a, b, r1)) != 0)
- goto done;
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- if ((ret = mp_test_exptmod(a, b, r1, r2)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- if ((ret = mp_test_mont(a, b, r1, r2, &rng)) != 0)
- goto done;
- #endif
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (p) {
- mp_clear(p);
- XFREE(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (r2) {
- mp_clear(r2);
- XFREE(r2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (r1) {
- mp_clear(r1);
- XFREE(r1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (b) {
- mp_clear(b);
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (a) {
- mp_clear(a);
- XFREE(a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(p);
- mp_clear(r2);
- mp_clear(r1);
- mp_clear(b);
- mp_clear(a);
- #endif
- if (rng_inited)
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP && ((WOLFSSL_SP_MATH_ALL &&
- * !WOLFSSL_RSA_VERIFY_ONLY) || USE_FAST_MATH) */
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- typedef struct pairs_t {
- const unsigned char* coeff;
- int coeffSz;
- int exp;
- } pairs_t;
- /*
- n =p1p2p3, where pi = ki(p1-1)+1 with (k2,k3) = (173,293)
- p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
- + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
- */
- static const unsigned char c192a[] =
- {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
- 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
- 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
- };
- static const unsigned char c0a[] =
- {
- 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
- 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
- 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
- };
- static const pairs_t ecPairsA[] =
- {
- {c192a, sizeof(c192a), 192},
- {c0a, sizeof(c0a), 0}
- };
- static const int kA[] = {173, 293};
- static const unsigned char controlPrime[] = {
- 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
- 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
- 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
- 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
- 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
- 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
- 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
- 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
- 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
- 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
- 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
- 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
- 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
- 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
- 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
- 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
- };
- static const unsigned char testOne[] = { 1 };
- static wc_test_ret_t GenerateNextP(mp_int* p1, mp_int* p2, int k)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (ki == NULL)
- return MEMORY_E;
- #else
- mp_int ki[1];
- #endif
- ret = mp_init(ki);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- ret = mp_set(ki, (mp_digit)k);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_sub_d(p1, 1, p2);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_mul(p2, ki, p2);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_add_d(p2, 1, p2);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- mp_clear(ki);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- static wc_test_ret_t GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
- const pairs_t* ecPairs, int ecPairsSz,
- const int* k)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *x = NULL, *y = NULL;
- #else
- mp_int x[1], y[1];
- #endif
- wc_test_ret_t ret;
- int i;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
- ((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
- ret = MEMORY_E;
- goto out;
- }
- #endif
- ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto out;
- }
- for (i = 0; ret == 0 && i < ecPairsSz; i++) {
- ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, (word32)ecPairs[i].coeffSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- /* p1 = 2^exp */
- ret = mp_2expt(y, ecPairs[i].exp);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- /* p1 = p1 * m */
- ret = mp_mul(x, y, x);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- /* p1 += */
- ret = mp_add(p1, x, p1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- mp_zero(x);
- mp_zero(y);
- }
- if (ret == 0)
- ret = GenerateNextP(p1, p2, k[0]);
- if (ret == 0)
- ret = GenerateNextP(p1, p3, k[1]);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (x != NULL) {
- mp_clear(x);
- XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (y != NULL) {
- mp_clear(y);
- XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(x);
- mp_clear(y);
- #endif
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- mp_int n[1],
- p1[1],
- p2[1],
- p3[1];
- #endif
- wc_test_ret_t ret;
- int isPrime = 0;
- WC_RNG rng;
- WOLFSSL_ENTER("prime_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((n == NULL) ||
- (p1 == NULL) ||
- (p2 == NULL) ||
- (p3 == NULL))
- ERROR_OUT(MEMORY_E, out);
- #endif
- ret = wc_InitRng(&rng);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0)
- ret = GenerateP(p1, p2, p3,
- ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
- if (ret == 0) {
- ret = mp_mul(p1, p2, n);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_mul(n, p3, n);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret != 0)
- ERROR_OUT(ret, out);
- /* Check the old prime test using the number that false positives.
- * This test result should indicate as not prime. */
- ret = mp_prime_is_prime(n, 40, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* This test result should fail. It should indicate the value as prime. */
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (!isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* This test result should indicate the value as prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (!isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* This test result should indicate the value as prime. */
- isPrime = -1;
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (!isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (n != NULL) {
- mp_clear(n);
- XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p1 != NULL) {
- mp_clear(p1);
- XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p2 != NULL) {
- mp_clear(p2);
- XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p3 != NULL) {
- mp_clear(p3);
- XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(p3);
- mp_clear(p2);
- mp_clear(p1);
- mp_clear(n);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP */
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
- typedef struct berDerTestData {
- const byte *in;
- word32 inSz;
- const byte *out;
- word32 outSz;
- } berDerTestData;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
- {
- wc_test_ret_t ret;
- int i;
- word32 len = 0, l;
- byte out[32];
- WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
- 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
- 0x30, 0x80,
- 0x02, 0x01, 0x01,
- 0x30, 0x80,
- 0x24, 0x80,
- 0x04, 0x01, 0x01,
- 0x04, 0x02, 0x02, 0x03,
- 0x00, 0x00,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x31, 0x80,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x00, 0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
- 0x30, 0x12,
- 0x02, 0x01, 0x01,
- 0x30, 0x08,
- 0x04, 0x03, 0x01, 0x02, 0x03,
- 0x06, 0x01, 0x01,
- 0x31, 0x03,
- 0x06, 0x01, 0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- berDerTestData testData[] = {
- { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
- { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
- { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
- { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
- { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
- };
- WOLFSSL_ENTER("berder_test");
- for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_I(i);
- if (len != testData[i].outSz)
- return WC_TEST_RET_ENC_I(i);
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(out, testData[i].out, len) != 0)
- return WC_TEST_RET_ENC_I(i);
- for (l = 1; l < testData[i].inSz; l++) {
- ret = wc_BerToDer(testData[i].in, l, NULL, &len);
- if (ret != ASN_PARSE_E)
- return WC_TEST_RET_ENC_EC(ret);
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, l, out, &len);
- if (ret != ASN_PARSE_E)
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (l = 0; l < testData[i].outSz-1; l++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- }
- }
- ret = wc_BerToDer(NULL, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(out, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(NULL, 4, NULL, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(NULL, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(out, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(NULL, 4, out, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- for (l = 1; l < sizeof(good4_out); l++) {
- len = l;
- ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- }
- return 0;
- }
- #endif
- #ifdef DEBUG_WOLFSSL
- static THREAD_LS_T int log_cnt = 0;
- static void my_Logging_cb(const int logLevel, const char *const logMessage)
- {
- (void)logLevel;
- (void)logMessage;
- log_cnt++;
- }
- #endif /* DEBUG_WOLFSSL */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
- {
- wc_test_ret_t ret;
- #ifdef DEBUG_WOLFSSL
- const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
- byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
- byte b[256];
- int i;
- WOLFSSL_ENTER("logging_test (debug)");
- for (i = 0; i < (int)sizeof(b); i++)
- b[i] = i;
- ret = wolfSSL_Debugging_ON();
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wolfSSL_SetLoggingCb(my_Logging_cb);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* turn off logs */
- wolfSSL_Debugging_OFF();
- /* capture log count */
- i = log_cnt;
- /* validate no logs are output when disabled */
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* check the logs were disabled */
- if (i != log_cnt)
- return WC_TEST_RET_ENC_NC;
- /* restore callback and leave logging enabled */
- wolfSSL_SetLoggingCb(NULL);
- wolfSSL_Debugging_ON();
- /* suppress unused args */
- (void)a;
- (void)b;
- #else
- WOLFSSL_ENTER("logging_test");
- ret = wolfSSL_Debugging_ON();
- if (ret != NOT_COMPILED_IN)
- return WC_TEST_RET_ENC_EC(ret);
- wolfSSL_Debugging_OFF();
- ret = wolfSSL_SetLoggingCb(NULL);
- if (ret != NOT_COMPILED_IN)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* DEBUG_WOLFSSL */
- return 0;
- }
- #if defined(__INCLUDE_NUTTX_CONFIG_H)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void)
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
- #endif
- {
- #ifdef WOLFSSL_PTHREADS
- wolfSSL_Mutex m;
- #endif
- #if defined(WOLFSSL_PTHREADS) || (!defined(WOLFSSL_NO_MALLOC) && \
- !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY))
- wc_test_ret_t ret;
- #endif
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
- #ifndef WOLFSSL_STATIC_MEMORY
- wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
- WOLFSSL_ENTER("[wolfcrypt_]mutex_test (1)");
- #else
- wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
- HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- WOLFSSL_ENTER("[wolfcrypt_]mutex_test (2)");
- if (mm != NULL) {
- ret = wc_InitMutex(mm);
- if (ret != 0) {
- WOLFSSL_MSG("Init Mutex failed");
- XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- return WC_TEST_RET_ENC_EC(ret);
- }
- }
- #endif
- if (mm == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- wc_FreeMutex(mm);
- XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- #endif
- /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
- #ifdef WOLFSSL_PTHREADS
- ret = wc_InitMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_LockMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* trying to free a locked mutex is not portable behavior with pthread */
- /* Attempting to destroy a locked mutex results in undefined behavior */
- ret = wc_FreeMutex(&m);
- if (ret != BAD_MUTEX_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_UnLockMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_FreeMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* Trying to use a pthread after free'ing is not portable behavior */
- ret = wc_LockMutex(&m);
- if (ret != BAD_MUTEX_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_UnLockMutex(&m);
- if (ret != BAD_MUTEX_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- return 0;
- }
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- static wc_test_ret_t malloc_cnt = 0;
- static wc_test_ret_t realloc_cnt = 0;
- static wc_test_ret_t free_cnt = 0;
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void *my_Malloc_cb(size_t size, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void *my_Malloc_cb(size_t size)
- {
- #endif
- malloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return malloc(size);
- #else
- WOLFSSL_MSG("No malloc available");
- (void)size;
- return NULL;
- #endif
- }
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void my_Free_cb(void *ptr, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void my_Free_cb(void *ptr)
- {
- #endif
- free_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- free(ptr);
- #else
- WOLFSSL_MSG("No free available");
- (void)ptr;
- #endif
- }
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void *my_Realloc_cb(void *ptr, size_t size, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void *my_Realloc_cb(void *ptr, size_t size)
- {
- #endif
- realloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return realloc(ptr, size);
- #else
- WOLFSSL_MSG("No realloc available");
- (void)ptr;
- (void)size;
- return NULL;
- #endif
- }
- #endif /* !WOLFSSL_NO_MALLOC */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- byte* b = NULL;
- #endif
- wolfSSL_Malloc_cb mc;
- wolfSSL_Free_cb fc;
- wolfSSL_Realloc_cb rc;
- WOLFSSL_ENTER("memcb_test");
- /* Save existing memory callbacks */
- ret = wolfSSL_GetAllocators(&mc, &fc, &rc);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- /* test realloc */
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_memcb);
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = NULL;
- /* Use API. */
- ret = wolfSSL_SetAllocators((wolfSSL_Malloc_cb)my_Malloc_cb,
- (wolfSSL_Free_cb)my_Free_cb,
- (wolfSSL_Realloc_cb)my_Realloc_cb);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_memcb);
- }
- b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef WOLFSSL_STATIC_MEMORY
- #ifndef WOLFSSL_CHECK_MEM_ZERO
- if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
- #else
- /* Checking zeroized memory means realloc is a malloc and free. */
- if (malloc_cnt != 2 || free_cnt != 2 || realloc_cnt != 0)
- #endif
- #else
- if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
- #endif
- ret = WC_TEST_RET_ENC_NC;
- #endif /* !WOLFSSL_NO_MALLOC */
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- exit_memcb:
- /* reset malloc/free/realloc counts */
- malloc_cnt = 0;
- free_cnt = 0;
- realloc_cnt = 0;
- #endif
- /* restore memory callbacks */
- wolfSSL_SetAllocators(mc, fc, rc);
- return ret;
- }
- #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
- #if defined(WOLFSSL_CAAM_BLOB)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void)
- {
- wc_test_ret_t ret = 0;
- byte out[112];
- byte blob[112];
- word32 outSz;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte text[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_ENTER("blob_test");
- XMEMSET(blob, 0, sizeof(blob));
- XMEMSET(out, 0, sizeof(out));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- blob[outSz - 2] += 1;
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret == 0) { /* should fail with altered blob */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- if (XMEMCMP(out, iv, sizeof(iv))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- if (XMEMCMP(out, text, sizeof(text))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
- }
- exit_blob:
- return ret;
- }
- #endif /* WOLFSSL_CAAM_BLOB */
- #ifdef WOLF_CRYPTO_CB
- /* Example custom context for crypto callback */
- typedef struct {
- int exampleVar; /* flag for testing if only crypt is enabled. */
- } myCryptoDevCtx;
- #ifdef WOLF_CRYPTO_CB_ONLY_RSA
- /* Testing rsa cb when CB_ONLY_RSA is enabled
- * When CB_ONLY_RSA is enabled, software imple. is not available.
- *
- * ctx callback ctx
- * returen 0 on success, otherwise return negative
- */
- static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_RSA)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *key = (RsaKey *)XMALLOC(sizeof *key,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte* tmp = NULL;
- #else
- RsaKey key[1];
- byte tmp[FOURK_BUF];
- #endif
- size_t bytes;
- const word32 inLen = (word32)TEST_STRING_SZ;
- word32 idx = 0;
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
- byte out[RSA_TEST_BYTES];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- #ifdef WOLFSSL_KEY_GEN
- WC_RNG rng;
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- bytes = (size_t)sizeof_client_key_der_3072;
- if (bytes < (size_t)sizeof_client_cert_der_3072)
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- bytes = (size_t)sizeof_client_key_der_4096;
- if (bytes < (size_t)sizeof_client_cert_der_4096)
- bytes = (size_t)sizeof_client_cert_der_4096;
- #else
- bytes = FOURK_BUF;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- ret = WC_TEST_RET_ENC_ERRNO;
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", ret);
- ERROR_OUT(ret, exit_onlycb);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
- #endif
- #ifdef WOLFSSL_KEY_GEN
- /* wc_CryptoCb_MakeRsaKey cb test, no actual making key
- * wc_MakeRsaKey() -> rsa cb ->
- * myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID)
- * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success)
- */
- ctx->exampleVar = 99;
- ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* wc_MakeRsaKey() -> rsa cb ->
- * myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID)
- * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure)
- */
- ctx->exampleVar = 1;
- ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- #endif
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- sigSz = (word32)wc_RsaEncryptSize(key);
- /* wc_CryptoCb_Rsa cb test, no actual rsa operation */
- if (ret == 0) {
- /* wc_SignatureGenerate() -> rsa cb ->
- * myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID)
- * wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success)
- */
- ctx->exampleVar = 99;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- in, inLen, out, &sigSz, key, sizeof(*key), NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- if (ret == 0) {
- /* wc_SignatureGenerate() -> rsa cb ->
- * myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID)
- * wc_SignatureGenerate(INVALID_DEVID) expects to
- * return NO_VALID_DEVID(failure)
- */
- ctx->exampleVar = 1;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- in, inLen, out, &sigSz, key, sizeof(*key), NULL);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- }
- exit_onlycb:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_FreeRsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_FreeRsaKey(key);
- #endif
- #endif
- return ret;
- }
- #endif
- #ifdef WOLF_CRYPTO_CB_ONLY_ECC
- /* Testing rsa cb when CB_ONLY_ECC is enabled
- * When CB_ONLY_ECC is enabled, software imple. is not available.
- *
- * ctx callback ctx
- * returen 0 on success, otherwise return negative
- */
- static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
- {
- wc_test_ret_t ret = 0;
- #if defined(HAVE_ECC)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key* key = (ecc_key *)XMALLOC(sizeof *key,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte* out = (byte*)XMALLOC(sizeof(byte),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef OPENSSL_EXTRA
- byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- ecc_key key[1];
- ecc_key pub[1];
- byte out[256];
- #ifdef OPENSSL_EXTRA
- unsigned char check[256];
- #endif
- #endif
- #ifdef OPENSSL_EXTRA
- EVP_PKEY* privKey = NULL;
- EVP_PKEY* pubKey = NULL;
- #ifdef USE_CERT_BUFFERS_256
- ecc_key* pkey;
- const unsigned char* cp;
- #endif
- EVP_MD_CTX mdCtx;
- const char testData[] = "Hi There";
- size_t checkSz = -1;
- const unsigned char* p;
- const unsigned char check_v[256] = {
- 0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09,
- 0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34,
- 0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff,
- 0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5,
- 0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08,
- 0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3,
- 0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b,
- 0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca,
- 0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5,
- 0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76,
- 0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7,
- 0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1,
- 0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d,
- 0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49,
- 0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80,
- 0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42,
- 0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82,
- 0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47,
- 0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8,
- 0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0,
- 0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f,
- 0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b,
- 0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2,
- 0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4,
- 0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
- 0xef,0x8c,0x94,0x6f,0xdd,0x62,
- };
- #endif
- WC_RNG rng;
- EncryptedInfo encInfo;
- int keyFormat = 0;
- word32 keyIdx = 0;
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- word32 outLen;
- int verify;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL || pub == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
- }
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* wc_CryptoCb_MakeEccKey cb test, , no actual testing */
- ctx->exampleVar = 99;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- #ifdef USE_CERT_BUFFERS_256
- if (ret == 0) {
- /* load ECC private key and perform private transform */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx,
- key, sizeof_ecc_key_der_256);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* wc_CryptoCb_EccSign cb test, no actual testing */
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- else
- ret = 0;
- /* wc_CryptoCb_EccVerify cb test, no actual testing */
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- else
- ret = 0;
- /* wc_CryptoCb_Ecdh cb test, no actual testing */
- /* make public key for shared secret */
- wc_ecc_init_ex(pub, HEAP_HINT, devId);
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, out, &outLen);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, out, &outLen);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- else
- ret = 0;
- #ifdef OPENSSL_EXTRA
- (void)pkey;
- cp = ecc_clikey_der_256;
- privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
- sizeof_ecc_clikey_der_256);
- if (privKey == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- pkey = (ecc_key*)privKey->ecc->internal;
- pkey->devId = devId;
- p = ecc_clikeypub_der_256;
- pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256);
- if (pubKey == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- pkey = (ecc_key*)pubKey->ecc->internal;
- pkey->devId = devId;
- /* sign */
- EVP_MD_CTX_init(&mdCtx);
- ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ret = EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData));
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz);
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ctx->exampleVar = 99;
- ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* restore checkSz for verify */
- checkSz = 71;
- ret = EVP_MD_CTX_cleanup(&mdCtx);
- if (ret != SSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- /* verify */
- EVP_MD_CTX_init(&mdCtx);
- if (ret == SSL_SUCCESS) {
- ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
- }
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData));
- }
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ctx->exampleVar = 99;
- ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID.
- */
- if (ret != -1) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ret = EVP_MD_CTX_cleanup(&mdCtx);
- if (ret != SSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- } else
- ret = 0;
- #endif
- #else
- (void)verify;
- (void)outLen;
- (void)inLen;
- (void)out;
- (void)pub;
- #ifdef OPENSSL_EXTRA
- (void)privKey;
- (void)pubKey;
- (void)mdCtx;
- (void)check;
- (void)checkSz;
- (void)p;
- #endif
- #endif
- (void)keyFormat;
- (void)encInfo;
- exit_onlycb:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub != NULL) {
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (out != NULL) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef OPENSSL_EXTRA
- if (check) {
- FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else
- wc_ecc_free(key);
- #ifdef OPENSSL_EXTRA
- if (privKey)
- EVP_PKEY_free(privKey);
- if (pubKey)
- EVP_PKEY_free(pubKey);
- #endif
- #endif
- #endif /* HAVE_ECC */
- return ret;
- }
- #endif
- /* Example crypto dev callback function that calls software version */
- static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
- {
- int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
- myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
- if (info == NULL)
- return BAD_FUNC_ARG;
- #ifdef DEBUG_WOLFSSL
- WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type);
- #endif
- if (info->algo_type == WC_ALGO_TYPE_RNG) {
- #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
- !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- /* if RNG only supports crypto callback, just use seed */
- ret = wc_GenerateSeed(&info->rng.rng->seed,
- info->rng.out, info->rng.sz);
- #elif !defined(WC_NO_RNG)
- /* set devId to invalid, so software is used */
- info->rng.rng->devId = INVALID_DEVID;
- ret = wc_RNG_GenerateBlock(info->rng.rng,
- info->rng.out, info->rng.sz);
- /* reset devId */
- info->rng.rng->devId = devIdArg;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_SEED) {
- #ifndef WC_NO_RNG
- ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
- word32* seedWord32 = (word32*)seed;
- word32 len;
- /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
- while (info->seed.sz > 0) {
- len = (word32)sizeof(seed);
- if (info->seed.sz < len)
- len = info->seed.sz;
- XMEMCPY(info->seed.seed, seed, sizeof(seed));
- info->seed.seed += len;
- info->seed.sz -= len;
- (*seedWord32)++;
- }
- ret = 0;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_PK) {
- #ifdef DEBUG_WOLFSSL
- WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type);
- #endif
- #ifndef NO_RSA
- if (info->pk.type == WC_PK_TYPE_RSA) {
- /* set devId to invalid, so software is used */
- info->pk.rsa.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.rsa.key->devId = devIdArg;
- return 0;
- }
- #endif
- switch (info->pk.rsa.type) {
- case RSA_PUBLIC_ENCRYPT:
- case RSA_PUBLIC_DECRYPT:
- /* perform software based RSA public op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- case RSA_PRIVATE_ENCRYPT:
- case RSA_PRIVATE_DECRYPT:
- /* perform software based RSA private op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- }
- /* reset devId */
- info->pk.rsa.key->devId = devIdArg;
- }
- #ifdef WOLFSSL_KEY_GEN
- else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
- info->pk.rsakg.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.rsakg.key->devId = devIdArg;
- return 0;
- }
- #endif
- #ifdef HAVE_FIPS
- for (;;) {
- #endif
- ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
- info->pk.rsakg.e, info->pk.rsakg.rng);
- #ifdef HAVE_FIPS
- if (ret == PRIME_GEN_E)
- continue;
- break;
- }
- #endif
- /* reset devId */
- info->pk.rsakg.key->devId = devIdArg;
- }
- #endif
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.eckg.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eckg.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
- info->pk.eckg.key, info->pk.eckg.curveId);
- /* reset devId */
- info->pk.eckg.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.eccsign.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eccsign.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_sign_hash(
- info->pk.eccsign.in, info->pk.eccsign.inlen,
- info->pk.eccsign.out, info->pk.eccsign.outlen,
- info->pk.eccsign.rng, info->pk.eccsign.key);
- /* reset devId */
- info->pk.eccsign.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.eccverify.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eccverify.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_verify_hash(
- info->pk.eccverify.sig, info->pk.eccverify.siglen,
- info->pk.eccverify.hash, info->pk.eccverify.hashlen,
- info->pk.eccverify.res, info->pk.eccverify.key);
- /* reset devId */
- info->pk.eccverify.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDH) {
- /* set devId to invalid, so software is used */
- info->pk.ecdh.private_key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.ecdh.private_key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_shared_secret(
- info->pk.ecdh.private_key, info->pk.ecdh.public_key,
- info->pk.ecdh.out, info->pk.ecdh.outlen);
- /* reset devId */
- info->pk.ecdh.private_key->devId = devIdArg;
- }
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.curve25519kg.key->devId = INVALID_DEVID;
- ret = wc_curve25519_make_key(info->pk.curve25519kg.rng,
- info->pk.curve25519kg.size, info->pk.curve25519kg.key);
- /* reset devId */
- info->pk.curve25519kg.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_CURVE25519) {
- /* set devId to invalid, so software is used */
- info->pk.curve25519.private_key->devId = INVALID_DEVID;
- ret = wc_curve25519_shared_secret_ex(
- info->pk.curve25519.private_key, info->pk.curve25519.public_key,
- info->pk.curve25519.out, info->pk.curve25519.outlen,
- info->pk.curve25519.endian);
- /* reset devId */
- info->pk.curve25519.private_key->devId = devIdArg;
- }
- #endif /* HAVE_CURVE25519 */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
- if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519kg.key->devId = INVALID_DEVID;
- ret = wc_ed25519_make_key(info->pk.ed25519kg.rng,
- info->pk.ed25519kg.size, info->pk.ed25519kg.key);
- /* reset devId */
- info->pk.ed25519kg.key->devId = devIdArg;
- }
- #ifdef HAVE_ED25519_SIGN
- else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519sign.key->devId = INVALID_DEVID;
- ret = wc_ed25519_sign_msg_ex(
- info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
- info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
- info->pk.ed25519sign.key, info->pk.ed25519sign.type,
- info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen);
- /* reset devId */
- info->pk.ed25519sign.key->devId = devIdArg;
- }
- #endif
- #ifdef HAVE_ED25519_VERIFY
- else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519verify.key->devId = INVALID_DEVID;
- ret = wc_ed25519_verify_msg_ex(
- info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen,
- info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen,
- info->pk.ed25519verify.res, info->pk.ed25519verify.key,
- info->pk.ed25519verify.type, info->pk.ed25519verify.context,
- info->pk.ed25519verify.contextLen);
- /* reset devId */
- info->pk.ed25519verify.key->devId = devIdArg;
- }
- #endif
- #endif /* HAVE_ED25519 */
- }
- else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
- #if !defined(NO_AES) || !defined(NO_DES3)
- #ifdef HAVE_AESGCM
- if (info->cipher.type == WC_CIPHER_AES_GCM) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmEncrypt(
- info->cipher.aesgcm_enc.aes,
- info->cipher.aesgcm_enc.out,
- info->cipher.aesgcm_enc.in,
- info->cipher.aesgcm_enc.sz,
- info->cipher.aesgcm_enc.iv,
- info->cipher.aesgcm_enc.ivSz,
- info->cipher.aesgcm_enc.authTag,
- info->cipher.aesgcm_enc.authTagSz,
- info->cipher.aesgcm_enc.authIn,
- info->cipher.aesgcm_enc.authInSz);
- /* reset devId */
- info->cipher.aesgcm_enc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmDecrypt(
- info->cipher.aesgcm_dec.aes,
- info->cipher.aesgcm_dec.out,
- info->cipher.aesgcm_dec.in,
- info->cipher.aesgcm_dec.sz,
- info->cipher.aesgcm_dec.iv,
- info->cipher.aesgcm_dec.ivSz,
- info->cipher.aesgcm_dec.authTag,
- info->cipher.aesgcm_dec.authTagSz,
- info->cipher.aesgcm_dec.authIn,
- info->cipher.aesgcm_dec.authInSz);
- /* reset devId */
- info->cipher.aesgcm_dec.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AESGCM */
- #ifdef HAVE_AES_CBC
- if (info->cipher.type == WC_CIPHER_AES_CBC) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcEncrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcDecrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- if (info->cipher.type == WC_CIPHER_AES_ECB) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesecb.aes->devId = INVALID_DEVID;
- ret = wc_AesEcbEncrypt(
- info->cipher.aesecb.aes,
- info->cipher.aesecb.out,
- info->cipher.aesecb.in,
- info->cipher.aesecb.sz);
- /* reset devId */
- info->cipher.aesecb.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesecb.aes->devId = INVALID_DEVID;
- ret = wc_AesEcbDecrypt(
- info->cipher.aesecb.aes,
- info->cipher.aesecb.out,
- info->cipher.aesecb.in,
- info->cipher.aesecb.sz);
- /* reset devId */
- info->cipher.aesecb.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AES_ECB */
- #if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_FIPS) && \
- !defined(HAVE_SELFTEST)
- if (info->cipher.type == WC_CIPHER_AES_CTR) {
- /* set devId to invalid, so software is used */
- info->cipher.aesctr.aes->devId = INVALID_DEVID;
- ret = wc_AesCtrEncrypt(
- info->cipher.aesctr.aes,
- info->cipher.aesctr.out,
- info->cipher.aesctr.in,
- info->cipher.aesctr.sz);
- /* reset devId */
- info->cipher.aesctr.aes->devId = devIdArg;
- }
- #endif /* WOLFSSL_AES_COUNTER */
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if (info->cipher.type == WC_CIPHER_AES_CCM) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesccm_enc.aes->devId = INVALID_DEVID;
- ret = wc_AesCcmEncrypt(
- info->cipher.aesccm_enc.aes,
- info->cipher.aesccm_enc.out,
- info->cipher.aesccm_enc.in,
- info->cipher.aesccm_enc.sz,
- info->cipher.aesccm_enc.nonce,
- info->cipher.aesccm_enc.nonceSz,
- info->cipher.aesccm_enc.authTag,
- info->cipher.aesccm_enc.authTagSz,
- info->cipher.aesccm_enc.authIn,
- info->cipher.aesccm_enc.authInSz);
- /* reset devId */
- info->cipher.aesccm_enc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesccm_dec.aes->devId = INVALID_DEVID;
- ret = wc_AesCcmDecrypt(
- info->cipher.aesccm_dec.aes,
- info->cipher.aesccm_dec.out,
- info->cipher.aesccm_dec.in,
- info->cipher.aesccm_dec.sz,
- info->cipher.aesccm_dec.nonce,
- info->cipher.aesccm_dec.nonceSz,
- info->cipher.aesccm_dec.authTag,
- info->cipher.aesccm_dec.authTagSz,
- info->cipher.aesccm_dec.authIn,
- info->cipher.aesccm_dec.authInSz);
- /* reset devId */
- info->cipher.aesccm_dec.aes->devId = devIdArg;
- }
- }
- #endif
- #ifndef NO_DES3
- if (info->cipher.type == WC_CIPHER_DES3) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcEncrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcDecrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- }
- #endif /* !NO_DES3 */
- #endif /* !NO_AES || !NO_DES3 */
- }
- #if !defined(NO_SHA) || !defined(NO_SHA256) || \
- defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
- else if (info->algo_type == WC_ALGO_TYPE_HASH) {
- #if !defined(NO_SHA)
- if (info->hash.type == WC_HASH_TYPE_SHA) {
- if (info->hash.sha1 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha1->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_ShaUpdate(
- info->hash.sha1,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_ShaFinal(
- info->hash.sha1,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha1->devId = devIdArg;
- }
- else
- #endif
- #if !defined(NO_SHA256)
- if (info->hash.type == WC_HASH_TYPE_SHA256) {
- if (info->hash.sha256 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha256->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_Sha256Update(
- info->hash.sha256,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha256Final(
- info->hash.sha256,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha256->devId = devIdArg;
- }
- else
- #endif
- #ifdef WOLFSSL_SHA384
- if (info->hash.type == WC_HASH_TYPE_SHA384) {
- if (info->hash.sha384 == NULL)
- return NOT_COMPILED_IN;
- #ifndef NO_SHA2_CRYPTO_CB
- /* set devId to invalid, so software is used */
- info->hash.sha384->devId = INVALID_DEVID;
- #endif
- if (info->hash.in != NULL) {
- ret = wc_Sha384Update(
- info->hash.sha384,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha384Final(
- info->hash.sha384,
- info->hash.digest);
- }
- #ifndef NO_SHA2_CRYPTO_CB
- /* reset devId */
- info->hash.sha384->devId = devIdArg;
- #endif
- }
- else
- #endif
- #ifdef WOLFSSL_SHA512
- if (info->hash.type == WC_HASH_TYPE_SHA512) {
- if (info->hash.sha512 == NULL)
- return NOT_COMPILED_IN;
- #ifndef NO_SHA2_CRYPTO_CB
- /* set devId to invalid, so software is used */
- info->hash.sha512->devId = INVALID_DEVID;
- #endif
- if (info->hash.in != NULL) {
- ret = wc_Sha512Update(
- info->hash.sha512,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha512Final(
- info->hash.sha512,
- info->hash.digest);
- }
- #ifndef NO_SHA2_CRYPTO_CB
- /* reset devId */
- info->hash.sha512->devId = devIdArg;
- #endif
- }
- else
- #endif
- {
- }
- }
- #endif /* !NO_SHA || !NO_SHA256 */
- #ifndef NO_HMAC
- else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
- if (info->hmac.hmac == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hmac.hmac->devId = INVALID_DEVID;
- if (info->hmac.in != NULL) {
- ret = wc_HmacUpdate(
- info->hmac.hmac,
- info->hmac.in,
- info->hmac.inSz);
- }
- else if (info->hmac.digest != NULL) {
- ret = wc_HmacFinal(
- info->hmac.hmac,
- info->hmac.digest);
- }
- /* reset devId */
- info->hmac.hmac->devId = devIdArg;
- }
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
- if (info->cmac.cmac == NULL) {
- return NOT_COMPILED_IN;
- }
- /* set devId to invalid so software is used */
- info->cmac.cmac->devId = INVALID_DEVID;
- /* Handle one-shot cases */
- if (info->cmac.key != NULL && info->cmac.in != NULL
- && info->cmac.out != NULL) {
- ret = wc_AesCmacGenerate(info->cmac.out,
- info->cmac.outSz,
- info->cmac.in,
- info->cmac.inSz,
- info->cmac.key,
- info->cmac.keySz);
- /* Sequentially handle incremental cases */
- } else {
- if (info->cmac.key != NULL) {
- ret = wc_InitCmac(info->cmac.cmac,
- info->cmac.key,
- info->cmac.keySz,
- info->cmac.type,
- NULL);
- }
- if ((ret == 0) && (info->cmac.in != NULL)) {
- ret = wc_CmacUpdate(info->cmac.cmac,
- info->cmac.in,
- info->cmac.inSz);
- }
- if ((ret ==0) && (info->cmac.out != NULL)) {
- ret = wc_CmacFinal(info->cmac.cmac,
- info->cmac.out,
- info->cmac.outSz);
- }
- }
- /* reset devId */
- info->cmac.cmac->devId = devIdArg;
- }
- #endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */
- (void)devIdArg;
- (void)myCtx;
- return ret;
- }
- #ifdef WOLF_CRYPTO_CB_FIND
- static int myCryptoCbFind(int currentId, int algoType)
- {
- /* can have algo specific overrides here
- switch (algoType) {
- i.e.
- WC_ALGO_TYPE_CMAC
- WC_ALGO_TYPE_SEED
- WC_ALGO_TYPE_HMAC
- WC_ALGO_TYPE_HASH
- WC_ALGO_TYPE_CIPHER
- WC_ALGO_TYPE_PK
- }
- */
- (void)algoType;
- if (currentId == INVALID_DEVID) {
- /* can override invalid devid found with 1 */
- }
- return currentId;
- }
- #endif /* WOLF_CRYPTO_CB_FIND */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
- {
- wc_test_ret_t ret = 0;
- int origDevId = devId;
- myCryptoDevCtx myCtx;
- WOLFSSL_ENTER("cryptocb_test");
- /* example data for callback */
- myCtx.exampleVar = 1;
- /* set devId to something other than INVALID_DEVID */
- devId = 1;
- ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
- #ifdef WOLF_CRYPTO_CB_FIND
- wc_CryptoCb_SetDeviceFindCb(myCryptoCbFind);
- #endif /* WOLF_CRYPTO_CB_FIND */
- #ifndef WC_NO_RNG
- if (ret == 0)
- ret = random_test();
- #endif /* WC_NO_RNG */
- #if !defined(NO_RSA)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = rsa_test();
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = rsa_onlycb_test(&myCtx);
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(HAVE_ECC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ecc_test();
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ecc_onlycb_test(&myCtx);
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef HAVE_ED25519
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ed25519_test();
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef HAVE_CURVE25519
- if (ret == 0)
- ret = curve25519_test();
- #endif
- #ifndef NO_AES
- #ifdef HAVE_AESGCM
- if (ret == 0)
- ret = aesgcm_test();
- #endif
- #ifdef HAVE_AES_CBC
- if (ret == 0)
- ret = aes_test();
- #endif
- #ifdef WOLFSSL_AES_XTS
- if (ret == 0)
- ret = aes_xts_test();
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if (ret == 0)
- ret = aesccm_test();
- #endif
- #endif /* !NO_AES */
- #ifndef NO_DES3
- if (ret == 0)
- ret = des3_test();
- #endif /* !NO_DES3 */
- #ifndef NO_SHA
- if (ret == 0)
- ret = sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = sha256_test();
- #endif
- #ifdef WOLFSSL_SHA384
- if (ret == 0)
- ret = sha384_test();
- #endif
- #ifdef WOLFSSL_SHA512
- if (ret == 0)
- ret = sha512_test();
- #endif
- #ifndef NO_HMAC
- #ifndef NO_SHA
- if (ret == 0)
- ret = hmac_sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = hmac_sha256_test();
- #endif
- #endif
- #ifndef NO_PWDBASED
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = pbkdf2_test();
- PRIVATE_KEY_LOCK();
- #endif
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if (ret == 0)
- ret = cmac_test();
- #endif
- /* restore devId */
- devId = origDevId;
- return ret;
- }
- #endif /* WOLF_CRYPTO_CB */
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void)
- {
- wc_test_ret_t ret;
- wc_CertPIV piv;
- /* Template for Identiv PIV cert, nonce and signature */
- WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
- 0x0A, 0x0B,
- 0x53, 0x09, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x05, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- 0x0B, 0x01, 0x00, /* Nonce */
- 0x0C, 0x01, 0x00, /* Signed Nonce */
- };
- /* PIV certificate data including certificate, info and error detection. */
- WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
- 0x53, 0x09, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x04, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- };
- WOLFSSL_ENTER("certpiv_test");
- XMEMSET(&piv, 0, sizeof(piv));
- /* Test with Identiv 0x0A, 0x0B and 0x0C markers */
- ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (!piv.isIdentiv) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.cert == NULL) || (piv.certSz != 2)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
- return WC_TEST_RET_ENC_NC;
- }
- if (!piv.isX509) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(&piv, 0, sizeof(piv));
- /* Test with NIST PIV format */
- ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (piv.isIdentiv) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.cert == NULL) || (piv.certSz != 2)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.compression != 0)) {
- return WC_TEST_RET_ENC_NC;
- }
- if (!piv.isX509) {
- return WC_TEST_RET_ENC_NC;
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_PIV */
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- static time_t time_cb(time_t* t)
- {
- if (t != NULL) {
- *t = 99;
- }
- return 99;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void)
- {
- time_t t;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("time_test");
- ret = wc_SetTimeCb(time_cb);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- t = wc_Time(NULL);
- if (t != 99)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetTime(&t, sizeof(time_t));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (t != 99)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetTimeCb(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_AES_SIV
- typedef struct {
- const byte key[33];
- word32 keySz;
- const byte nonce[49];
- word32 nonceSz;
- const byte assoc[81];
- word32 assocSz;
- const byte plaintext[83];
- word32 plaintextSz;
- const byte siv[AES_BLOCK_SIZE+1];
- const byte ciphertext[82];
- word32 ciphertextSz;
- } AesSivTestVector;
- #define AES_SIV_TEST_VECTORS 7
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
- {
- /* These test vectors come from chrony 4.1's SIV unit tests. */
- WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "", 0,
- "", 0,
- "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
- "", 0
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "", 0,
- "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
- "", 0
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "", 0,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
- "\x14\xff\xb3\x97\x34\x5c\xcb\xe4\x4a\xa4\xde\xac\xd9\x36\x90\x46", 16
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
- "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
- "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
- "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
- "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\xd5", 17,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
- "\xa0", 17,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
- "\x08", 17,
- "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
- "\xa5\x11\xcd\xb6\x08\xf3\x76\xa0\xb6\xfa\x15\x82\xf3\x95\xe1\xeb"
- "\xbd", 17
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
- "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
- "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
- "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
- "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
- "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
- "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
- "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
- "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
- "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
- "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
- "\xae\x81\xa1\xca\x5b\x5f\x45\xa6\x6f\x0c\x8a\xf3\xd4\x67\x40\x81"
- "\x26\xe2\x01\x86\xe8\x5a\xd5\xf8\x58\x80\x9f\x56\xaa\x76\x96\xbf"
- "\x31", 81,
- "\x9a\x06\x33\xe0\xee\x00\x6a\x9b\xc8\x20\xd5\xe2\xc2\xed\xb5\x75",
- "\xfa\x9e\x42\x2a\x31\x6b\xda\xca\xaa\x7d\x31\x8b\x84\x7a\xb8\xd7"
- "\x8a\x81\x25\x64\xed\x41\x9b\xa9\x77\x10\xbd\x05\x0c\x4e\xc5\x31"
- "\x0c\xa2\x86\xec\x8a\x94\xc8\x24\x23\x3c\x13\xee\xa5\x51\xc9\xdf"
- "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
- "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
- "\xa1", 81
- }};
- int i;
- byte computedCiphertext[82];
- byte computedPlaintext[82];
- byte siv[AES_BLOCK_SIZE];
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("aes_siv_test");
- for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
- ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
- testVectors[i].assoc, testVectors[i].assocSz,
- testVectors[i].nonce, testVectors[i].nonceSz,
- testVectors[i].plaintext,
- testVectors[i].plaintextSz, siv,
- computedCiphertext);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = XMEMCMP(siv, testVectors[i].siv, AES_BLOCK_SIZE);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
- testVectors[i].ciphertextSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
- testVectors[i].assoc, testVectors[i].assocSz,
- testVectors[i].nonce, testVectors[i].nonceSz,
- computedCiphertext, testVectors[i].plaintextSz,
- siv, computedPlaintext);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
- testVectors[i].plaintextSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- #endif
- #undef ERROR_OUT
- static const int fiducial4 = WC_TEST_RET_LN;
- /* print the fiducial line numbers assigned above, allowing confirmation of
- * source code version match when in doubt.
- */
- static void print_fiducials(void) {
- printf(" [fiducial line numbers: %d %d %d %d]\n",
- fiducial1, fiducial2, fiducial3, fiducial4);
- }
- #else
- #ifndef NO_MAIN_DRIVER
- int main(void) { return 0; }
- #endif
- #endif /* NO_CRYPT_TEST */
|