1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731217322173321734217352173621737217382173921740217412174221743217442174521746217472174821749217502175121752217532175421755217562175721758217592176021761217622176321764217652176621767217682176921770217712177221773217742177521776217772177821779217802178121782217832178421785217862178721788217892179021791217922179321794217952179621797217982179921800218012180221803218042180521806218072180821809218102181121812218132181421815218162181721818218192182021821218222182321824218252182621827218282182921830218312183221833218342183521836218372183821839218402184121842218432184421845218462184721848218492185021851218522185321854218552185621857218582185921860218612186221863218642186521866218672186821869218702187121872218732187421875218762187721878218792188021881218822188321884218852188621887218882188921890218912189221893218942189521896218972189821899219002190121902219032190421905219062190721908219092191021911219122191321914219152191621917219182191921920219212192221923219242192521926219272192821929219302193121932219332193421935219362193721938219392194021941219422194321944219452194621947219482194921950219512195221953219542195521956219572195821959219602196121962219632196421965219662196721968219692197021971219722197321974219752197621977219782197921980219812198221983219842198521986219872198821989219902199121992219932199421995219962199721998219992200022001220022200322004220052200622007220082200922010220112201222013220142201522016220172201822019220202202122022220232202422025220262202722028220292203022031220322203322034220352203622037220382203922040220412204222043220442204522046220472204822049220502205122052220532205422055220562205722058220592206022061220622206322064220652206622067220682206922070220712207222073220742207522076220772207822079220802208122082220832208422085220862208722088220892209022091220922209322094220952209622097220982209922100221012210222103221042210522106221072210822109221102211122112221132211422115221162211722118221192212022121221222212322124221252212622127221282212922130221312213222133221342213522136221372213822139221402214122142221432214422145221462214722148221492215022151221522215322154221552215622157221582215922160221612216222163221642216522166221672216822169221702217122172221732217422175221762217722178221792218022181221822218322184221852218622187221882218922190221912219222193221942219522196221972219822199222002220122202222032220422205222062220722208222092221022211222122221322214222152221622217222182221922220222212222222223222242222522226222272222822229222302223122232222332223422235222362223722238222392224022241222422224322244222452224622247222482224922250222512225222253222542225522256222572225822259222602226122262222632226422265222662226722268222692227022271222722227322274222752227622277222782227922280222812228222283222842228522286222872228822289222902229122292222932229422295222962229722298222992230022301223022230322304223052230622307223082230922310223112231222313223142231522316223172231822319223202232122322223232232422325223262232722328223292233022331223322233322334223352233622337223382233922340223412234222343223442234522346223472234822349223502235122352223532235422355223562235722358223592236022361223622236322364223652236622367223682236922370223712237222373223742237522376223772237822379223802238122382223832238422385223862238722388223892239022391223922239322394223952239622397223982239922400224012240222403224042240522406224072240822409224102241122412224132241422415224162241722418224192242022421224222242322424224252242622427224282242922430224312243222433224342243522436224372243822439224402244122442224432244422445224462244722448224492245022451224522245322454224552245622457224582245922460224612246222463224642246522466224672246822469224702247122472224732247422475224762247722478224792248022481224822248322484224852248622487224882248922490224912249222493224942249522496224972249822499225002250122502225032250422505225062250722508225092251022511225122251322514225152251622517225182251922520225212252222523225242252522526225272252822529225302253122532225332253422535225362253722538225392254022541225422254322544225452254622547225482254922550225512255222553225542255522556225572255822559225602256122562225632256422565225662256722568225692257022571225722257322574225752257622577225782257922580225812258222583225842258522586225872258822589225902259122592225932259422595225962259722598225992260022601226022260322604226052260622607226082260922610226112261222613226142261522616226172261822619226202262122622226232262422625226262262722628226292263022631226322263322634226352263622637226382263922640226412264222643226442264522646226472264822649226502265122652226532265422655226562265722658226592266022661226622266322664226652266622667226682266922670226712267222673226742267522676226772267822679226802268122682226832268422685226862268722688226892269022691226922269322694226952269622697226982269922700227012270222703227042270522706227072270822709227102271122712227132271422715227162271722718227192272022721227222272322724227252272622727227282272922730227312273222733227342273522736227372273822739227402274122742227432274422745227462274722748227492275022751227522275322754227552275622757227582275922760227612276222763227642276522766227672276822769227702277122772227732277422775227762277722778227792278022781227822278322784227852278622787227882278922790227912279222793227942279522796227972279822799228002280122802228032280422805228062280722808228092281022811228122281322814228152281622817228182281922820228212282222823228242282522826228272282822829228302283122832228332283422835228362283722838228392284022841228422284322844228452284622847228482284922850228512285222853228542285522856228572285822859228602286122862228632286422865228662286722868228692287022871228722287322874228752287622877228782287922880228812288222883228842288522886228872288822889228902289122892228932289422895228962289722898228992290022901229022290322904229052290622907229082290922910229112291222913229142291522916229172291822919229202292122922229232292422925229262292722928229292293022931229322293322934229352293622937229382293922940229412294222943229442294522946229472294822949229502295122952229532295422955229562295722958229592296022961229622296322964229652296622967229682296922970229712297222973229742297522976229772297822979229802298122982229832298422985229862298722988229892299022991229922299322994229952299622997229982299923000230012300223003230042300523006230072300823009230102301123012230132301423015230162301723018230192302023021230222302323024230252302623027230282302923030230312303223033230342303523036230372303823039230402304123042230432304423045230462304723048230492305023051230522305323054230552305623057230582305923060230612306223063230642306523066230672306823069230702307123072230732307423075230762307723078230792308023081230822308323084230852308623087230882308923090230912309223093230942309523096230972309823099231002310123102231032310423105231062310723108231092311023111231122311323114231152311623117231182311923120231212312223123231242312523126231272312823129231302313123132231332313423135231362313723138231392314023141231422314323144231452314623147231482314923150231512315223153231542315523156231572315823159231602316123162231632316423165231662316723168231692317023171231722317323174231752317623177231782317923180231812318223183231842318523186231872318823189231902319123192231932319423195231962319723198231992320023201232022320323204232052320623207232082320923210232112321223213232142321523216232172321823219232202322123222232232322423225232262322723228232292323023231232322323323234232352323623237232382323923240232412324223243232442324523246232472324823249232502325123252232532325423255232562325723258232592326023261232622326323264232652326623267232682326923270232712327223273232742327523276232772327823279232802328123282232832328423285232862328723288232892329023291232922329323294232952329623297232982329923300233012330223303233042330523306233072330823309233102331123312233132331423315233162331723318233192332023321233222332323324233252332623327233282332923330233312333223333233342333523336233372333823339233402334123342233432334423345233462334723348233492335023351233522335323354233552335623357233582335923360233612336223363233642336523366233672336823369233702337123372233732337423375233762337723378233792338023381233822338323384233852338623387233882338923390233912339223393233942339523396233972339823399234002340123402234032340423405234062340723408234092341023411234122341323414234152341623417234182341923420234212342223423234242342523426234272342823429234302343123432234332343423435234362343723438234392344023441234422344323444234452344623447234482344923450234512345223453234542345523456234572345823459234602346123462234632346423465234662346723468234692347023471234722347323474234752347623477234782347923480234812348223483234842348523486234872348823489234902349123492234932349423495234962349723498234992350023501235022350323504235052350623507235082350923510235112351223513235142351523516235172351823519235202352123522235232352423525235262352723528235292353023531235322353323534235352353623537235382353923540235412354223543235442354523546235472354823549235502355123552235532355423555235562355723558235592356023561235622356323564235652356623567235682356923570235712357223573235742357523576235772357823579235802358123582235832358423585235862358723588235892359023591235922359323594235952359623597235982359923600236012360223603236042360523606236072360823609236102361123612236132361423615236162361723618236192362023621236222362323624236252362623627236282362923630236312363223633236342363523636236372363823639236402364123642236432364423645236462364723648236492365023651236522365323654236552365623657236582365923660236612366223663236642366523666236672366823669236702367123672236732367423675236762367723678236792368023681236822368323684236852368623687236882368923690236912369223693236942369523696236972369823699237002370123702237032370423705237062370723708237092371023711237122371323714237152371623717237182371923720237212372223723237242372523726237272372823729237302373123732237332373423735237362373723738237392374023741237422374323744237452374623747237482374923750237512375223753237542375523756237572375823759237602376123762237632376423765237662376723768237692377023771237722377323774237752377623777237782377923780237812378223783237842378523786237872378823789237902379123792237932379423795237962379723798237992380023801238022380323804238052380623807238082380923810238112381223813238142381523816238172381823819238202382123822238232382423825238262382723828238292383023831238322383323834238352383623837238382383923840238412384223843238442384523846238472384823849238502385123852238532385423855238562385723858238592386023861238622386323864238652386623867238682386923870238712387223873238742387523876238772387823879238802388123882238832388423885238862388723888238892389023891238922389323894238952389623897238982389923900239012390223903239042390523906239072390823909239102391123912239132391423915239162391723918239192392023921239222392323924239252392623927239282392923930239312393223933239342393523936239372393823939239402394123942239432394423945239462394723948239492395023951239522395323954239552395623957239582395923960239612396223963239642396523966239672396823969239702397123972239732397423975239762397723978239792398023981239822398323984239852398623987239882398923990239912399223993239942399523996239972399823999240002400124002240032400424005240062400724008240092401024011240122401324014240152401624017240182401924020240212402224023240242402524026240272402824029240302403124032240332403424035240362403724038240392404024041240422404324044240452404624047240482404924050240512405224053240542405524056240572405824059240602406124062240632406424065240662406724068240692407024071240722407324074240752407624077240782407924080240812408224083240842408524086240872408824089240902409124092240932409424095240962409724098240992410024101241022410324104241052410624107241082410924110241112411224113241142411524116241172411824119241202412124122241232412424125241262412724128241292413024131241322413324134241352413624137241382413924140241412414224143241442414524146241472414824149241502415124152241532415424155241562415724158241592416024161241622416324164241652416624167241682416924170241712417224173241742417524176241772417824179241802418124182241832418424185241862418724188241892419024191241922419324194241952419624197241982419924200242012420224203242042420524206242072420824209242102421124212242132421424215242162421724218242192422024221242222422324224242252422624227242282422924230242312423224233242342423524236242372423824239242402424124242242432424424245242462424724248242492425024251242522425324254242552425624257242582425924260242612426224263242642426524266242672426824269242702427124272242732427424275242762427724278242792428024281242822428324284242852428624287242882428924290242912429224293242942429524296242972429824299243002430124302243032430424305243062430724308243092431024311243122431324314243152431624317243182431924320243212432224323243242432524326243272432824329243302433124332243332433424335243362433724338243392434024341243422434324344243452434624347243482434924350243512435224353243542435524356243572435824359243602436124362243632436424365243662436724368243692437024371243722437324374243752437624377243782437924380243812438224383243842438524386243872438824389243902439124392243932439424395243962439724398243992440024401244022440324404244052440624407244082440924410244112441224413244142441524416244172441824419244202442124422244232442424425244262442724428244292443024431244322443324434244352443624437244382443924440244412444224443244442444524446244472444824449244502445124452244532445424455244562445724458244592446024461244622446324464244652446624467244682446924470244712447224473244742447524476244772447824479244802448124482244832448424485244862448724488244892449024491244922449324494244952449624497244982449924500245012450224503245042450524506245072450824509245102451124512245132451424515245162451724518245192452024521245222452324524245252452624527245282452924530245312453224533245342453524536245372453824539245402454124542245432454424545245462454724548245492455024551245522455324554245552455624557245582455924560245612456224563245642456524566245672456824569245702457124572245732457424575245762457724578245792458024581245822458324584245852458624587245882458924590245912459224593245942459524596245972459824599246002460124602246032460424605246062460724608246092461024611246122461324614246152461624617246182461924620246212462224623246242462524626246272462824629246302463124632246332463424635246362463724638246392464024641246422464324644246452464624647246482464924650246512465224653246542465524656246572465824659246602466124662246632466424665246662466724668246692467024671246722467324674246752467624677246782467924680246812468224683246842468524686246872468824689246902469124692246932469424695246962469724698246992470024701247022470324704247052470624707247082470924710247112471224713247142471524716247172471824719247202472124722247232472424725247262472724728247292473024731247322473324734247352473624737247382473924740247412474224743247442474524746247472474824749247502475124752247532475424755247562475724758247592476024761247622476324764247652476624767247682476924770247712477224773247742477524776247772477824779247802478124782247832478424785247862478724788247892479024791247922479324794247952479624797247982479924800248012480224803248042480524806248072480824809248102481124812248132481424815248162481724818248192482024821248222482324824248252482624827248282482924830248312483224833248342483524836248372483824839248402484124842248432484424845248462484724848248492485024851248522485324854248552485624857248582485924860248612486224863248642486524866248672486824869248702487124872248732487424875248762487724878248792488024881248822488324884248852488624887248882488924890248912489224893248942489524896248972489824899249002490124902249032490424905249062490724908249092491024911249122491324914249152491624917249182491924920249212492224923249242492524926249272492824929249302493124932249332493424935249362493724938249392494024941249422494324944249452494624947249482494924950249512495224953249542495524956249572495824959249602496124962249632496424965249662496724968249692497024971249722497324974249752497624977249782497924980249812498224983249842498524986249872498824989249902499124992249932499424995249962499724998249992500025001250022500325004250052500625007250082500925010250112501225013250142501525016250172501825019250202502125022250232502425025250262502725028250292503025031250322503325034250352503625037250382503925040250412504225043250442504525046250472504825049250502505125052250532505425055250562505725058250592506025061250622506325064250652506625067250682506925070250712507225073250742507525076250772507825079250802508125082250832508425085250862508725088250892509025091250922509325094250952509625097250982509925100251012510225103251042510525106251072510825109251102511125112251132511425115251162511725118251192512025121251222512325124251252512625127251282512925130251312513225133251342513525136251372513825139251402514125142251432514425145251462514725148251492515025151251522515325154251552515625157251582515925160251612516225163251642516525166251672516825169251702517125172251732517425175251762517725178251792518025181251822518325184251852518625187251882518925190251912519225193251942519525196251972519825199252002520125202252032520425205252062520725208252092521025211252122521325214252152521625217252182521925220252212522225223252242522525226252272522825229252302523125232252332523425235252362523725238252392524025241252422524325244252452524625247252482524925250252512525225253252542525525256252572525825259252602526125262252632526425265252662526725268252692527025271252722527325274252752527625277252782527925280252812528225283252842528525286252872528825289252902529125292252932529425295252962529725298252992530025301253022530325304253052530625307253082530925310253112531225313253142531525316253172531825319253202532125322253232532425325253262532725328253292533025331253322533325334253352533625337253382533925340253412534225343253442534525346253472534825349253502535125352253532535425355253562535725358253592536025361253622536325364253652536625367253682536925370253712537225373253742537525376253772537825379253802538125382253832538425385253862538725388253892539025391253922539325394253952539625397253982539925400254012540225403254042540525406254072540825409254102541125412254132541425415254162541725418254192542025421254222542325424254252542625427254282542925430254312543225433254342543525436254372543825439254402544125442254432544425445254462544725448254492545025451254522545325454254552545625457254582545925460254612546225463254642546525466254672546825469254702547125472254732547425475254762547725478254792548025481254822548325484254852548625487254882548925490254912549225493254942549525496254972549825499255002550125502255032550425505255062550725508255092551025511255122551325514255152551625517255182551925520255212552225523255242552525526255272552825529255302553125532255332553425535255362553725538255392554025541255422554325544255452554625547255482554925550255512555225553255542555525556255572555825559255602556125562255632556425565255662556725568255692557025571255722557325574255752557625577255782557925580255812558225583255842558525586255872558825589255902559125592255932559425595255962559725598255992560025601256022560325604256052560625607256082560925610256112561225613256142561525616256172561825619256202562125622256232562425625256262562725628256292563025631256322563325634256352563625637256382563925640256412564225643256442564525646256472564825649256502565125652256532565425655256562565725658256592566025661256622566325664256652566625667256682566925670256712567225673256742567525676256772567825679256802568125682256832568425685256862568725688256892569025691256922569325694256952569625697256982569925700257012570225703257042570525706257072570825709257102571125712257132571425715257162571725718257192572025721257222572325724257252572625727257282572925730257312573225733257342573525736257372573825739257402574125742257432574425745257462574725748257492575025751257522575325754257552575625757257582575925760257612576225763257642576525766257672576825769257702577125772257732577425775257762577725778257792578025781257822578325784257852578625787257882578925790257912579225793257942579525796257972579825799258002580125802258032580425805258062580725808258092581025811258122581325814258152581625817258182581925820258212582225823258242582525826258272582825829258302583125832258332583425835258362583725838258392584025841258422584325844258452584625847258482584925850258512585225853258542585525856258572585825859258602586125862258632586425865258662586725868258692587025871258722587325874258752587625877258782587925880258812588225883258842588525886258872588825889258902589125892258932589425895258962589725898258992590025901259022590325904259052590625907259082590925910259112591225913259142591525916259172591825919259202592125922259232592425925259262592725928259292593025931259322593325934259352593625937259382593925940259412594225943259442594525946259472594825949259502595125952259532595425955259562595725958259592596025961259622596325964259652596625967259682596925970259712597225973259742597525976259772597825979259802598125982259832598425985259862598725988259892599025991259922599325994259952599625997259982599926000260012600226003260042600526006260072600826009260102601126012260132601426015260162601726018260192602026021260222602326024260252602626027260282602926030260312603226033260342603526036260372603826039260402604126042260432604426045260462604726048260492605026051260522605326054260552605626057260582605926060260612606226063260642606526066260672606826069260702607126072260732607426075260762607726078260792608026081260822608326084260852608626087260882608926090260912609226093260942609526096260972609826099261002610126102261032610426105261062610726108261092611026111261122611326114261152611626117261182611926120261212612226123261242612526126261272612826129261302613126132261332613426135261362613726138261392614026141261422614326144261452614626147261482614926150261512615226153261542615526156261572615826159261602616126162261632616426165261662616726168261692617026171261722617326174261752617626177261782617926180261812618226183261842618526186261872618826189261902619126192261932619426195261962619726198261992620026201262022620326204262052620626207262082620926210262112621226213262142621526216262172621826219262202622126222262232622426225262262622726228262292623026231262322623326234262352623626237262382623926240262412624226243262442624526246262472624826249262502625126252262532625426255262562625726258262592626026261262622626326264262652626626267262682626926270262712627226273262742627526276262772627826279262802628126282262832628426285262862628726288262892629026291262922629326294262952629626297262982629926300263012630226303263042630526306263072630826309263102631126312263132631426315263162631726318263192632026321263222632326324263252632626327263282632926330263312633226333263342633526336263372633826339263402634126342263432634426345263462634726348263492635026351263522635326354263552635626357263582635926360263612636226363263642636526366263672636826369263702637126372263732637426375263762637726378263792638026381263822638326384263852638626387263882638926390263912639226393263942639526396263972639826399264002640126402264032640426405264062640726408264092641026411264122641326414264152641626417264182641926420264212642226423264242642526426264272642826429264302643126432264332643426435264362643726438264392644026441264422644326444264452644626447264482644926450264512645226453264542645526456264572645826459264602646126462264632646426465264662646726468264692647026471264722647326474264752647626477264782647926480264812648226483264842648526486264872648826489264902649126492264932649426495264962649726498264992650026501265022650326504265052650626507265082650926510265112651226513265142651526516265172651826519265202652126522265232652426525265262652726528265292653026531265322653326534265352653626537265382653926540265412654226543265442654526546265472654826549265502655126552265532655426555265562655726558265592656026561265622656326564265652656626567265682656926570265712657226573265742657526576265772657826579265802658126582265832658426585265862658726588265892659026591265922659326594265952659626597265982659926600266012660226603266042660526606266072660826609266102661126612266132661426615266162661726618266192662026621266222662326624266252662626627266282662926630266312663226633266342663526636266372663826639266402664126642266432664426645266462664726648266492665026651266522665326654266552665626657266582665926660266612666226663266642666526666266672666826669266702667126672266732667426675266762667726678266792668026681266822668326684266852668626687266882668926690266912669226693266942669526696266972669826699267002670126702267032670426705267062670726708267092671026711267122671326714267152671626717267182671926720267212672226723267242672526726267272672826729267302673126732267332673426735267362673726738267392674026741267422674326744267452674626747267482674926750267512675226753267542675526756267572675826759267602676126762267632676426765267662676726768267692677026771267722677326774267752677626777267782677926780267812678226783267842678526786267872678826789267902679126792267932679426795267962679726798267992680026801268022680326804268052680626807268082680926810268112681226813268142681526816268172681826819268202682126822268232682426825268262682726828268292683026831268322683326834268352683626837268382683926840268412684226843268442684526846268472684826849268502685126852268532685426855268562685726858268592686026861268622686326864268652686626867268682686926870268712687226873268742687526876268772687826879268802688126882268832688426885268862688726888268892689026891268922689326894268952689626897268982689926900269012690226903269042690526906269072690826909269102691126912269132691426915269162691726918269192692026921269222692326924269252692626927269282692926930269312693226933269342693526936269372693826939269402694126942269432694426945269462694726948269492695026951269522695326954269552695626957269582695926960269612696226963269642696526966269672696826969269702697126972269732697426975269762697726978269792698026981269822698326984269852698626987269882698926990269912699226993269942699526996269972699826999270002700127002270032700427005270062700727008270092701027011270122701327014270152701627017270182701927020270212702227023270242702527026270272702827029270302703127032270332703427035270362703727038270392704027041270422704327044270452704627047270482704927050270512705227053270542705527056270572705827059270602706127062270632706427065270662706727068270692707027071270722707327074270752707627077270782707927080270812708227083270842708527086270872708827089270902709127092270932709427095270962709727098270992710027101271022710327104271052710627107271082710927110271112711227113271142711527116271172711827119271202712127122271232712427125271262712727128271292713027131271322713327134271352713627137271382713927140271412714227143271442714527146271472714827149271502715127152271532715427155271562715727158271592716027161271622716327164271652716627167271682716927170271712717227173271742717527176271772717827179271802718127182271832718427185271862718727188271892719027191271922719327194271952719627197271982719927200272012720227203272042720527206272072720827209272102721127212272132721427215272162721727218272192722027221272222722327224272252722627227272282722927230272312723227233272342723527236272372723827239272402724127242272432724427245272462724727248272492725027251272522725327254272552725627257272582725927260272612726227263272642726527266272672726827269272702727127272272732727427275272762727727278272792728027281272822728327284272852728627287272882728927290272912729227293272942729527296272972729827299273002730127302273032730427305273062730727308273092731027311273122731327314273152731627317273182731927320273212732227323273242732527326273272732827329273302733127332273332733427335273362733727338273392734027341273422734327344273452734627347273482734927350273512735227353273542735527356273572735827359273602736127362273632736427365273662736727368273692737027371273722737327374273752737627377273782737927380273812738227383273842738527386273872738827389273902739127392273932739427395273962739727398273992740027401274022740327404274052740627407274082740927410274112741227413274142741527416274172741827419274202742127422274232742427425274262742727428274292743027431274322743327434274352743627437274382743927440274412744227443274442744527446274472744827449274502745127452274532745427455274562745727458274592746027461274622746327464274652746627467274682746927470274712747227473274742747527476274772747827479274802748127482274832748427485274862748727488274892749027491274922749327494274952749627497274982749927500275012750227503275042750527506275072750827509275102751127512275132751427515275162751727518275192752027521275222752327524275252752627527275282752927530275312753227533275342753527536275372753827539275402754127542275432754427545275462754727548275492755027551275522755327554275552755627557275582755927560275612756227563275642756527566275672756827569275702757127572275732757427575275762757727578275792758027581275822758327584275852758627587275882758927590275912759227593275942759527596275972759827599276002760127602276032760427605276062760727608276092761027611276122761327614276152761627617276182761927620276212762227623276242762527626276272762827629276302763127632276332763427635276362763727638276392764027641276422764327644276452764627647276482764927650276512765227653276542765527656276572765827659276602766127662276632766427665276662766727668276692767027671276722767327674276752767627677276782767927680276812768227683276842768527686276872768827689276902769127692276932769427695276962769727698276992770027701277022770327704277052770627707277082770927710277112771227713277142771527716277172771827719277202772127722277232772427725277262772727728277292773027731277322773327734277352773627737277382773927740277412774227743277442774527746277472774827749277502775127752277532775427755277562775727758277592776027761277622776327764277652776627767277682776927770277712777227773277742777527776277772777827779277802778127782277832778427785277862778727788277892779027791277922779327794277952779627797277982779927800278012780227803278042780527806278072780827809278102781127812278132781427815278162781727818278192782027821278222782327824278252782627827278282782927830278312783227833278342783527836278372783827839278402784127842278432784427845278462784727848278492785027851278522785327854278552785627857278582785927860278612786227863278642786527866278672786827869278702787127872278732787427875278762787727878278792788027881278822788327884278852788627887278882788927890278912789227893278942789527896278972789827899279002790127902279032790427905279062790727908279092791027911279122791327914279152791627917279182791927920279212792227923279242792527926279272792827929279302793127932279332793427935279362793727938279392794027941279422794327944279452794627947279482794927950279512795227953279542795527956279572795827959279602796127962279632796427965279662796727968279692797027971279722797327974279752797627977279782797927980279812798227983279842798527986279872798827989279902799127992279932799427995279962799727998279992800028001280022800328004280052800628007280082800928010280112801228013280142801528016280172801828019280202802128022280232802428025280262802728028280292803028031280322803328034280352803628037280382803928040280412804228043280442804528046280472804828049280502805128052280532805428055280562805728058280592806028061280622806328064280652806628067280682806928070280712807228073280742807528076280772807828079280802808128082280832808428085280862808728088280892809028091280922809328094280952809628097280982809928100281012810228103281042810528106281072810828109281102811128112281132811428115281162811728118281192812028121281222812328124281252812628127281282812928130281312813228133281342813528136281372813828139281402814128142281432814428145281462814728148281492815028151281522815328154281552815628157281582815928160281612816228163281642816528166281672816828169281702817128172281732817428175281762817728178281792818028181281822818328184281852818628187281882818928190281912819228193281942819528196281972819828199282002820128202282032820428205282062820728208282092821028211282122821328214282152821628217282182821928220282212822228223282242822528226282272822828229282302823128232282332823428235282362823728238282392824028241282422824328244282452824628247282482824928250282512825228253282542825528256282572825828259282602826128262282632826428265282662826728268282692827028271282722827328274282752827628277282782827928280282812828228283282842828528286282872828828289282902829128292282932829428295282962829728298282992830028301283022830328304283052830628307283082830928310283112831228313283142831528316283172831828319283202832128322283232832428325283262832728328283292833028331283322833328334283352833628337283382833928340283412834228343283442834528346283472834828349283502835128352283532835428355283562835728358283592836028361283622836328364283652836628367283682836928370283712837228373283742837528376283772837828379283802838128382283832838428385283862838728388283892839028391283922839328394283952839628397283982839928400284012840228403284042840528406284072840828409284102841128412284132841428415284162841728418284192842028421284222842328424284252842628427284282842928430284312843228433284342843528436284372843828439284402844128442284432844428445284462844728448284492845028451284522845328454284552845628457284582845928460284612846228463284642846528466284672846828469284702847128472284732847428475284762847728478284792848028481284822848328484284852848628487284882848928490284912849228493284942849528496284972849828499285002850128502285032850428505285062850728508285092851028511285122851328514285152851628517285182851928520285212852228523285242852528526285272852828529285302853128532285332853428535285362853728538285392854028541285422854328544285452854628547285482854928550285512855228553285542855528556285572855828559285602856128562285632856428565285662856728568285692857028571285722857328574285752857628577285782857928580285812858228583285842858528586285872858828589285902859128592285932859428595285962859728598285992860028601286022860328604286052860628607286082860928610286112861228613286142861528616286172861828619286202862128622286232862428625286262862728628286292863028631286322863328634286352863628637286382863928640286412864228643286442864528646286472864828649286502865128652286532865428655286562865728658286592866028661286622866328664286652866628667286682866928670286712867228673286742867528676286772867828679286802868128682286832868428685286862868728688286892869028691286922869328694286952869628697286982869928700287012870228703287042870528706287072870828709287102871128712287132871428715287162871728718287192872028721287222872328724287252872628727287282872928730287312873228733287342873528736287372873828739287402874128742287432874428745287462874728748287492875028751287522875328754287552875628757287582875928760287612876228763287642876528766287672876828769287702877128772287732877428775287762877728778287792878028781287822878328784287852878628787287882878928790287912879228793287942879528796287972879828799288002880128802288032880428805288062880728808288092881028811288122881328814288152881628817288182881928820288212882228823288242882528826288272882828829288302883128832288332883428835288362883728838288392884028841288422884328844288452884628847288482884928850288512885228853288542885528856288572885828859288602886128862288632886428865288662886728868288692887028871288722887328874288752887628877288782887928880288812888228883288842888528886288872888828889288902889128892288932889428895288962889728898288992890028901289022890328904289052890628907289082890928910289112891228913289142891528916289172891828919289202892128922289232892428925289262892728928289292893028931289322893328934289352893628937289382893928940289412894228943289442894528946289472894828949289502895128952289532895428955289562895728958289592896028961289622896328964289652896628967289682896928970289712897228973289742897528976289772897828979289802898128982289832898428985289862898728988289892899028991289922899328994289952899628997289982899929000290012900229003290042900529006290072900829009290102901129012290132901429015290162901729018290192902029021290222902329024290252902629027290282902929030290312903229033290342903529036290372903829039290402904129042290432904429045290462904729048290492905029051290522905329054290552905629057290582905929060290612906229063290642906529066290672906829069290702907129072290732907429075290762907729078290792908029081290822908329084290852908629087290882908929090290912909229093290942909529096290972909829099291002910129102291032910429105291062910729108291092911029111291122911329114291152911629117291182911929120291212912229123291242912529126291272912829129291302913129132291332913429135291362913729138291392914029141291422914329144291452914629147291482914929150291512915229153291542915529156291572915829159291602916129162291632916429165291662916729168291692917029171291722917329174291752917629177291782917929180291812918229183291842918529186291872918829189291902919129192291932919429195291962919729198291992920029201292022920329204292052920629207292082920929210292112921229213292142921529216292172921829219292202922129222292232922429225292262922729228292292923029231292322923329234292352923629237292382923929240292412924229243292442924529246292472924829249292502925129252292532925429255292562925729258292592926029261292622926329264292652926629267292682926929270292712927229273292742927529276292772927829279292802928129282292832928429285292862928729288292892929029291292922929329294292952929629297292982929929300293012930229303293042930529306293072930829309293102931129312293132931429315293162931729318293192932029321293222932329324293252932629327293282932929330293312933229333293342933529336293372933829339293402934129342293432934429345293462934729348293492935029351293522935329354293552935629357293582935929360293612936229363293642936529366293672936829369293702937129372293732937429375293762937729378293792938029381293822938329384293852938629387293882938929390293912939229393293942939529396293972939829399294002940129402294032940429405294062940729408294092941029411294122941329414294152941629417294182941929420294212942229423294242942529426294272942829429294302943129432294332943429435294362943729438294392944029441294422944329444294452944629447294482944929450294512945229453294542945529456294572945829459294602946129462294632946429465294662946729468294692947029471294722947329474294752947629477294782947929480294812948229483294842948529486294872948829489294902949129492294932949429495294962949729498294992950029501295022950329504295052950629507295082950929510295112951229513295142951529516295172951829519295202952129522295232952429525295262952729528295292953029531295322953329534295352953629537295382953929540295412954229543295442954529546295472954829549295502955129552295532955429555295562955729558295592956029561295622956329564295652956629567295682956929570295712957229573295742957529576295772957829579295802958129582295832958429585295862958729588295892959029591295922959329594295952959629597295982959929600296012960229603296042960529606296072960829609296102961129612296132961429615296162961729618296192962029621296222962329624296252962629627296282962929630296312963229633296342963529636296372963829639296402964129642296432964429645296462964729648296492965029651296522965329654296552965629657296582965929660296612966229663296642966529666296672966829669296702967129672296732967429675296762967729678296792968029681296822968329684296852968629687296882968929690296912969229693296942969529696296972969829699297002970129702297032970429705297062970729708297092971029711297122971329714297152971629717297182971929720297212972229723297242972529726297272972829729297302973129732297332973429735297362973729738297392974029741297422974329744297452974629747297482974929750297512975229753297542975529756297572975829759297602976129762297632976429765297662976729768297692977029771297722977329774297752977629777297782977929780297812978229783297842978529786297872978829789297902979129792297932979429795297962979729798297992980029801298022980329804298052980629807298082980929810298112981229813298142981529816298172981829819298202982129822298232982429825298262982729828298292983029831298322983329834298352983629837298382983929840298412984229843298442984529846298472984829849298502985129852298532985429855298562985729858298592986029861298622986329864298652986629867298682986929870298712987229873298742987529876298772987829879298802988129882298832988429885298862988729888298892989029891298922989329894298952989629897298982989929900299012990229903299042990529906299072990829909299102991129912299132991429915299162991729918299192992029921299222992329924299252992629927299282992929930299312993229933299342993529936299372993829939299402994129942299432994429945299462994729948299492995029951299522995329954299552995629957299582995929960299612996229963299642996529966299672996829969299702997129972299732997429975299762997729978299792998029981299822998329984299852998629987299882998929990299912999229993299942999529996299972999829999300003000130002300033000430005300063000730008300093001030011300123001330014300153001630017300183001930020300213002230023300243002530026300273002830029300303003130032300333003430035300363003730038300393004030041300423004330044300453004630047300483004930050300513005230053300543005530056300573005830059300603006130062300633006430065300663006730068300693007030071300723007330074300753007630077300783007930080300813008230083300843008530086300873008830089300903009130092300933009430095300963009730098300993010030101301023010330104301053010630107301083010930110301113011230113301143011530116301173011830119301203012130122301233012430125301263012730128301293013030131301323013330134301353013630137301383013930140301413014230143301443014530146301473014830149301503015130152301533015430155301563015730158301593016030161301623016330164301653016630167301683016930170301713017230173301743017530176301773017830179301803018130182301833018430185301863018730188301893019030191301923019330194301953019630197301983019930200302013020230203302043020530206302073020830209302103021130212302133021430215302163021730218302193022030221302223022330224302253022630227302283022930230302313023230233302343023530236302373023830239302403024130242302433024430245302463024730248302493025030251302523025330254302553025630257302583025930260302613026230263302643026530266302673026830269302703027130272302733027430275302763027730278302793028030281302823028330284302853028630287302883028930290302913029230293302943029530296302973029830299303003030130302303033030430305303063030730308303093031030311303123031330314303153031630317303183031930320303213032230323303243032530326303273032830329303303033130332303333033430335303363033730338303393034030341303423034330344303453034630347303483034930350303513035230353303543035530356303573035830359303603036130362303633036430365303663036730368303693037030371303723037330374303753037630377303783037930380303813038230383303843038530386303873038830389303903039130392303933039430395303963039730398303993040030401304023040330404304053040630407304083040930410304113041230413304143041530416304173041830419304203042130422304233042430425304263042730428304293043030431304323043330434304353043630437304383043930440304413044230443304443044530446304473044830449304503045130452304533045430455304563045730458304593046030461304623046330464304653046630467304683046930470304713047230473304743047530476304773047830479304803048130482304833048430485304863048730488304893049030491304923049330494304953049630497304983049930500305013050230503305043050530506305073050830509305103051130512305133051430515305163051730518305193052030521305223052330524305253052630527305283052930530305313053230533305343053530536305373053830539305403054130542305433054430545305463054730548305493055030551305523055330554305553055630557305583055930560305613056230563305643056530566305673056830569305703057130572305733057430575305763057730578305793058030581305823058330584305853058630587305883058930590305913059230593305943059530596305973059830599306003060130602306033060430605306063060730608306093061030611306123061330614306153061630617306183061930620306213062230623306243062530626306273062830629306303063130632306333063430635306363063730638306393064030641306423064330644306453064630647306483064930650306513065230653306543065530656306573065830659306603066130662306633066430665306663066730668306693067030671306723067330674306753067630677306783067930680306813068230683306843068530686306873068830689306903069130692306933069430695306963069730698306993070030701307023070330704307053070630707307083070930710307113071230713307143071530716307173071830719307203072130722307233072430725307263072730728307293073030731307323073330734307353073630737307383073930740307413074230743307443074530746307473074830749307503075130752307533075430755307563075730758307593076030761307623076330764307653076630767307683076930770307713077230773307743077530776307773077830779307803078130782307833078430785307863078730788307893079030791307923079330794307953079630797307983079930800308013080230803308043080530806308073080830809308103081130812308133081430815308163081730818308193082030821308223082330824308253082630827308283082930830308313083230833308343083530836308373083830839308403084130842308433084430845308463084730848308493085030851308523085330854308553085630857308583085930860308613086230863308643086530866308673086830869308703087130872308733087430875308763087730878308793088030881308823088330884308853088630887308883088930890308913089230893308943089530896308973089830899309003090130902309033090430905309063090730908309093091030911309123091330914309153091630917309183091930920309213092230923309243092530926309273092830929309303093130932309333093430935309363093730938309393094030941309423094330944309453094630947309483094930950309513095230953309543095530956309573095830959309603096130962309633096430965309663096730968309693097030971309723097330974309753097630977309783097930980309813098230983309843098530986309873098830989309903099130992309933099430995309963099730998309993100031001310023100331004310053100631007310083100931010310113101231013310143101531016310173101831019310203102131022310233102431025310263102731028310293103031031310323103331034310353103631037310383103931040310413104231043310443104531046310473104831049310503105131052310533105431055310563105731058310593106031061310623106331064310653106631067310683106931070310713107231073310743107531076310773107831079310803108131082310833108431085310863108731088310893109031091310923109331094310953109631097310983109931100311013110231103311043110531106311073110831109311103111131112311133111431115311163111731118311193112031121311223112331124311253112631127311283112931130311313113231133311343113531136311373113831139311403114131142311433114431145311463114731148311493115031151311523115331154311553115631157311583115931160311613116231163311643116531166311673116831169311703117131172311733117431175311763117731178311793118031181311823118331184311853118631187311883118931190311913119231193311943119531196311973119831199312003120131202312033120431205312063120731208312093121031211312123121331214312153121631217312183121931220312213122231223312243122531226312273122831229312303123131232312333123431235312363123731238312393124031241312423124331244312453124631247312483124931250312513125231253312543125531256312573125831259312603126131262312633126431265312663126731268312693127031271312723127331274312753127631277312783127931280312813128231283312843128531286312873128831289312903129131292312933129431295312963129731298312993130031301313023130331304313053130631307313083130931310313113131231313313143131531316313173131831319313203132131322313233132431325313263132731328313293133031331313323133331334313353133631337313383133931340313413134231343313443134531346313473134831349313503135131352313533135431355313563135731358313593136031361313623136331364313653136631367313683136931370313713137231373313743137531376313773137831379313803138131382313833138431385313863138731388313893139031391313923139331394313953139631397313983139931400314013140231403314043140531406314073140831409314103141131412314133141431415314163141731418314193142031421314223142331424314253142631427314283142931430314313143231433314343143531436314373143831439314403144131442314433144431445314463144731448314493145031451314523145331454314553145631457314583145931460314613146231463314643146531466314673146831469314703147131472314733147431475314763147731478314793148031481314823148331484314853148631487314883148931490314913149231493314943149531496314973149831499315003150131502315033150431505315063150731508315093151031511315123151331514315153151631517315183151931520315213152231523315243152531526315273152831529315303153131532315333153431535315363153731538315393154031541315423154331544315453154631547315483154931550315513155231553315543155531556315573155831559315603156131562315633156431565315663156731568315693157031571315723157331574315753157631577315783157931580315813158231583315843158531586315873158831589315903159131592315933159431595315963159731598315993160031601316023160331604316053160631607316083160931610316113161231613316143161531616316173161831619316203162131622316233162431625316263162731628316293163031631316323163331634316353163631637316383163931640316413164231643316443164531646316473164831649316503165131652316533165431655316563165731658316593166031661316623166331664316653166631667316683166931670316713167231673316743167531676316773167831679316803168131682316833168431685316863168731688316893169031691316923169331694316953169631697316983169931700317013170231703317043170531706317073170831709317103171131712317133171431715317163171731718317193172031721317223172331724317253172631727317283172931730317313173231733317343173531736317373173831739317403174131742317433174431745317463174731748317493175031751317523175331754317553175631757317583175931760317613176231763317643176531766317673176831769317703177131772317733177431775317763177731778317793178031781317823178331784317853178631787317883178931790317913179231793317943179531796317973179831799318003180131802318033180431805318063180731808318093181031811318123181331814318153181631817318183181931820318213182231823318243182531826318273182831829318303183131832318333183431835318363183731838318393184031841318423184331844318453184631847318483184931850318513185231853318543185531856318573185831859318603186131862318633186431865318663186731868318693187031871318723187331874318753187631877318783187931880318813188231883318843188531886318873188831889318903189131892318933189431895318963189731898318993190031901319023190331904319053190631907319083190931910319113191231913319143191531916319173191831919319203192131922319233192431925319263192731928319293193031931319323193331934319353193631937319383193931940319413194231943319443194531946319473194831949319503195131952319533195431955319563195731958319593196031961319623196331964319653196631967319683196931970319713197231973319743197531976319773197831979319803198131982319833198431985319863198731988319893199031991319923199331994319953199631997319983199932000320013200232003320043200532006320073200832009320103201132012320133201432015320163201732018320193202032021320223202332024320253202632027320283202932030320313203232033320343203532036320373203832039320403204132042320433204432045320463204732048320493205032051320523205332054320553205632057320583205932060320613206232063320643206532066320673206832069320703207132072320733207432075320763207732078320793208032081320823208332084320853208632087320883208932090320913209232093320943209532096320973209832099321003210132102321033210432105321063210732108321093211032111321123211332114321153211632117321183211932120321213212232123321243212532126321273212832129321303213132132321333213432135321363213732138321393214032141321423214332144321453214632147321483214932150321513215232153321543215532156321573215832159321603216132162321633216432165321663216732168321693217032171321723217332174321753217632177321783217932180321813218232183321843218532186321873218832189321903219132192321933219432195321963219732198321993220032201322023220332204322053220632207322083220932210322113221232213322143221532216322173221832219322203222132222322233222432225322263222732228322293223032231322323223332234322353223632237322383223932240322413224232243322443224532246322473224832249322503225132252322533225432255322563225732258322593226032261322623226332264322653226632267322683226932270322713227232273322743227532276322773227832279322803228132282322833228432285322863228732288322893229032291322923229332294322953229632297322983229932300323013230232303323043230532306323073230832309323103231132312323133231432315323163231732318323193232032321323223232332324323253232632327323283232932330323313233232333323343233532336323373233832339323403234132342323433234432345323463234732348323493235032351323523235332354323553235632357323583235932360323613236232363323643236532366323673236832369323703237132372323733237432375323763237732378323793238032381323823238332384323853238632387323883238932390323913239232393323943239532396323973239832399324003240132402324033240432405324063240732408324093241032411324123241332414324153241632417324183241932420324213242232423324243242532426324273242832429324303243132432324333243432435324363243732438324393244032441324423244332444324453244632447324483244932450324513245232453324543245532456324573245832459324603246132462324633246432465324663246732468324693247032471324723247332474324753247632477324783247932480324813248232483324843248532486324873248832489324903249132492324933249432495324963249732498324993250032501325023250332504325053250632507325083250932510325113251232513325143251532516325173251832519325203252132522325233252432525325263252732528325293253032531325323253332534325353253632537325383253932540325413254232543325443254532546325473254832549325503255132552325533255432555325563255732558325593256032561325623256332564325653256632567325683256932570325713257232573325743257532576325773257832579325803258132582325833258432585325863258732588325893259032591325923259332594325953259632597325983259932600326013260232603326043260532606326073260832609326103261132612326133261432615326163261732618326193262032621326223262332624326253262632627326283262932630326313263232633326343263532636326373263832639326403264132642326433264432645326463264732648326493265032651326523265332654326553265632657326583265932660326613266232663326643266532666326673266832669326703267132672326733267432675326763267732678326793268032681326823268332684326853268632687326883268932690326913269232693326943269532696326973269832699327003270132702327033270432705327063270732708327093271032711327123271332714327153271632717327183271932720327213272232723327243272532726327273272832729327303273132732327333273432735327363273732738327393274032741327423274332744327453274632747327483274932750327513275232753327543275532756327573275832759327603276132762327633276432765327663276732768327693277032771327723277332774327753277632777327783277932780327813278232783327843278532786327873278832789327903279132792327933279432795327963279732798327993280032801328023280332804328053280632807328083280932810328113281232813328143281532816328173281832819328203282132822328233282432825328263282732828328293283032831328323283332834328353283632837328383283932840328413284232843328443284532846328473284832849328503285132852328533285432855328563285732858328593286032861328623286332864328653286632867328683286932870328713287232873328743287532876328773287832879328803288132882328833288432885328863288732888328893289032891328923289332894328953289632897328983289932900329013290232903329043290532906329073290832909329103291132912329133291432915329163291732918329193292032921329223292332924329253292632927329283292932930329313293232933329343293532936329373293832939329403294132942329433294432945329463294732948329493295032951329523295332954329553295632957329583295932960329613296232963329643296532966329673296832969329703297132972329733297432975329763297732978329793298032981329823298332984329853298632987329883298932990329913299232993329943299532996329973299832999330003300133002330033300433005330063300733008330093301033011330123301333014330153301633017330183301933020330213302233023330243302533026330273302833029330303303133032330333303433035330363303733038330393304033041330423304333044330453304633047330483304933050330513305233053330543305533056330573305833059330603306133062330633306433065330663306733068330693307033071330723307333074330753307633077330783307933080330813308233083330843308533086330873308833089330903309133092330933309433095330963309733098330993310033101331023310333104331053310633107331083310933110331113311233113331143311533116331173311833119331203312133122331233312433125331263312733128331293313033131331323313333134331353313633137331383313933140331413314233143331443314533146331473314833149331503315133152331533315433155331563315733158331593316033161331623316333164331653316633167331683316933170331713317233173331743317533176331773317833179331803318133182331833318433185331863318733188331893319033191331923319333194331953319633197331983319933200332013320233203332043320533206332073320833209332103321133212332133321433215332163321733218332193322033221332223322333224332253322633227332283322933230332313323233233332343323533236332373323833239332403324133242332433324433245332463324733248332493325033251332523325333254332553325633257332583325933260332613326233263332643326533266332673326833269332703327133272332733327433275332763327733278332793328033281332823328333284332853328633287332883328933290332913329233293332943329533296332973329833299333003330133302333033330433305333063330733308333093331033311333123331333314333153331633317333183331933320333213332233323333243332533326333273332833329333303333133332333333333433335333363333733338333393334033341333423334333344333453334633347333483334933350333513335233353333543335533356333573335833359333603336133362333633336433365333663336733368333693337033371333723337333374333753337633377333783337933380333813338233383333843338533386333873338833389333903339133392333933339433395333963339733398333993340033401334023340333404334053340633407334083340933410334113341233413334143341533416334173341833419334203342133422334233342433425334263342733428334293343033431334323343333434334353343633437334383343933440334413344233443334443344533446334473344833449334503345133452334533345433455334563345733458334593346033461334623346333464334653346633467334683346933470334713347233473334743347533476334773347833479334803348133482334833348433485334863348733488334893349033491334923349333494334953349633497334983349933500335013350233503335043350533506335073350833509335103351133512335133351433515335163351733518335193352033521335223352333524335253352633527335283352933530335313353233533335343353533536335373353833539335403354133542335433354433545335463354733548335493355033551335523355333554335553355633557335583355933560335613356233563335643356533566335673356833569335703357133572335733357433575335763357733578335793358033581335823358333584335853358633587335883358933590335913359233593335943359533596335973359833599336003360133602336033360433605336063360733608336093361033611336123361333614336153361633617336183361933620336213362233623336243362533626336273362833629336303363133632336333363433635336363363733638336393364033641336423364333644336453364633647336483364933650336513365233653336543365533656336573365833659336603366133662336633366433665336663366733668336693367033671336723367333674336753367633677336783367933680336813368233683336843368533686336873368833689336903369133692336933369433695336963369733698336993370033701337023370333704337053370633707337083370933710337113371233713337143371533716337173371833719337203372133722337233372433725337263372733728337293373033731337323373333734337353373633737337383373933740337413374233743337443374533746337473374833749337503375133752337533375433755337563375733758337593376033761337623376333764337653376633767337683376933770337713377233773337743377533776337773377833779337803378133782337833378433785337863378733788337893379033791337923379333794337953379633797337983379933800338013380233803338043380533806338073380833809338103381133812338133381433815338163381733818338193382033821338223382333824338253382633827338283382933830338313383233833338343383533836338373383833839338403384133842338433384433845338463384733848338493385033851338523385333854338553385633857338583385933860338613386233863338643386533866338673386833869338703387133872338733387433875338763387733878338793388033881338823388333884338853388633887338883388933890338913389233893338943389533896338973389833899339003390133902339033390433905339063390733908339093391033911339123391333914339153391633917339183391933920339213392233923339243392533926339273392833929339303393133932339333393433935339363393733938339393394033941339423394333944339453394633947339483394933950339513395233953339543395533956339573395833959339603396133962339633396433965339663396733968339693397033971339723397333974339753397633977339783397933980339813398233983339843398533986339873398833989339903399133992339933399433995339963399733998339993400034001340023400334004340053400634007340083400934010340113401234013340143401534016340173401834019340203402134022340233402434025340263402734028340293403034031340323403334034340353403634037340383403934040340413404234043340443404534046340473404834049340503405134052340533405434055340563405734058340593406034061340623406334064340653406634067340683406934070340713407234073340743407534076340773407834079340803408134082340833408434085340863408734088340893409034091340923409334094340953409634097340983409934100341013410234103341043410534106341073410834109341103411134112341133411434115341163411734118341193412034121341223412334124341253412634127341283412934130341313413234133341343413534136341373413834139341403414134142341433414434145341463414734148341493415034151341523415334154341553415634157341583415934160341613416234163341643416534166341673416834169341703417134172341733417434175341763417734178341793418034181341823418334184341853418634187341883418934190341913419234193341943419534196341973419834199342003420134202342033420434205342063420734208342093421034211342123421334214342153421634217342183421934220342213422234223342243422534226342273422834229342303423134232342333423434235342363423734238342393424034241342423424334244342453424634247342483424934250342513425234253342543425534256342573425834259342603426134262342633426434265342663426734268342693427034271342723427334274342753427634277342783427934280342813428234283342843428534286342873428834289342903429134292342933429434295342963429734298342993430034301343023430334304343053430634307343083430934310343113431234313343143431534316343173431834319343203432134322343233432434325343263432734328343293433034331343323433334334343353433634337343383433934340343413434234343343443434534346343473434834349343503435134352343533435434355343563435734358343593436034361343623436334364343653436634367343683436934370343713437234373343743437534376343773437834379343803438134382343833438434385343863438734388343893439034391343923439334394343953439634397343983439934400344013440234403344043440534406344073440834409344103441134412344133441434415344163441734418344193442034421344223442334424344253442634427344283442934430344313443234433344343443534436344373443834439344403444134442344433444434445344463444734448344493445034451344523445334454344553445634457344583445934460344613446234463344643446534466344673446834469344703447134472344733447434475344763447734478344793448034481344823448334484344853448634487344883448934490344913449234493344943449534496344973449834499345003450134502345033450434505345063450734508345093451034511345123451334514345153451634517345183451934520345213452234523345243452534526345273452834529345303453134532345333453434535345363453734538345393454034541345423454334544345453454634547345483454934550345513455234553345543455534556345573455834559345603456134562345633456434565345663456734568345693457034571345723457334574345753457634577345783457934580345813458234583345843458534586345873458834589345903459134592345933459434595345963459734598345993460034601346023460334604346053460634607346083460934610346113461234613346143461534616346173461834619346203462134622346233462434625346263462734628346293463034631346323463334634346353463634637346383463934640346413464234643346443464534646346473464834649346503465134652346533465434655346563465734658346593466034661346623466334664346653466634667346683466934670346713467234673346743467534676346773467834679346803468134682346833468434685346863468734688346893469034691346923469334694346953469634697346983469934700347013470234703347043470534706347073470834709347103471134712347133471434715347163471734718347193472034721347223472334724347253472634727347283472934730347313473234733347343473534736347373473834739347403474134742347433474434745347463474734748347493475034751347523475334754347553475634757347583475934760347613476234763347643476534766347673476834769347703477134772347733477434775347763477734778347793478034781347823478334784347853478634787347883478934790347913479234793347943479534796347973479834799348003480134802348033480434805348063480734808348093481034811348123481334814348153481634817348183481934820348213482234823348243482534826348273482834829348303483134832348333483434835348363483734838348393484034841348423484334844348453484634847348483484934850348513485234853348543485534856348573485834859348603486134862348633486434865348663486734868348693487034871348723487334874348753487634877348783487934880348813488234883348843488534886348873488834889348903489134892348933489434895348963489734898348993490034901349023490334904349053490634907349083490934910349113491234913349143491534916349173491834919349203492134922349233492434925349263492734928349293493034931349323493334934349353493634937349383493934940349413494234943349443494534946349473494834949349503495134952349533495434955349563495734958349593496034961349623496334964349653496634967349683496934970349713497234973349743497534976349773497834979349803498134982349833498434985349863498734988349893499034991349923499334994349953499634997349983499935000350013500235003350043500535006350073500835009350103501135012350133501435015350163501735018350193502035021350223502335024350253502635027350283502935030350313503235033350343503535036350373503835039350403504135042350433504435045350463504735048350493505035051350523505335054350553505635057350583505935060350613506235063350643506535066350673506835069350703507135072350733507435075350763507735078350793508035081350823508335084350853508635087350883508935090350913509235093350943509535096350973509835099351003510135102351033510435105351063510735108351093511035111351123511335114351153511635117351183511935120351213512235123351243512535126351273512835129351303513135132351333513435135351363513735138351393514035141351423514335144351453514635147351483514935150351513515235153351543515535156351573515835159351603516135162351633516435165351663516735168351693517035171351723517335174351753517635177351783517935180351813518235183351843518535186351873518835189351903519135192351933519435195351963519735198351993520035201352023520335204352053520635207352083520935210352113521235213352143521535216352173521835219352203522135222352233522435225352263522735228352293523035231352323523335234352353523635237352383523935240352413524235243352443524535246352473524835249352503525135252352533525435255352563525735258352593526035261352623526335264352653526635267352683526935270352713527235273352743527535276352773527835279352803528135282352833528435285352863528735288352893529035291352923529335294352953529635297352983529935300353013530235303353043530535306353073530835309353103531135312353133531435315353163531735318353193532035321353223532335324353253532635327353283532935330353313533235333353343533535336353373533835339353403534135342353433534435345353463534735348353493535035351353523535335354353553535635357353583535935360353613536235363353643536535366353673536835369353703537135372353733537435375353763537735378353793538035381353823538335384353853538635387353883538935390353913539235393353943539535396353973539835399354003540135402354033540435405354063540735408354093541035411354123541335414354153541635417354183541935420354213542235423354243542535426354273542835429354303543135432354333543435435354363543735438354393544035441354423544335444354453544635447354483544935450354513545235453354543545535456354573545835459354603546135462354633546435465354663546735468354693547035471354723547335474354753547635477354783547935480354813548235483354843548535486354873548835489354903549135492354933549435495354963549735498354993550035501355023550335504355053550635507355083550935510355113551235513355143551535516355173551835519355203552135522355233552435525355263552735528355293553035531355323553335534355353553635537355383553935540355413554235543355443554535546355473554835549355503555135552355533555435555355563555735558355593556035561355623556335564355653556635567355683556935570355713557235573355743557535576355773557835579355803558135582355833558435585355863558735588355893559035591355923559335594355953559635597355983559935600356013560235603356043560535606356073560835609356103561135612356133561435615356163561735618356193562035621356223562335624356253562635627356283562935630356313563235633356343563535636356373563835639356403564135642356433564435645356463564735648356493565035651356523565335654356553565635657356583565935660356613566235663356643566535666356673566835669356703567135672356733567435675356763567735678356793568035681356823568335684356853568635687356883568935690356913569235693356943569535696356973569835699357003570135702357033570435705357063570735708357093571035711357123571335714357153571635717357183571935720357213572235723357243572535726357273572835729357303573135732357333573435735357363573735738357393574035741357423574335744357453574635747357483574935750357513575235753357543575535756357573575835759357603576135762357633576435765357663576735768357693577035771357723577335774357753577635777357783577935780357813578235783357843578535786357873578835789357903579135792357933579435795357963579735798357993580035801358023580335804358053580635807358083580935810358113581235813358143581535816358173581835819358203582135822358233582435825358263582735828358293583035831358323583335834358353583635837358383583935840358413584235843358443584535846358473584835849358503585135852358533585435855358563585735858358593586035861358623586335864358653586635867358683586935870358713587235873358743587535876358773587835879358803588135882358833588435885358863588735888358893589035891358923589335894358953589635897358983589935900359013590235903359043590535906359073590835909359103591135912359133591435915359163591735918359193592035921359223592335924359253592635927359283592935930359313593235933359343593535936359373593835939359403594135942359433594435945359463594735948359493595035951359523595335954359553595635957359583595935960359613596235963359643596535966359673596835969359703597135972359733597435975359763597735978359793598035981359823598335984359853598635987359883598935990359913599235993359943599535996359973599835999360003600136002360033600436005360063600736008360093601036011360123601336014360153601636017360183601936020360213602236023360243602536026360273602836029360303603136032360333603436035360363603736038360393604036041360423604336044360453604636047360483604936050360513605236053360543605536056360573605836059360603606136062360633606436065360663606736068360693607036071360723607336074360753607636077360783607936080360813608236083360843608536086360873608836089360903609136092360933609436095360963609736098360993610036101361023610336104361053610636107361083610936110361113611236113361143611536116361173611836119361203612136122361233612436125361263612736128361293613036131361323613336134361353613636137361383613936140361413614236143361443614536146361473614836149361503615136152361533615436155361563615736158361593616036161361623616336164361653616636167361683616936170361713617236173361743617536176361773617836179361803618136182361833618436185361863618736188361893619036191361923619336194361953619636197361983619936200362013620236203362043620536206362073620836209362103621136212362133621436215362163621736218362193622036221362223622336224362253622636227362283622936230362313623236233362343623536236362373623836239362403624136242362433624436245362463624736248362493625036251362523625336254362553625636257362583625936260362613626236263362643626536266362673626836269362703627136272362733627436275362763627736278362793628036281362823628336284362853628636287362883628936290362913629236293362943629536296362973629836299363003630136302363033630436305363063630736308363093631036311363123631336314363153631636317363183631936320363213632236323363243632536326363273632836329363303633136332363333633436335363363633736338363393634036341363423634336344363453634636347363483634936350363513635236353363543635536356363573635836359363603636136362363633636436365363663636736368363693637036371363723637336374363753637636377363783637936380363813638236383363843638536386363873638836389363903639136392363933639436395363963639736398363993640036401364023640336404364053640636407364083640936410364113641236413364143641536416364173641836419364203642136422364233642436425364263642736428364293643036431364323643336434364353643636437364383643936440364413644236443364443644536446364473644836449364503645136452364533645436455364563645736458364593646036461364623646336464364653646636467364683646936470364713647236473364743647536476364773647836479364803648136482364833648436485364863648736488364893649036491364923649336494364953649636497364983649936500365013650236503365043650536506365073650836509365103651136512365133651436515365163651736518365193652036521365223652336524365253652636527365283652936530365313653236533365343653536536365373653836539365403654136542365433654436545365463654736548365493655036551365523655336554365553655636557365583655936560365613656236563365643656536566365673656836569365703657136572365733657436575365763657736578365793658036581365823658336584365853658636587365883658936590365913659236593365943659536596365973659836599366003660136602366033660436605366063660736608366093661036611366123661336614366153661636617366183661936620366213662236623366243662536626366273662836629366303663136632366333663436635366363663736638366393664036641366423664336644366453664636647366483664936650366513665236653366543665536656366573665836659366603666136662366633666436665366663666736668366693667036671366723667336674366753667636677366783667936680366813668236683366843668536686366873668836689366903669136692366933669436695366963669736698366993670036701367023670336704367053670636707367083670936710367113671236713367143671536716367173671836719367203672136722367233672436725367263672736728367293673036731367323673336734367353673636737367383673936740367413674236743367443674536746367473674836749367503675136752367533675436755367563675736758367593676036761367623676336764367653676636767367683676936770367713677236773367743677536776367773677836779367803678136782367833678436785367863678736788367893679036791367923679336794367953679636797367983679936800368013680236803368043680536806368073680836809368103681136812368133681436815368163681736818368193682036821368223682336824368253682636827368283682936830368313683236833368343683536836368373683836839368403684136842368433684436845368463684736848368493685036851368523685336854368553685636857368583685936860368613686236863368643686536866368673686836869368703687136872368733687436875368763687736878368793688036881368823688336884368853688636887368883688936890368913689236893368943689536896368973689836899369003690136902369033690436905369063690736908369093691036911369123691336914369153691636917369183691936920369213692236923369243692536926369273692836929369303693136932369333693436935369363693736938369393694036941369423694336944369453694636947369483694936950369513695236953 |
- /* api.c API unit tests
- *
- * Copyright (C) 2006-2020 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /*----------------------------------------------------------------------------*
- | Includes
- *----------------------------------------------------------------------------*/
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #ifndef FOURK_BUF
- #define FOURK_BUF 4096
- #endif
- #ifndef TWOK_BUF
- #define TWOK_BUF 2048
- #endif
- #ifndef ONEK_BUF
- #define ONEK_BUF 1024
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY)
- #include <wolfssl/wolfcrypt/memory.h>
- #endif /* WOLFSSL_STATIC_MEMORY */
- #ifndef HEAP_HINT
- #define HEAP_HINT NULL
- #endif /* WOLFSSL_STAIC_MEMORY */
- #ifdef WOLFSSL_ASNC_CRYPT
- #include <wolfssl/wolfcrypt/async.h>
- #endif
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
- #ifndef ECC_ASN963_MAX_BUF_SZ
- #define ECC_ASN963_MAX_BUF_SZ 133
- #endif
- #ifndef ECC_PRIV_KEY_BUF
- #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */
- #endif
- #ifdef HAVE_ALL_CURVES
- /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64*/
- #ifndef KEY14
- #define KEY14 14
- #endif
- #if !defined(KEY16)
- #define KEY16 16
- #endif
- #if !defined(KEY20)
- #define KEY20 20
- #endif
- #if !defined(KEY24)
- #define KEY24 24
- #endif
- #if !defined(KEY28)
- #define KEY28 28
- #endif
- #if !defined(KEY30)
- #define KEY30 30
- #endif
- #if !defined(KEY32)
- #define KEY32 32
- #endif
- #if !defined(KEY40)
- #define KEY40 40
- #endif
- #if !defined(KEY48)
- #define KEY48 48
- #endif
- #if !defined(KEY64)
- #define KEY64 64
- #endif
- #else
- /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64*/
- #ifndef KEY14
- #define KEY14 32
- #endif
- #if !defined(KEY16)
- #define KEY16 32
- #endif
- #if !defined(KEY20)
- #define KEY20 32
- #endif
- #if !defined(KEY24)
- #define KEY24 32
- #endif
- #if !defined(KEY28)
- #define KEY28 32
- #endif
- #if !defined(KEY30)
- #define KEY30 32
- #endif
- #if !defined(KEY32)
- #define KEY32 32
- #endif
- #if !defined(KEY40)
- #define KEY40 32
- #endif
- #if !defined(KEY48)
- #define KEY48 32
- #endif
- #if !defined(KEY64)
- #define KEY64 32
- #endif
- #endif
- #if !defined(HAVE_COMP_KEY)
- #if !defined(NOCOMP)
- #define NOCOMP 0
- #endif
- #else
- #if !defined(COMP)
- #define COMP 1
- #endif
- #endif
- #if !defined(DER_SZ)
- #define DER_SZ(ks) (ks * 2 + 1)
- #endif
- #endif
- #ifndef NO_ASN
- #include <wolfssl/wolfcrypt/asn_public.h>
- #endif
- #include <wolfssl/error-ssl.h>
- #include <stdlib.h>
- #include <wolfssl/ssl.h> /* compatibility layer */
- #include <wolfssl/test.h>
- #include <tests/unit.h>
- #include "examples/server/server.h"
- /* for testing compatibility layer callbacks */
- #ifndef NO_MD5
- #include <wolfssl/wolfcrypt/md5.h>
- #endif
- #ifndef NO_SHA
- #include <wolfssl/wolfcrypt/sha.h>
- #endif
- #ifndef NO_SHA256
- #include <wolfssl/wolfcrypt/sha256.h>
- #endif
- #ifdef WOLFSSL_SHA512
- #include <wolfssl/wolfcrypt/sha512.h>
- #endif
- #ifdef WOLFSSL_SHA384
- #include <wolfssl/wolfcrypt/sha512.h>
- #endif
- #ifdef WOLFSSL_SHA3
- #include <wolfssl/wolfcrypt/sha3.h>
- #ifndef HEAP_HINT
- #define HEAP_HINT NULL
- #endif
- #endif
- #ifndef NO_AES
- #include <wolfssl/wolfcrypt/aes.h>
- #ifdef HAVE_AES_DECRYPT
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #endif
- #endif
- #ifdef WOLFSSL_RIPEMD
- #include <wolfssl/wolfcrypt/ripemd.h>
- #endif
- #ifdef HAVE_IDEA
- #include <wolfssl/wolfcrypt/idea.h>
- #endif
- #ifndef NO_DES3
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #endif
- #ifndef NO_HMAC
- #include <wolfssl/wolfcrypt/hmac.h>
- #endif
- #ifdef HAVE_CHACHA
- #include <wolfssl/wolfcrypt/chacha.h>
- #endif
- #ifdef HAVE_POLY1305
- #include <wolfssl/wolfcrypt/poly1305.h>
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
- #endif
- #ifdef HAVE_CAMELLIA
- #include <wolfssl/wolfcrypt/camellia.h>
- #endif
- #ifndef NO_RABBIT
- #include <wolfssl/wolfcrypt/rabbit.h>
- #endif
- #ifndef NO_RC4
- #include <wolfssl/wolfcrypt/arc4.h>
- #endif
- #ifdef HAVE_BLAKE2
- #include <wolfssl/wolfcrypt/blake2.h>
- #endif
- #include <wolfssl/wolfcrypt/hash.h>
- #ifndef NO_RSA
- #include <wolfssl/wolfcrypt/rsa.h>
- #define FOURK_BUF 4096
- #define GEN_BUF 294
- #ifndef USER_CRYPTO_ERROR
- #define USER_CRYPTO_ERROR -101 /* error returned by IPP lib. */
- #endif
- #endif
- #ifndef NO_SIG_WRAPPER
- #include <wolfssl/wolfcrypt/signature.h>
- #endif
- #ifdef HAVE_AESCCM
- #include <wolfssl/wolfcrypt/aes.h>
- #endif
- #ifdef HAVE_HC128
- #include <wolfssl/wolfcrypt/hc128.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/wolfcrypt/pkcs7.h>
- #include <wolfssl/wolfcrypt/asn.h>
- #endif
- #ifdef WOLFSSL_SMALL_CERT_VERIFY
- #include <wolfssl/wolfcrypt/asn.h>
- #endif
- #ifndef NO_DSA
- #include <wolfssl/wolfcrypt/dsa.h>
- #ifndef ONEK_BUF
- #define ONEK_BUF 1024
- #endif
- #ifndef TWOK_BUF
- #define TWOK_BUF 2048
- #endif
- #ifndef FOURK_BUF
- #define FOURK_BUF 4096
- #endif
- #ifndef DSA_SIG_SIZE
- #define DSA_SIG_SIZE 40
- #endif
- #ifndef MAX_DSA_PARAM_SIZE
- #define MAX_DSA_PARAM_SIZE 256
- #endif
- #endif
- #ifdef WOLFSSL_CMAC
- #include <wolfssl/wolfcrypt/cmac.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/wolfcrypt/ed448.h>
- #endif
- #ifdef HAVE_CURVE448
- #include <wolfssl/wolfcrypt/curve448.h>
- #endif
- #ifdef HAVE_PKCS12
- #include <wolfssl/wolfcrypt/pkcs12.h>
- #endif
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
- #include <wolfssl/openssl/ssl.h>
- #ifndef NO_ASN
- /* for ASN_COMMON_NAME DN_tags enum */
- #include <wolfssl/wolfcrypt/asn.h>
- #endif
- #ifdef HAVE_OCSP
- #include <wolfssl/openssl/ocsp.h>
- #endif
- #endif
- #ifdef OPENSSL_EXTRA
- #include <wolfssl/openssl/x509v3.h>
- #include <wolfssl/openssl/asn1.h>
- #include <wolfssl/openssl/crypto.h>
- #include <wolfssl/openssl/pkcs12.h>
- #include <wolfssl/openssl/evp.h>
- #include <wolfssl/openssl/dh.h>
- #include <wolfssl/openssl/bn.h>
- #include <wolfssl/openssl/buffer.h>
- #include <wolfssl/openssl/pem.h>
- #include <wolfssl/openssl/ec.h>
- #include <wolfssl/openssl/engine.h>
- #include <wolfssl/openssl/crypto.h>
- #include <wolfssl/openssl/hmac.h>
- #include <wolfssl/openssl/objects.h>
- #ifndef NO_AES
- #include <wolfssl/openssl/aes.h>
- #endif
- #ifndef NO_DES3
- #include <wolfssl/openssl/des.h>
- #endif
- #ifdef HAVE_ECC
- #include <wolfssl/openssl/ecdsa.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/openssl/pkcs7.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/openssl/ed25519.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/openssl/ed448.h>
- #endif
- #endif /* OPENSSL_EXTRA */
- #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
- && !defined(NO_SHA256) && !defined(RC_NO_RNG)
- #include <wolfssl/wolfcrypt/srp.h>
- #endif
- #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
- #include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */
- #endif
- /* force enable test buffers */
- #ifndef USE_CERT_BUFFERS_2048
- #define USE_CERT_BUFFERS_2048
- #endif
- #ifndef USE_CERT_BUFFERS_256
- #define USE_CERT_BUFFERS_256
- #endif
- #include <wolfssl/certs_test.h>
- typedef struct testVector {
- const char* input;
- const char* output;
- size_t inLen;
- size_t outLen;
- } testVector;
- #if defined(HAVE_PKCS7)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- } pkcs7EnvelopedVector;
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- byte* encryptionKey;
- word32 encryptionKeySz;
- } pkcs7EncryptedVector;
- #endif
- #endif /* HAVE_PKCS7 */
- /*----------------------------------------------------------------------------*
- | Constants
- *----------------------------------------------------------------------------*/
- #define TEST_SUCCESS (1)
- #define TEST_FAIL (0)
- #define testingFmt " %s:"
- #define resultFmt " %s\n"
- static const char* passed = "passed";
- static const char* failed = "failed";
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
- static const char* bogusFile =
- #ifdef _WIN32
- "NUL"
- #else
- "/dev/null"
- #endif
- ;
- #endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */
- enum {
- TESTING_RSA = 1,
- TESTING_ECC = 2
- };
- static int devId = INVALID_DEVID;
- /*----------------------------------------------------------------------------*
- | Setup
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_Init(void)
- {
- int result;
- printf(testingFmt, "wolfSSL_Init()");
- result = wolfSSL_Init();
- printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
- return result;
- }
- static int test_wolfSSL_Cleanup(void)
- {
- int result;
- printf(testingFmt, "wolfSSL_Cleanup()");
- result = wolfSSL_Cleanup();
- printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
- return result;
- }
- /* Initialize the wolfCrypt state.
- * POST: 0 success.
- */
- static int test_wolfCrypt_Init(void)
- {
- int result;
- printf(testingFmt, "wolfCrypt_Init()");
- result = wolfCrypt_Init();
- printf(resultFmt, result == 0 ? passed : failed);
- return result;
- } /* END test_wolfCrypt_Init */
- /*----------------------------------------------------------------------------*
- | Platform dependent function test
- *----------------------------------------------------------------------------*/
- static int test_fileAccess()
- {
- #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM)
- const char *fname[] = {
- svrCertFile, svrKeyFile, caCertFile,
- eccCertFile, eccKeyFile, eccRsaCertFile,
- cliCertFile, cliCertDerFile, cliKeyFile,
- ntruCertFile, ntruKeyFile, dhParamFile,
- cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
- cliEdCertFile, cliEdKeyFile, caEdCertFile,
- NULL
- };
- const char derfile[] = "./certs/server-cert.der";
- XFILE f;
- size_t sz;
- byte *buff;
- int i;
- printf(testingFmt, "test_fileAccess()");
- AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE);
- for(i=0; fname[i] != NULL ; i++){
- AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE);
- XFCLOSE(f);
- }
- AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE);
- AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
- sz = (size_t) XFTELL(f);
- XREWIND(f);
- AssertTrue(sz == sizeof_server_cert_der_2048);
- AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ;
- AssertTrue(XFREAD(buff, 1, sz, f) == sz);
- XMEMCMP(server_cert_der_2048, buff, sz);
- printf(resultFmt, passed);
- #endif
- return WOLFSSL_SUCCESS;
- }
- /*----------------------------------------------------------------------------*
- | Method Allocators
- *----------------------------------------------------------------------------*/
- static void test_wolfSSL_Method_Allocators(void)
- {
- #define TEST_METHOD_ALLOCATOR(allocator, condition) \
- do { \
- WOLFSSL_METHOD *method; \
- condition(method = allocator()); \
- XFREE(method, 0, DYNAMIC_TYPE_METHOD); \
- } while(0)
- #define TEST_VALID_METHOD_ALLOCATOR(a) \
- TEST_METHOD_ALLOCATOR(a, AssertNotNull)
- #define TEST_INVALID_METHOD_ALLOCATOR(a) \
- TEST_METHOD_ALLOCATOR(a, AssertNull)
- #ifndef NO_OLD_TLS
- #ifdef WOLFSSL_ALLOW_SSLV3
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
- #endif
- #endif
- #ifdef WOLFSSL_ALLOW_TLSV10
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
- #endif
- #endif
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
- #endif
- #endif /* !NO_OLD_TLS */
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
- #endif
- #endif /* !WOLFSSL_NO_TLS12 */
- #ifdef WOLFSSL_TLS13
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
- #endif
- #endif /* WOLFSSL_TLS13 */
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
- #endif
- #ifdef WOLFSSL_DTLS
- #ifndef NO_OLD_TLS
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
- #endif
- #endif
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
- #endif
- #endif
- #endif /* WOLFSSL_DTLS */
- #if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA)
- /* Stubs */
- #ifndef NO_WOLFSSL_SERVER
- TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
- #endif
- #endif
- /* Test Either Method (client or server) */
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method);
- #ifndef NO_OLD_TLS
- #ifdef WOLFSSL_ALLOW_TLSV10
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method);
- #endif
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method);
- #endif /* !NO_OLD_TLS */
- #ifndef WOLFSSL_NO_TLS12
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method);
- #endif /* !WOLFSSL_NO_TLS12 */
- #ifdef WOLFSSL_TLS13
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method);
- #endif /* WOLFSSL_TLS13 */
- #ifdef WOLFSSL_DTLS
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method);
- #ifndef NO_OLD_TLS
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method);
- #endif /* !NO_OLD_TLS */
- #ifndef WOLFSSL_NO_TLS12
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
- #endif /* !WOLFSSL_NO_TLS12 */
- #endif /* WOLFSSL_DTLS */
- #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
- }
- /*----------------------------------------------------------------------------*
- | Context
- *----------------------------------------------------------------------------*/
- #ifndef NO_WOLFSSL_SERVER
- static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
- {
- WOLFSSL_CTX *ctx;
- AssertNull(ctx = wolfSSL_CTX_new(NULL));
- AssertNotNull(method);
- AssertNotNull(ctx = wolfSSL_CTX_new(method));
- wolfSSL_CTX_free(ctx);
- }
- #endif
- #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
- (!defined(NO_RSA) || defined(HAVE_ECC))
- static void test_for_double_Free(void)
- {
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- int skipTest = 0;
- const char* testCertFile;
- const char* testKeyFile;
- char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA"
- ":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM"
- "-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:"
- "DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-"
- "AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE"
- "-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-"
- "8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-"
- "NULL-SHA:HC128-MD5:HC128-SHA:RABBIT-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-"
- "AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-"
- "SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R"
- "SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA"
- ":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-"
- "RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA"
- ":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3"
- "-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES"
- "256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E"
- "CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25"
- "6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC"
- "M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL"
- "LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH"
- "E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD"
- "H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD"
- "SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA"
- "CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R"
- "SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO"
- "LY1305-OLD:IDEA-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A"
- "ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA"
- "CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S"
- "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
- "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #else
- skipTest = 1;
- #endif
- if (skipTest != 1) {
- #ifndef NO_WOLFSSL_SERVER
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #endif
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- /* First test freeing SSL, then CTX */
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #endif
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- /* Next test freeing CTX then SSL */
- wolfSSL_CTX_free(ctx);
- wolfSSL_free(ssl);
- #ifndef NO_WOLFSSL_SERVER
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #endif
- /* Test setting ciphers at ctx level */
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
- AssertNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_CTX_free(ctx);
- wolfSSL_free(ssl);
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #endif
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- /* test setting ciphers at SSL level */
- AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
- wolfSSL_CTX_free(ctx);
- wolfSSL_free(ssl);
- }
- }
- #endif
- static void test_wolfSSL_CTX_use_certificate_file(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx;
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- /* invalid context */
- AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid cert file */
- AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid cert type */
- AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));
- #ifdef NO_RSA
- /* rsa needed */
- AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM));
- #else
- /* success */
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- }
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
- static int test_wolfSSL_CTX_use_certificate_ASN1(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
- WOLFSSL_CTX* ctx;
- int ret;
- printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()");
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
- server_cert_der_2048);
- printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
- wolfSSL_CTX_free(ctx);
- return ret;
- #else
- return WOLFSSL_SUCCESS;
- #endif
- }
- #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
- /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
- * context using buffer.
- * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
- * --enable-testcert flag.
- */
- static int test_wolfSSL_CTX_use_certificate_buffer(void)
- {
- #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
- !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX* ctx;
- int ret;
- printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1);
- printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
- wolfSSL_CTX_free(ctx);
- return ret;
- #else
- return WOLFSSL_SUCCESS;
- #endif
- } /*END test_wolfSSL_CTX_use_certificate_buffer*/
- static void test_wolfSSL_CTX_use_PrivateKey_file(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx;
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- /* invalid context */
- AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid key file */
- AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid key type */
- AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
- /* success */
- #ifdef NO_RSA
- /* rsa needed */
- AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #else
- /* success */
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- }
- /* test both file and buffer versions along with unloading trusted peer certs */
- static void test_wolfSSL_CTX_trust_peer_cert(void)
- {
- #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx;
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #if !defined(NO_FILESYSTEM)
- /* invalid file */
- assert(wolfSSL_CTX_trust_peer_cert(ctx, NULL,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
- assert(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
- assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
- WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);
- /* success */
- assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM)
- == WOLFSSL_SUCCESS);
- /* unload cert */
- assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
- assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);
- #endif
- /* Test of loading certs from buffers */
- /* invalid buffer */
- assert(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1,
- WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);
- /* success */
- #ifdef USE_CERT_BUFFERS_1024
- assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024,
- sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
- #endif
- #ifdef USE_CERT_BUFFERS_2048
- assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048,
- sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
- #endif
- /* unload cert */
- assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
- assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_CTX_load_verify_locations(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx;
- #ifndef NO_RSA
- WOLFSSL_CERT_MANAGER* cm;
- #ifdef PERSIST_CERT_CACHE
- int cacheSz;
- #endif
- #endif
- #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
- const char* load_certs_path = "./certs/external";
- const char* load_no_certs_path = "./examples";
- const char* load_expired_path = "./certs/test/expired";
- #endif
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- /* invalid arguments */
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);
- /* invalid ca file */
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), WOLFSSL_BAD_FILE);
- #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
- /* invalid path */
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), BAD_PATH_ERROR);
- #endif
- /* load ca cert */
- #ifdef NO_RSA
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E);
- #else /* Skip the following test without RSA certs. */
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
- #ifdef PERSIST_CERT_CACHE
- /* Get cert cache size */
- cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
- #endif
- /* Test unloading CA's */
- AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
- #ifdef PERSIST_CERT_CACHE
- /* Verify no certs (result is less than cacheSz) */
- AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
- #endif
- /* load ca cert again */
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
- /* Test getting CERT_MANAGER */
- AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
- /* Test unloading CA's using CM */
- AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- #ifdef PERSIST_CERT_CACHE
- /* Verify no certs (result is less than cacheSz) */
- AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
- #endif
- #endif
- #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
- /* Test loading CA certificates using a path */
- #ifdef NO_RSA
- /* failure here okay since certs in external directory are RSA */
- AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
- #else
- AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
- #endif
- /* Test loading path with no files */
- AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
- WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
- /* Test loading expired CA certificates */
- #ifdef NO_RSA
- AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
- WOLFSSL_SUCCESS);
- #else
- AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
- WOLFSSL_SUCCESS);
- #endif
- /* Test loading CA certificates and ignoring all errors */
- #ifdef NO_RSA
- AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
- #else
- AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
- #endif
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
- {
- int ret;
- WOLFSSL_CERT_MANAGER* cm;
- cm = wolfSSL_CertManagerNew();
- if (cm == NULL) {
- printf("test_cm_load_ca failed\n");
- return -1;
- }
- ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- static int test_cm_load_ca_file(const char* ca_cert_file)
- {
- int ret = 0;
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- #if defined(WOLFSSL_PEM_TO_DER)
- DerBuffer* pDer = NULL;
- #endif
- ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
- if (ret == 0) {
- /* normal test */
- ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
- if (ret == 0) {
- /* test including null terminator in length */
- ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, WOLFSSL_FILETYPE_PEM);
- }
- #if defined(WOLFSSL_PEM_TO_DER)
- if (ret == 0) {
- /* test loading DER */
- ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
- if (ret == 0 && pDer != NULL) {
- ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
- WOLFSSL_FILETYPE_ASN1);
- wc_FreeDer(&pDer);
- }
- }
- #endif
- free(cert_buf);
- }
- return ret;
- }
- #endif /* !NO_FILESYSTEM && !NO_CERTS */
- static int test_wolfSSL_CertManagerLoadCABuffer(void)
- {
- int ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
- ret = test_cm_load_ca_file(ca_cert);
- #ifdef NO_RSA
- AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
- #else
- AssertIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- ret = test_cm_load_ca_file(ca_expired_cert);
- #ifdef NO_RSA
- AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
- #else
- AssertIntEQ(ret, ASN_AFTER_DATE_E);
- #endif
- #endif
- return ret;
- }
- static void test_wolfSSL_CertManagerGetCerts(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
- defined(WOLFSSL_SIGNER_DER_CERT)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- WOLFSSL_STACK* sk = NULL;
- X509* x509 = NULL;
- X509* cert1 = NULL;
- FILE* file1 = NULL;
- #ifdef DEBUG_WOLFSSL_VERBOSE
- WOLFSSL_BIO* bio = NULL;
- #endif
- int i = 0;
- printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
- AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
- AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
- fclose(file1);
- AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
- "./certs/ca-cert.pem", NULL));
- AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
- for (i = 0; i < sk_X509_num(sk); i++) {
- x509 = sk_X509_value(sk, i);
- AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1));
- #ifdef DEBUG_WOLFSSL_VERBOSE
- bio = BIO_new(wolfSSL_BIO_s_file());
- if (bio != NULL) {
- BIO_set_fp(bio, stdout, BIO_NOCLOSE);
- X509_print(bio, x509);
- BIO_free(bio);
- }
- #endif /* DEBUG_WOLFSSL_VERBOSE */
- }
- wolfSSL_X509_free(cert1);
- sk_X509_free(sk);
- wolfSSL_CertManagerFree(cm);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
- defined(WOLFSSL_SIGNER_DER_CERT) */
- }
- static int test_wolfSSL_CertManagerSetVerify(void)
- {
- int ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA)
- WOLFSSL_CERT_MANAGER* cm;
- int tmp = myVerifyAction;
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* expiredCert = "./certs/test/expired/expired-cert.pem";
- cm = wolfSSL_CertManagerNew();
- AssertNotNull(cm);
- wolfSSL_CertManagerSetVerify(cm, myVerify);
- ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL);
- AssertIntEQ(ret, WOLFSSL_SUCCESS);
- /* Use the test CB that always accepts certs */
- myVerifyAction = VERIFY_OVERRIDE_ERROR;
- ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM);
- AssertIntEQ(ret, WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ALWAYS_VERIFY_CB
- {
- const char* verifyCert = "./certs/server-cert.pem";
- /* Use the test CB that always fails certs */
- myVerifyAction = VERIFY_FORCE_FAIL;
- ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM);
- AssertIntEQ(ret, VERIFY_CERT_ERROR);
- }
- #endif
- wolfSSL_CertManagerFree(cm);
- myVerifyAction = tmp;
- #endif
- return ret;
- }
- static void test_wolfSSL_CertManagerNameConstraint(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
- WOLFSSL_CERT_MANAGER* cm;
- const char* ca_cert = "./certs/test/cert-ext-nc.der";
- int i = 0;
- static const byte extNameConsOid[] = {85, 29, 30};
- RsaKey key;
- WC_RNG rng;
- byte *der;
- int derSz;
- word32 idx = 0;
- byte *pt;
- WOLFSSL_X509 *x509;
- wc_InitRng(&rng);
- /* load in CA private key for signing */
- AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, devId), 0);
- AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
- sizeof_server_key_der_2048), 0);
- /* get ca certificate then alter it */
- AssertNotNull(der =
- (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
- WOLFSSL_FILETYPE_ASN1));
- AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
- XMEMCPY(der, pt, derSz);
- /* find the name constraint extension and alter it */
- pt = der;
- for (i = 0; i < derSz - 3; i++) {
- if (XMEMCMP(pt, extNameConsOid, 3) == 0) {
- pt += 3;
- break;
- }
- pt++;
- }
- AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */
- /* go to the length value and set it to 0 */
- while (i < derSz && *pt != 0x81) {
- pt++;
- i++;
- }
- AssertIntNE(i, derSz); /* did not place to alter */
- pt++;
- *pt = 0x00;
- /* resign the altered certificate */
- AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der,
- FOURK_BUF, &key, NULL, &rng)), 0);
- AssertNotNull(cm = wolfSSL_CertManagerNew());
- AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
- wolfSSL_CertManagerFree(cm);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_X509_free(x509);
- wc_FreeRsaKey(&key);
- wc_FreeRng(&rng);
- #endif
- }
- static void test_wolfSSL_CertManagerCRL(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
- !defined(NO_RSA)
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* crl1 = "./certs/crl/crl.pem";
- const char* crl2 = "./certs/crl/crl2.pem";
- WOLFSSL_CERT_MANAGER* cm = NULL;
- AssertNotNull(cm = wolfSSL_CertManagerNew());
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
- wolfSSL_CertManagerFreeCRL(cm);
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
- wolfSSL_CertManagerFree(cm);
- #endif
- }
- static void test_wolfSSL_CTX_load_verify_locations_ex(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx;
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- /* test good CA */
- AssertTrue(WOLFSSL_SUCCESS ==
- wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL,
- WOLFSSL_LOAD_FLAG_NONE));
- /* test expired CA */
- AssertTrue(WOLFSSL_SUCCESS !=
- wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
- WOLFSSL_LOAD_FLAG_NONE));
- AssertTrue(WOLFSSL_SUCCESS ==
- wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_CTX_load_verify_buffer_ex(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- defined(USE_CERT_BUFFERS_2048)
- WOLFSSL_CTX* ctx;
- const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
- byte ca_expired_cert[TWOK_BUF];
- word32 sizeof_ca_expired_cert;
- XFILE fp;
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- #endif
- AssertNotNull(ctx);
- /* test good CA */
- AssertTrue(WOLFSSL_SUCCESS ==
- wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
- sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
- WOLFSSL_LOAD_FLAG_NONE));
- /* load expired CA */
- XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
- fp = XFOPEN(ca_expired_cert_file, "rb");
- AssertTrue(fp != XBADFILE);
- sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1,
- sizeof(ca_expired_cert), fp);
- XFCLOSE(fp);
- /* test expired CA failure */
- AssertTrue(WOLFSSL_SUCCESS !=
- wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
- sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
- WOLFSSL_LOAD_FLAG_NONE));
- /* test expired CA success */
- AssertTrue(WOLFSSL_SUCCESS ==
- wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
- sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048)
- WOLFSSL_CTX* ctx;
- #ifndef NO_WOLFSSL_CLIENT
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- AssertTrue(WOLFSSL_SUCCESS ==
- wolfSSL_CTX_load_verify_chain_buffer_format(ctx, ca_cert_chain_der,
- sizeof_ca_cert_chain_der,
- WOLFSSL_FILETYPE_ASN1));
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
- {
- int ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
- const char* server_chain_der = "./certs/server-cert-chain.der";
- WOLFSSL_CTX* ctx;
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #endif
- AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
- server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- return ret;
- }
- static void test_wolfSSL_CTX_SetTmpDH_file(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH)
- WOLFSSL_CTX *ctx;
- #ifndef NO_WOLFSSL_CLIENT
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* invalid context */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
- dhParamFile, WOLFSSL_FILETYPE_PEM));
- /* invalid dhParamFile file */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
- NULL, WOLFSSL_FILETYPE_PEM));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
- bogusFile, WOLFSSL_FILETYPE_PEM));
- /* success */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
- WOLFSSL_FILETYPE_PEM));
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_CTX_SetTmpDH_buffer(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_DH)
- WOLFSSL_CTX *ctx;
- #ifndef NO_WOLFSSL_CLIENT
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* invalid context */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- /* invalid dhParamFile file */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
- 0, WOLFSSL_FILETYPE_ASN1));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048,
- sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- /* success */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_DH)
- WOLFSSL_CTX *ctx;
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #endif
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
- AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
- AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_CTX_der_load_verify_locations(void)
- {
- #ifdef WOLFSSL_DER_LOAD
- WOLFSSL_CTX* ctx = NULL;
- const char* derCert = "./certs/server-cert.der";
- const char* nullPath = NULL;
- const char* invalidPath = "./certs/this-cert-does-not-exist.der";
- const char* emptyPath = "";
- /* der load Case 1 ctx NULL */
- AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* Case 2 filePath NULL */
- AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- /* Case 3 invalid format */
- AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
- /* Case 4 filePath not valid */
- AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- /* Case 5 filePath empty */
- AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- #ifndef NO_RSA
- /* Case 6 success case */
- AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_CTX_enable_disable(void)
- {
- #ifndef NO_CERTS
- WOLFSSL_CTX* ctx = NULL;
- #ifdef HAVE_CRL
- AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
- #endif
- #ifdef HAVE_OCSP
- AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
- #endif
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
- defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifdef HAVE_EXTENDED_MASTER
- AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
- #endif
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #ifdef HAVE_EXTENDED_MASTER
- AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS);
- #endif
- #elif !defined(NO_WOLFSSL_SERVER)
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- return;
- #endif
- #ifdef HAVE_CRL
- AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS);
- #endif
- #ifdef HAVE_OCSP
- AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE),
- WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE),
- WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL),
- WOLFSSL_SUCCESS);
- #endif
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
- defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS);
- #endif
- wolfSSL_CTX_free(ctx);
- #endif /* NO_CERTS */
- }
- /*----------------------------------------------------------------------------*
- | SSL
- *----------------------------------------------------------------------------*/
- static void test_server_wolfSSL_new(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx;
- WOLFSSL_CTX *ctx_nocert;
- WOLFSSL *ssl;
- AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- /* invalid context */
- AssertNull(ssl = wolfSSL_new(NULL));
- #ifndef WOLFSSL_SESSION_EXPORT
- AssertNull(ssl = wolfSSL_new(ctx_nocert));
- #endif
- /* success */
- AssertNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- wolfSSL_CTX_free(ctx_nocert);
- #endif
- }
- static void test_client_wolfSSL_new(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx;
- WOLFSSL_CTX *ctx_nocert;
- WOLFSSL *ssl;
- AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- /* invalid context */
- AssertNull(ssl = wolfSSL_new(NULL));
- /* success */
- AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
- wolfSSL_free(ssl);
- /* success */
- AssertNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- wolfSSL_CTX_free(ctx_nocert);
- #endif
- }
- static void test_wolfSSL_SetTmpDH_file(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
- !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx;
- WOLFSSL *ssl;
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #ifndef NO_RSA
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #elif defined(HAVE_ECC)
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #elif defined(HAVE_ED25519)
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #elif defined(HAVE_ED448)
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
- WOLFSSL_FILETYPE_PEM));
- #endif
- AssertNotNull(ssl = wolfSSL_new(ctx));
- /* invalid ssl */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
- dhParamFile, WOLFSSL_FILETYPE_PEM));
- /* invalid dhParamFile file */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
- NULL, WOLFSSL_FILETYPE_PEM));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
- bogusFile, WOLFSSL_FILETYPE_PEM));
- /* success */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
- WOLFSSL_FILETYPE_PEM));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_SetTmpDH_buffer(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx;
- WOLFSSL *ssl;
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertNotNull(ssl = wolfSSL_new(ctx));
- /* invalid ssl */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- /* invalid dhParamFile file */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
- 0, WOLFSSL_FILETYPE_ASN1));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
- sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- /* success */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_SetMinMaxDhKey_Sz(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx, *ctx2;
- WOLFSSL *ssl, *ssl2;
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx2);
- AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
- ssl2 = wolfSSL_new(ctx2);
- AssertNotNull(ssl2);
- AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
- AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
- AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- wolfSSL_free(ssl2);
- wolfSSL_CTX_free(ctx2);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- /* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
- * allowed.
- * POST: return 1 on success.
- */
- static int test_wolfSSL_SetMinVersion(void)
- {
- int failFlag = WOLFSSL_SUCCESS;
- #ifndef NO_WOLFSSL_CLIENT
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- int itr;
- #ifndef NO_OLD_TLS
- const int versions[] = {
- #ifdef WOLFSSL_ALLOW_TLSV10
- WOLFSSL_TLSV1,
- #endif
- WOLFSSL_TLSV1_1,
- WOLFSSL_TLSV1_2};
- #elif !defined(WOLFSSL_NO_TLS12)
- const int versions[] = { WOLFSSL_TLSV1_2 };
- #else
- const int versions[] = { WOLFSSL_TLSV1_3 };
- #endif
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- ssl = wolfSSL_new(ctx);
- printf(testingFmt, "wolfSSL_SetMinVersion()");
- for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
- if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS){
- failFlag = WOLFSSL_FAILURE;
- }
- }
- printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return failFlag;
- } /* END test_wolfSSL_SetMinVersion */
- /*----------------------------------------------------------------------------*
- | EC
- *----------------------------------------------------------------------------*/
- /* Test function for EC_POINT_new, EC_POINT_mul, EC_POINT_free,
- EC_GROUP_new_by_curve_name, EC_GROUP_order_bits
- */
- # if defined(OPENSSL_EXTRA) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
- static void test_wolfSSL_EC(void)
- {
- #if defined(HAVE_ECC)
- BN_CTX *ctx;
- EC_GROUP *group;
- EC_GROUP *group2;
- EC_POINT *Gxy, *new_point, *set_point;
- BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
- BIGNUM *X, *Y;
- BIGNUM *set_point_bn;
- char* hexStr;
- int group_bits;
- const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0";
- /* NISTP256R1 Gx/Gy */
- const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
- const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
- #ifndef HAVE_SELFTEST
- EC_POINT *tmp;
- size_t bin_len;
- unsigned char* buf = NULL;
- const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
- const unsigned char binUncompG[] = {
- 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
- 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
- 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
- 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
- 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
- };
- #ifdef HAVE_COMP_KEY
- const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
- const unsigned char binCompG[] = {
- 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
- 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
- 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
- };
- #endif
- #endif
- AssertNotNull(ctx = BN_CTX_new());
- AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- AssertNotNull(group2 = EC_GROUP_dup(group));
- AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
- AssertNotNull(Gxy = EC_POINT_new(group));
- AssertNotNull(new_point = EC_POINT_new(group));
- AssertNotNull(set_point = EC_POINT_new(group));
- AssertNotNull(X = BN_new());
- AssertNotNull(Y = BN_new());
- AssertNotNull(set_point_bn = BN_new());
- /* load test values */
- AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS);
- AssertIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS);
- AssertIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS);
- AssertIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS);
- /* populate coordinates for input point */
- Gxy->X = Gx;
- Gxy->Y = Gy;
- Gxy->Z = Gz;
- #ifndef HAVE_SELFTEST
- /* perform point multiplication */
- AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(BN_is_zero(new_point->X), 0);
- AssertIntEQ(BN_is_zero(new_point->Y), 0);
- AssertIntEQ(BN_is_zero(new_point->Z), 0);
- AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(BN_is_zero(new_point->X), 0);
- AssertIntEQ(BN_is_zero(new_point->Y), 0);
- AssertIntEQ(BN_is_zero(new_point->Z), 0);
- AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(BN_is_zero(new_point->X), 0);
- AssertIntEQ(BN_is_zero(new_point->Y), 0);
- AssertIntEQ(BN_is_zero(new_point->Z), 0);
- #else
- AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(BN_is_zero(new_point->X), 0);
- AssertIntEQ(BN_is_zero(new_point->Y), 0);
- AssertIntEQ(BN_is_zero(new_point->Z), 0);
- #endif
- /* check if point X coordinate is zero */
- AssertIntEQ(BN_is_zero(new_point->X), 0);
- #ifdef USE_ECC_B_PARAM
- AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
- #endif /* USE_ECC_B_PARAM */
- /* Force non-affine coordinates */
- AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
- (WOLFSSL_BIGNUM*)BN_value_one()), 1);
- new_point->inSet = 0;
- /* extract the coordinates from point */
- AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);
- /* check if point X coordinate is zero */
- AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
- /* set the same X and Y points in another object */
- AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS);
- /* compare points as they should be the same */
- AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
- /* Test copying */
- AssertIntEQ(EC_POINT_copy(new_point, set_point), 1);
- /* Test inverting */
- AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
- AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED,
- set_point_bn, ctx), set_point_bn);
- /* check bn2hex */
- hexStr = BN_bn2hex(k);
- AssertStrEQ(hexStr, kTest);
- #ifndef NO_FILESYSTEM
- BN_print_fp(stdout, k);
- printf("\n");
- #endif
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- hexStr = BN_bn2hex(Gx);
- AssertStrEQ(hexStr, kGx);
- #ifndef NO_FILESYSTEM
- BN_print_fp(stdout, Gx);
- printf("\n");
- #endif
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- hexStr = BN_bn2hex(Gy);
- AssertStrEQ(hexStr, kGy);
- #ifndef NO_FILESYSTEM
- BN_print_fp(stdout, Gy);
- printf("\n");
- #endif
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- #ifndef HAVE_SELFTEST
- hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
- AssertStrEQ(hexStr, uncompG);
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- #ifdef HAVE_COMP_KEY
- hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
- AssertStrEQ(hexStr, compG);
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- #endif
- bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx);
- AssertIntEQ(bin_len, sizeof(binUncompG));
- AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
- AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf,
- bin_len, ctx), bin_len);
- AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
- XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
- #ifdef HAVE_COMP_KEY
- bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
- AssertIntEQ(bin_len, sizeof(binCompG));
- AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
- AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
- bin_len, ctx), bin_len);
- AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
- XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
- #endif
- AssertNotNull(tmp = EC_POINT_new(group));
- AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1);
- AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
- EC_POINT_free(tmp);
- #ifdef HAVE_COMP_KEY
- AssertNotNull(tmp = EC_POINT_new(group));
- AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1);
- AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
- EC_POINT_free(tmp);
- #endif
- #endif
- /* test BN_mod_add */
- AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
- (WOLFSSL_BIGNUM*)BN_value_one(),
- (WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1);
- AssertIntEQ(BN_is_zero(new_point->Z), 1);
- /* cleanup */
- BN_free(X);
- BN_free(Y);
- BN_free(k);
- BN_free(set_point_bn);
- EC_POINT_free(new_point);
- EC_POINT_free(set_point);
- EC_POINT_free(Gxy);
- EC_GROUP_free(group);
- EC_GROUP_free(group2);
- BN_CTX_free(ctx);
- #endif /* HAVE_ECC */
- }
- #endif /* OPENSSL_EXTRA && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
- static void test_wolfSSL_PEM_read_bio_ECPKParameters(void)
- {
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
- EC_GROUP *group;
- BIO* bio;
- AssertNotNull(bio = BIO_new(BIO_s_file()));
- AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
- AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
- AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
- EC_GROUP_free(group);
- BIO_free(bio);
- #endif /* HAVE_ECC */
- }
- # if defined(OPENSSL_EXTRA)
- static void test_wolfSSL_ECDSA_SIG(void)
- {
- #ifdef HAVE_ECC
- WOLFSSL_ECDSA_SIG* sig = NULL;
- WOLFSSL_ECDSA_SIG* sig2 = NULL;
- const unsigned char* cp;
- unsigned char* p;
- unsigned char outSig[8];
- unsigned char sigData[8] =
- { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
- sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData));
- AssertNull(sig);
- cp = sigData;
- AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
- AssertIntEQ((cp == sigData + 8), 1);
- cp = sigData;
- AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
- AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
- AssertIntEQ((sig == sig2), 1);
- cp = outSig;
- p = outSig;
- AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
- AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
- AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
- AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
- AssertIntEQ((p == outSig + 8), 1);
- AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0);
- wolfSSL_ECDSA_SIG_free(sig);
- #endif /* HAVE_ECC */
- }
- static void test_EC_i2d(void)
- {
- #if defined(HAVE_ECC) && !defined(HAVE_FIPS)
- EC_KEY *key;
- EC_KEY *copy;
- int len;
- unsigned char *buf = NULL;
- const unsigned char *tmp = NULL;
- AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- AssertIntEQ(EC_KEY_generate_key(key), 1);
- AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
- AssertIntEQ(i2d_EC_PUBKEY(key, &buf), len);
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- buf = NULL;
- AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
- AssertIntEQ(i2d_ECPrivateKey(key, &buf), len);
- tmp = buf;
- AssertNotNull(d2i_ECPrivateKey(©, &tmp, len));
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- EC_KEY_free(key);
- EC_KEY_free(copy);
- #endif /* HAVE_ECC */
- }
- static void test_ECDSA_size_sign(void)
- {
- #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- EC_KEY *key;
- int id;
- byte hash[WC_MAX_DIGEST_SIZE];
- byte sig[ECC_BUFSIZE];
- unsigned int sigSz = sizeof(sig);
- XMEMSET(hash, 123, sizeof(hash));
- id = wc_ecc_get_curve_id_from_name("SECP256R1");
- AssertIntEQ(id, ECC_SECP256R1);
- AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- AssertIntEQ(EC_KEY_generate_key(key), 1);
- AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
- AssertIntGE(ECDSA_size(key), sigSz);
- EC_KEY_free(key);
- #endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
- }
- static void test_ED25519(void)
- {
- #if defined(HAVE_ED25519) && defined(WOLFSSL_KEY_GEN)
- byte priv[ED25519_PRV_KEY_SIZE];
- unsigned int privSz = (unsigned int)sizeof(priv);
- byte pub[ED25519_PUB_KEY_SIZE];
- unsigned int pubSz = (unsigned int)sizeof(pub);
- const char* msg = "Everyone gets Friday off.";
- unsigned int msglen = (unsigned int)XSTRLEN(msg);
- byte sig[ED25519_SIG_SIZE];
- unsigned int sigSz = (unsigned int)sizeof(sig);
- AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE);
- AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
- AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
- &sigSz), WOLFSSL_SUCCESS);
- AssertIntEQ(sigSz, ED25519_SIG_SIZE);
- AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
- sigSz), WOLFSSL_SUCCESS);
- #endif /* HAVE_ED25519 && WOLFSSL_KEY_GEN */
- }
- static void test_ED448(void)
- {
- #if defined(HAVE_ED448) && defined(WOLFSSL_KEY_GEN)
- byte priv[ED448_PRV_KEY_SIZE];
- unsigned int privSz = (unsigned int)sizeof(priv);
- byte pub[ED448_PUB_KEY_SIZE];
- unsigned int pubSz = (unsigned int)sizeof(pub);
- const char* msg = "Everyone gets Friday off.";
- unsigned int msglen = (unsigned int)XSTRLEN(msg);
- byte sig[ED448_SIG_SIZE];
- unsigned int sigSz = (unsigned int)sizeof(sig);
- AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(privSz, ED448_PRV_KEY_SIZE);
- AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE);
- AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
- &sigSz), WOLFSSL_SUCCESS);
- AssertIntEQ(sigSz, ED448_SIG_SIZE);
- AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
- sigSz), WOLFSSL_SUCCESS);
- #endif /* HAVE_ED448 && WOLFSSL_KEY_GEN */
- }
- #endif /* OPENSSL_EXTRA */
- #include <wolfssl/openssl/pem.h>
- /*----------------------------------------------------------------------------*
- | EVP
- *----------------------------------------------------------------------------*/
- /* Test function for wolfSSL_EVP_get_cipherbynid.
- */
- #ifdef OPENSSL_EXTRA
- static void test_wolfSSL_EVP_get_cipherbynid(void)
- {
- #ifndef NO_AES
- const WOLFSSL_EVP_CIPHER* c;
- c = wolfSSL_EVP_get_cipherbynid(419);
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_128_CBC", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(423);
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_192_CBC", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(427);
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_256_CBC", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(904);
- #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_128_CTR", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(905);
- #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_192_CTR", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(906);
- #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_256_CTR", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(418);
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_128_ECB", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(422);
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_192_ECB", c));
- #else
- AssertNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(426);
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- AssertNotNull(c);
- AssertNotNull(strcmp("EVP_AES_256_ECB", c));
- #else
- AssertNull(c);
- #endif
- #endif /* !NO_AES */
- #ifndef NO_DES3
- AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
- #ifdef WOLFSSL_DES_ECB
- AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29)));
- #endif
- AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44)));
- #ifdef WOLFSSL_DES_ECB
- AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
- #endif
- #endif /* !NO_DES3 */
- #ifdef HAVE_IDEA
- AssertNotNull(strcmp("EVP_IDEA_CBC", wolfSSL_EVP_get_cipherbynid(34)));
- #endif
- /* test for nid is out of range */
- AssertNull(wolfSSL_EVP_get_cipherbynid(1));
- }
- static void test_wolfSSL_EVP_CIPHER_CTX()
- {
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
- const EVP_CIPHER *init = EVP_aes_128_cbc();
- const EVP_CIPHER *test;
- byte key[AES_BLOCK_SIZE] = {0};
- byte iv[AES_BLOCK_SIZE] = {0};
- AssertNotNull(ctx);
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- test = EVP_CIPHER_CTX_cipher(ctx);
- AssertTrue(init == test);
- AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
- AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
- EVP_CIPHER_CTX_free(ctx);
- #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
- }
- #endif /* OPENSSL_EXTRA */
- /*----------------------------------------------------------------------------*
- | IO
- *----------------------------------------------------------------------------*/
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && !defined(SINGLE_THREADED) && \
- !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
- #define HAVE_IO_TESTS_DEPENDENCIES
- #endif
- /* helper functions */
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- #ifdef WOLFSSL_SESSION_EXPORT
- /* set up function for sending session information */
- static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx)
- {
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- AssertNotNull(inSsl);
- AssertNotNull(buf);
- AssertIntNE(0, sz);
- /* Set ctx to DTLS 1.2 */
- ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
- AssertNotNull(ctx);
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- (void)userCtx;
- return WOLFSSL_SUCCESS;
- }
- /* returns negative value on fail and positive (including 0) on success */
- static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
- {
- int ret, err, loop_count, count, timeout = 10;
- char msg[] = "I hear you fa shizzle!";
- char input[1024];
- loop_count = ((func_args*)args)->argc;
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_accept(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- if (err == WOLFSSL_ERROR_WANT_READ ||
- err == WOLFSSL_ERROR_WANT_WRITE) {
- int select_ret;
- err = WC_PENDING_E;
- select_ret = tcp_select(*sockfd, timeout);
- if (select_ret == TEST_TIMEOUT) {
- return WOLFSSL_FATAL_ERROR;
- }
- }
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- return ret;
- }
- for (count = 0; count < loop_count; count++) {
- int select_ret;
- select_ret = tcp_select(*sockfd, timeout);
- if (select_ret == TEST_TIMEOUT) {
- ret = WOLFSSL_FATAL_ERROR;
- break;
- }
- do {
- ret = wolfSSL_read(ssl, input, sizeof(input)-1);
- if (ret > 0) {
- input[ret] = '\0';
- printf("Client message: %s\n", input);
- }
- } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
- do {
- if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) {
- return WOLFSSL_FATAL_ERROR;
- }
- err = wolfSSL_get_error(ssl, ret);
- } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
- }
- return ret;
- }
- #endif /* WOLFSSL_SESSION_EXPORT */
- static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
- {
- SOCKET_T sockfd = 0;
- SOCKET_T clientfd = 0;
- word16 port;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- char msg[] = "I hear you fa shizzle!";
- char input[1024];
- int idx;
- int ret, err = 0;
- int sharedCtx = 0;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- cbf = ((func_args*)args)->callbacks;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = 1;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_server_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
- defined(HAVE_POLY1305)
- TicketInit();
- wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
- #endif
- #if defined(USE_WINDOWS_API)
- port = ((func_args*)args)->signal->port;
- #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
- !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
- /* Let tcp_listen assign port */
- port = 0;
- #else
- /* Use default port */
- port = wolfSSLPort;
- #endif
- /* do it here to detect failure */
- tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1);
- CloseSocket(sockfd);
- wolfSSL_CTX_set_verify(ctx,
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
- != WOLFSSL_SUCCESS) {
- /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- #ifdef WOLFSSL_SESSION_EXPORT
- /* only add in more complex nonblocking case with session export tests */
- if (args && ((func_args*)args)->argc > 0) {
- /* set as nonblock and time out for waiting on read/write */
- tcp_set_nonblocking(&clientfd);
- wolfSSL_dtls_set_using_nonblock(ssl, 1);
- }
- #endif
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_certificate_file(ssl, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- #elif !defined(NO_DH)
- SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
- #endif
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- #ifdef WOLFSSL_SESSION_EXPORT
- /* only add in more complex nonblocking case with session export tests */
- if (((func_args*)args)->argc > 0) {
- ret = nonblocking_accept_read(args, ssl, &clientfd);
- if (ret >= 0) {
- ((func_args*)args)->return_code = TEST_SUCCESS;
- }
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- goto done;
- }
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_accept(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_accept failed");*/
- goto done;
- }
- idx = wolfSSL_read(ssl, input, sizeof(input)-1);
- if (idx > 0) {
- input[idx] = '\0';
- printf("Client message: %s\n", input);
- }
- if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
- /*err_sys("SSL_write failed");*/
- #ifdef WOLFSSL_TIRTOS
- return;
- #else
- return 0;
- #endif
- }
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- ((func_args*)args)->return_code = TEST_SUCCESS;
- done:
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(clientfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
- defined(HAVE_POLY1305)
- TicketCleanup();
- #endif
- #ifndef WOLFSSL_TIRTOS
- return 0;
- #endif
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
- static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
- {
- SOCKET_T sockfd = 0;
- SOCKET_T clientfd = 0;
- word16 port;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- char msg[] = "I hear you fa shizzle!";
- char input[1024];
- int idx;
- int ret, err = 0;
- int sharedCtx = 0;
- int loop_count = ((func_args*)args)->argc;
- int count = 0;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- cbf = ((func_args*)args)->callbacks;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = 1;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_server_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- #if defined(USE_WINDOWS_API)
- port = ((func_args*)args)->signal->port;
- #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
- !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
- /* Let tcp_listen assign port */
- port = 0;
- #else
- /* Use default port */
- port = wolfSSLPort;
- #endif
- wolfSSL_CTX_set_verify(ctx,
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
- != WOLFSSL_SUCCESS) {
- /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- while(count != loop_count) {
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- #elif !defined(NO_DH)
- SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
- #endif
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- /* do it here to detect failure */
- tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1);
- CloseSocket(sockfd);
- if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_accept(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_accept failed");*/
- goto done;
- }
- idx = wolfSSL_read(ssl, input, sizeof(input)-1);
- if (idx > 0) {
- input[idx] = '\0';
- printf("Client message: %s\n", input);
- }
- if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
- /*err_sys("SSL_write failed");*/
- #ifdef WOLFSSL_TIRTOS
- return;
- #else
- return 0;
- #endif
- }
- /* free ssl for this connection */
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl); ssl = NULL;
- CloseSocket(clientfd);
- count++;
- }
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- ((func_args*)args)->return_code = TEST_SUCCESS;
- done:
- if(ssl != NULL) {
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- }
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(clientfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- #ifndef WOLFSSL_TIRTOS
- return 0;
- #endif
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
- typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
- static void test_client_nofail(void* args, void *cb)
- {
- SOCKET_T sockfd = 0;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- WOLFSSL_CIPHER* cipher;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int input;
- int msgSz = (int)XSTRLEN(msg);
- int ret, err = 0;
- int cipherSuite;
- int sharedCtx = 0;
- const char* cipherName1, *cipherName2;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- cbf = ((func_args*)args)->callbacks;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = cbf->isSharedCtx;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_client_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- /* Do connect here so server detects failures */
- tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 0, 0, NULL);
- if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
- {
- /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_certificate_file(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_connect(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- goto done;
- }
- /* test the various get cipher methods */
- /* Internal cipher suite names */
- cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
- cipherName1 = wolfSSL_get_cipher_name(ssl);
- cipherName2 = wolfSSL_get_cipher_name_from_suite(
- (cipherSuite >> 8), cipherSuite & 0xFF);
- AssertStrEQ(cipherName1, cipherName2);
- /* IANA Cipher Suites Names */
- /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS,
- then it's the internal cipher suite name */
- cipher = wolfSSL_get_current_cipher(ssl);
- cipherName1 = wolfSSL_CIPHER_get_name(cipher);
- cipherName2 = wolfSSL_get_cipher(ssl);
- AssertStrEQ(cipherName1, cipherName2);
- #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
- !defined(WOLFSSL_QT)
- cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
- (cipherSuite >> 8), cipherSuite & 0xFF);
- AssertStrEQ(cipherName1, cipherName2);
- #endif
- if (cb != NULL)
- ((cbType)cb)(ctx, ssl);
- if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
- if (input > 0) {
- reply[input] = '\0';
- printf("Server response: %s\n", reply);
- }
- ((func_args*)args)->return_code = TEST_SUCCESS;
- done:
- wolfSSL_free(ssl);
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(sockfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- return;
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
- static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
- {
- SOCKET_T sockfd = 0;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- WOLFSSL_SESSION* session = NULL;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int input;
- int msgSz = (int)XSTRLEN(msg);
- int ret, err = 0;
- int sharedCtx = 0;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- cbf = ((func_args*)args)->callbacks;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = 1;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_client_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- /* Do connect here so server detects failures */
- tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 0, 0, NULL);
- if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
- {
- /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- /* keep handshakre resources for re-using WOLFSSL obj */
- wolfSSL_KeepArrays(ssl);
- if(wolfSSL_KeepHandshakeResources(ssl)) {
- /* err_sys("SSL_KeepHandshakeResources failed"); */
- goto done;
- }
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_connect(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- goto done;
- }
- /* Build first session */
- if (cb != NULL)
- ((cbType)cb)(ctx, ssl);
- if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
- if (input > 0) {
- reply[input] = '\0';
- printf("Server response: %s\n", reply);
- }
- /* Session Resumption by re-using WOLFSSL object */
- wolfSSL_set_quiet_shutdown(ssl, 1);
- if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
- /* err_sys ("SSL shutdown failed"); */
- goto done;
- }
- session = wolfSSL_get_session(ssl);
- if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
- /* err_sys ("SSL_clear failed"); */
- goto done;
- }
- wolfSSL_set_session(ssl, session);
- /* close socket once */
- CloseSocket(sockfd);
- sockfd = 0;
- /* wait until server ready */
- wait_tcp_ready((func_args*)server_args);
- printf("session resumption\n");
- /* Do re-connect */
- tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 0, 0, NULL);
- if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_connect(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- goto done;
- }
- /* Build first session */
- if (cb != NULL)
- ((cbType)cb)(ctx, ssl);
- if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
- if (input > 0) {
- reply[input] = '\0';
- printf("Server response: %s\n", reply);
- }
- ((func_args*)args)->return_code = TEST_SUCCESS;
- done:
- wolfSSL_free(ssl);
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(sockfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- return;
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
- /* SNI / ALPN / session export helper functions */
- #if defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLFSSL_SESSION_EXPORT)
- static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
- {
- callback_functions* callbacks = ((func_args*)args)->callbacks;
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
- WOLFSSL* ssl = NULL;
- SOCKET_T sfd = 0;
- SOCKET_T cfd = 0;
- word16 port;
- char msg[] = "I hear you fa shizzle!";
- int len = (int) XSTRLEN(msg);
- char input[1024];
- int idx;
- int ret, err = 0;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- #if defined(USE_WINDOWS_API)
- port = ((func_args*)args)->signal->port;
- #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
- !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
- /* Let tcp_listen assign port */
- port = 0;
- #else
- /* Use default port */
- port = wolfSSLPort;
- #endif
- wolfSSL_CTX_set_verify(ctx,
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- #ifdef WOLFSSL_SESSION_EXPORT
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export));
- #endif
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- if (callbacks->ctx_ready)
- callbacks->ctx_ready(ctx);
- ssl = wolfSSL_new(ctx);
- if (wolfSSL_dtls(ssl)) {
- SOCKADDR_IN_T cliAddr;
- socklen_t cliLen;
- cliLen = sizeof(cliAddr);
- tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0);
- idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
- (struct sockaddr*)&cliAddr, &cliLen);
- AssertIntGT(idx, 0);
- wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
- }
- else {
- tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1);
- CloseSocket(sfd);
- }
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
- #ifdef NO_PSK
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- #elif !defined(NO_DH)
- SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
- #endif
- #endif
- if (callbacks->ssl_ready)
- callbacks->ssl_ready(ssl);
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_accept(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_accept failed");*/
- }
- else {
- if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
- input[idx] = 0;
- printf("Client message: %s\n", input);
- }
- AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
- #if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL)
- if (wolfSSL_dtls(ssl)) {
- byte* import;
- word32 sz;
- wolfSSL_dtls_export(ssl, NULL, &sz);
- import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- AssertNotNull(import);
- idx = wolfSSL_dtls_export(ssl, import, &sz);
- AssertIntGE(idx, 0);
- AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0);
- XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- ((func_args*)args)->return_code = TEST_SUCCESS;
- }
- if (callbacks->on_result)
- callbacks->on_result(ssl);
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(cfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- #ifndef WOLFSSL_TIRTOS
- return 0;
- #endif
- }
- static void run_wolfssl_client(void* args)
- {
- callback_functions* callbacks = ((func_args*)args)->callbacks;
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
- WOLFSSL* ssl = NULL;
- SOCKET_T sfd = 0;
- char msg[] = "hello wolfssl server!";
- int len = (int) XSTRLEN(msg);
- char input[1024];
- int idx;
- int ret, err = 0;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM));
- if (callbacks->ctx_ready)
- callbacks->ctx_ready(ctx);
- ssl = wolfSSL_new(ctx);
- if (wolfSSL_dtls(ssl)) {
- tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 1, 0, ssl);
- }
- else {
- tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 0, 0, ssl);
- }
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
- if (callbacks->ssl_ready)
- callbacks->ssl_ready(ssl);
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- err = 0; /* Reset error */
- ret = wolfSSL_connect(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- }
- else {
- AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
- if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
- input[idx] = 0;
- printf("Server response: %s\n", input);
- }
- ((func_args*)args)->return_code = TEST_SUCCESS;
- }
- if (callbacks->on_result)
- callbacks->on_result(ssl);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(sfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- }
- #endif /* defined(HAVE_SNI) || defined(HAVE_ALPN) ||
- defined(WOLFSSL_SESSION_EXPORT) */
- static void test_wolfSSL_read_write(void)
- {
- /* The unit testing for read and write shall happen simultaneously, since
- * one can't do anything with one without the other. (Except for a failure
- * test case.) This function will call all the others that will set up,
- * execute, and report their test findings.
- *
- * Set up the success case first. This function will become the template
- * for the other tests. This should eventually be renamed
- *
- * The success case isn't interesting, how can this fail?
- * - Do not give the client context a CA certificate. The connect should
- * fail. Do not need server for this?
- * - Using NULL for the ssl object on server. Do not need client for this.
- * - Using NULL for the ssl object on client. Do not need server for this.
- * - Good ssl objects for client and server. Client write() without server
- * read().
- * - Good ssl objects for client and server. Server write() without client
- * read().
- * - Forgetting the password callback?
- */
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- AssertTrue(client_args.return_code);
- AssertTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
- static void test_wolfSSL_reuse_WOLFSSLobj(void)
- {
- /* The unit test for session resumption by re-using WOLFSSL object.
- * WOLFSSL object is not cleared after first session. It re-use the obeject
- * for second connection.
- */
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- client_args.signal = &ready;
- /* the var is used for loop number */
- server_args.argc = 2;
- start_thread(test_server_loop, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args);
- join_thread(serverThread);
- AssertTrue(client_args.return_code);
- AssertTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
- /* canned export of a session using older version 3 */
- static unsigned char version_3[] = {
- 0xA5, 0xA3, 0x01, 0x87, 0x00, 0x3b, 0x00, 0x01,
- 0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
- 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30, 0x05,
- 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE,
- 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00, 0x00,
- 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00,
- 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05, 0x12,
- 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31,
- 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3,
- 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91,
- 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00,
- 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF,
- 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5,
- 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF,
- 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA,
- 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0C,
- 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00, 0x10,
- 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01, 0x30,
- 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00, 0x09,
- 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E,
- 0x31, 0xED, 0x4F
- };
- #endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */
- static void test_wolfSSL_dtls_export(void)
- {
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- callback_functions server_cbf;
- callback_functions client_cbf;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- /* set using dtls */
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- XMEMSET(&client_cbf, 0, sizeof(callback_functions));
- server_cbf.method = wolfDTLSv1_2_server_method;
- client_cbf.method = wolfDTLSv1_2_client_method;
- server_args.callbacks = &server_cbf;
- client_args.callbacks = &client_cbf;
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(run_wolfssl_server, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- run_wolfssl_client(&client_args);
- join_thread(serverThread);
- AssertTrue(client_args.return_code);
- AssertTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- {
- SOCKET_T sockfd = 0;
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int msgSz = (int)XSTRLEN(msg);
- byte *session, *window;
- unsigned int sessionSz, windowSz;
- struct sockaddr_in peerAddr;
- int i;
- /* Set ctx to DTLS 1.2 */
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
- AssertNotNull(ssl = wolfSSL_new(ctx));
- /* test importing version 3 */
- AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
- /* test importing bad length and bad version */
- version_3[2] += 1;
- AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
- version_3[2] -= 1; version_3[1] = 0XA0;
- AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- /* check storing client state after connection and storing window only */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- /* set using dtls */
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- server_cbf.method = wolfDTLSv1_2_server_method;
- server_args.callbacks = &server_cbf;
- server_args.argc = 3; /* set loop_count to 3 */
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- /* create and connect with client */
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
- AssertNotNull(ssl = wolfSSL_new(ctx));
- AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- /* store server information connected too */
- XMEMSET(&peerAddr, 0, sizeof(peerAddr));
- peerAddr.sin_family = AF_INET;
- peerAddr.sin_port = XHTONS(server_args.signal->port);
- wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr));
- AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0);
- session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0);
- AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
- AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
- AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0);
- window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
- wolfSSL_free(ssl);
- for (i = 1; i < server_args.argc; i++) {
- /* restore state */
- AssertNotNull(ssl = wolfSSL_new(ctx));
- AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0);
- AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0);
- AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
- AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
- AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
- wolfSSL_free(ssl);
- }
- XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_CTX_free(ctx);
- printf("done and waiting for server\n");
- join_thread(serverThread);
- AssertIntEQ(server_args.return_code, TEST_SUCCESS);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- }
- printf(testingFmt, "wolfSSL_dtls_export()");
- printf(resultFmt, passed);
- #endif
- }
- /*----------------------------------------------------------------------------*
- | TLS extensions tests
- *----------------------------------------------------------------------------*/
- #if defined(HAVE_SNI) || defined(HAVE_ALPN)
- /* connection test runner */
- static void test_wolfSSL_client_server(callback_functions* client_callbacks,
- callback_functions* server_callbacks)
- {
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- client_args.callbacks = client_callbacks;
- server_args.callbacks = server_callbacks;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- /* RUN Server side */
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(run_wolfssl_server, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- /* RUN Client side */
- run_wolfssl_client(&client_args);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- }
- #endif /* defined(HAVE_SNI) || defined(HAVE_ALPN) */
- #ifdef HAVE_SNI
- static void test_wolfSSL_UseSNI_params(void)
- {
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- AssertNotNull(ctx);
- AssertNotNull(ssl);
- /* invalid [ctx|ssl] */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
- /* invalid type */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
- /* invalid data */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
- /* success case */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- }
- /* BEGIN of connection tests callbacks */
- static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
- }
- static void use_SNI_at_ssl(WOLFSSL* ssl)
- {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
- }
- static void different_SNI_at_ssl(WOLFSSL* ssl)
- {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
- }
- static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
- {
- use_SNI_at_ssl(ssl);
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
- }
- static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
- {
- use_SNI_at_ssl(ssl);
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH);
- }
- static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
- {
- use_SNI_at_ctx(ctx);
- wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ABORT_ON_ABSENCE);
- }
- static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
- {
- use_SNI_at_ssl(ssl);
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ABORT_ON_ABSENCE);
- }
- static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
- {
- use_SNI_at_ctx(ctx);
- wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
- }
- static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
- {
- AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
- }
- static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
- {
- AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
- }
- static void verify_SNI_no_matching(WOLFSSL* ssl)
- {
- byte type = WOLFSSL_SNI_HOST_NAME;
- char* request = (char*) &type; /* to be overwritten */
- AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
- AssertNotNull(request);
- AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
- AssertNull(request);
- }
- static void verify_SNI_real_matching(WOLFSSL* ssl)
- {
- byte type = WOLFSSL_SNI_HOST_NAME;
- char* request = NULL;
- AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
- AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
- AssertNotNull(request);
- AssertStrEQ("www.wolfssl.com", request);
- }
- static void verify_SNI_fake_matching(WOLFSSL* ssl)
- {
- byte type = WOLFSSL_SNI_HOST_NAME;
- char* request = NULL;
- AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
- AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
- AssertNotNull(request);
- AssertStrEQ("ww2.wolfssl.com", request);
- }
- static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
- {
- AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
- }
- /* END of connection tests callbacks */
- static void test_wolfSSL_UseSNI_connection(void)
- {
- unsigned long i;
- callback_functions callbacks[] = {
- /* success case at ctx */
- {0, use_SNI_at_ctx, 0, 0, 0, 0},
- {0, use_SNI_at_ctx, 0, verify_SNI_real_matching, 0, 0},
- /* success case at ssl */
- {0, 0, use_SNI_at_ssl, verify_SNI_real_matching, 0, 0},
- {0, 0, use_SNI_at_ssl, verify_SNI_real_matching, 0, 0},
- /* default mismatch behavior */
- {0, 0, different_SNI_at_ssl, verify_FATAL_ERROR_on_client, 0, 0},
- {0, 0, use_SNI_at_ssl, verify_UNKNOWN_SNI_on_server, 0, 0},
- /* continue on mismatch */
- {0, 0, different_SNI_at_ssl, 0, 0, 0},
- {0, 0, use_SNI_WITH_CONTINUE_at_ssl, verify_SNI_no_matching, 0, 0},
- /* fake answer on mismatch */
- {0, 0, different_SNI_at_ssl, 0, 0, 0},
- {0, 0, use_SNI_WITH_FAKE_ANSWER_at_ssl, verify_SNI_fake_matching, 0, 0},
- /* sni abort - success */
- {0, use_SNI_at_ctx, 0, 0, 0, 0},
- {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_real_matching, 0, 0},
- /* sni abort - abort when absent (ctx) */
- {0, 0, 0, verify_FATAL_ERROR_on_client, 0, 0},
- {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_ABSENT_on_server, 0, 0},
- /* sni abort - abort when absent (ssl) */
- {0, 0, 0, verify_FATAL_ERROR_on_client, 0, 0},
- {0, 0, use_MANDATORY_SNI_at_ssl, verify_SNI_ABSENT_on_server, 0, 0},
- /* sni abort - success when overwritten */
- {0, 0, 0, 0, 0, 0},
- {0, use_MANDATORY_SNI_at_ctx, use_SNI_at_ssl, verify_SNI_no_matching, 0, 0},
- /* sni abort - success when allowing mismatches */
- {0, 0, different_SNI_at_ssl, 0, 0, 0},
- {0, use_PSEUDO_MANDATORY_SNI_at_ctx, 0, verify_SNI_fake_matching, 0, 0},
- };
- for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) {
- callbacks[i ].method = wolfSSLv23_client_method;
- callbacks[i + 1].method = wolfSSLv23_server_method;
- test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]);
- }
- }
- static void test_wolfSSL_SNI_GetFromBuffer(void)
- {
- byte buffer[] = { /* www.paypal.com */
- 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
- 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
- 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
- 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
- 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
- 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
- 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
- 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
- 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
- };
- byte buffer2[] = { /* api.textmate.org */
- 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
- 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
- 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
- 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
- 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
- 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
- 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
- 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
- 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
- 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
- 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
- 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
- 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
- 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
- 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
- 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
- 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
- };
- byte buffer3[] = { /* no sni extension */
- 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
- 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
- 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
- 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
- 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
- 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
- 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
- };
- byte buffer4[] = { /* last extension has zero size */
- 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
- 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
- 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
- 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
- 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
- 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
- 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
- 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
- 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
- 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
- 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
- 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
- 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
- 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
- 0x12, 0x00, 0x00
- };
- byte buffer5[] = { /* SSL v2.0 client hello */
- 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
- /* dummy bytes bellow, just to pass size check */
- 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
- 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
- 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
- };
- byte result[32] = {0};
- word32 length = 32;
- AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer4, sizeof(buffer4),
- 0, result, &length));
- AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer3, sizeof(buffer3),
- 0, result, &length));
- AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2),
- 1, result, &length));
- AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
- 0, result, &length));
- buffer[0] = 0x16;
- AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
- 0, result, &length));
- buffer[1] = 0x03;
- AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer,
- sizeof(buffer), 0, result, &length));
- buffer[2] = 0x03;
- AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buffer,
- sizeof(buffer), 0, result, &length));
- buffer[4] = 0x64;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
- 0, result, &length));
- result[length] = 0;
- AssertStrEQ("www.paypal.com", (const char*) result);
- length = 32;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2),
- 0, result, &length));
- result[length] = 0;
- AssertStrEQ("api.textmate.org", (const char*) result);
- /* SSL v2.0 tests */
- AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer5,
- sizeof(buffer5), 0, result, &length));
- buffer5[2] = 0x02;
- AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
- sizeof(buffer5), 0, result, &length));
- buffer5[2] = 0x01; buffer5[6] = 0x08;
- AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
- sizeof(buffer5), 0, result, &length));
- buffer5[6] = 0x09; buffer5[8] = 0x01;
- AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
- sizeof(buffer5), 0, result, &length));
- }
- #endif /* HAVE_SNI */
- static void test_wolfSSL_UseSNI(void)
- {
- #ifdef HAVE_SNI
- test_wolfSSL_UseSNI_params();
- test_wolfSSL_UseSNI_connection();
- test_wolfSSL_SNI_GetFromBuffer();
- #endif
- }
- #endif /* HAVE_IO_TESTS_DEPENDENCIES */
- static void test_wolfSSL_UseTrustedCA(void)
- {
- #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
- WOLFSSL_CTX *ctx;
- WOLFSSL *ssl;
- byte id[20];
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())));
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- #else
- AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())));
- #endif
- AssertNotNull((ssl = wolfSSL_new(ctx)));
- XMEMSET(id, 0, sizeof(id));
- /* error cases */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
- #ifdef NO_SHA
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
- #endif
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
- /* success cases */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
- #ifndef NO_SHA
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
- #endif
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* HAVE_TRUSTED_CA */
- }
- static void test_wolfSSL_UseMaxFragment(void)
- {
- #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #else
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #endif
- WOLFSSL *ssl = wolfSSL_new(ctx);
- AssertNotNull(ctx);
- AssertNotNull(ssl);
- /* error cases */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1));
- /* success case */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_UseTruncatedHMAC(void)
- {
- #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #else
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #endif
- WOLFSSL *ssl = wolfSSL_new(ctx);
- AssertNotNull(ctx);
- AssertNotNull(ssl);
- /* error cases */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
- /* success case */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_UseSupportedCurve(void)
- {
- #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- AssertNotNull(ctx);
- AssertNotNull(ssl);
- /* error cases */
- AssertIntNE(WOLFSSL_SUCCESS,
- wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
- AssertIntNE(WOLFSSL_SUCCESS,
- wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
- /* success case */
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- #if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
- {
- AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
- }
- static void use_ALPN_all(WOLFSSL* ssl)
- {
- /* http/1.1,spdy/1,spdy/2,spdy/3 */
- char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- }
- static void use_ALPN_all_continue(WOLFSSL* ssl)
- {
- /* http/1.1,spdy/1,spdy/2,spdy/3 */
- char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
- }
- static void use_ALPN_one(WOLFSSL* ssl)
- {
- /* spdy/2 */
- char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- }
- static void use_ALPN_unknown(WOLFSSL* ssl)
- {
- /* http/2.0 */
- char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- }
- static void use_ALPN_unknown_continue(WOLFSSL* ssl)
- {
- /* http/2.0 */
- char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
- }
- static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl)
- {
- /* spdy/3 */
- char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- char *proto = NULL;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntNE(1, sizeof(nego_proto) == protoSz);
- if (proto) {
- AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto)));
- }
- }
- static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
- {
- char *proto = NULL;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
- wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntEQ(1, (0 == protoSz));
- AssertIntEQ(1, (NULL == proto));
- }
- static void verify_ALPN_matching_http1(WOLFSSL* ssl)
- {
- /* http/1.1 */
- char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
- char *proto;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntEQ(1, sizeof(nego_proto) == protoSz);
- AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
- }
- static void verify_ALPN_matching_spdy2(WOLFSSL* ssl)
- {
- /* spdy/2 */
- char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
- char *proto;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntEQ(1, sizeof(nego_proto) == protoSz);
- AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
- }
- static void verify_ALPN_client_list(WOLFSSL* ssl)
- {
- /* http/1.1,spdy/1,spdy/2,spdy/3 */
- char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- char *clist = NULL;
- word16 clistSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist,
- &clistSz));
- /* check value */
- AssertIntEQ(1, sizeof(alpn_list) == clistSz);
- AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
- }
- static void test_wolfSSL_UseALPN_connection(void)
- {
- unsigned long i;
- callback_functions callbacks[] = {
- /* success case same list */
- {0, 0, use_ALPN_all, 0, 0, 0},
- {0, 0, use_ALPN_all, verify_ALPN_matching_http1, 0, 0},
- /* success case only one for server */
- {0, 0, use_ALPN_all, 0, 0, 0},
- {0, 0, use_ALPN_one, verify_ALPN_matching_spdy2, 0, 0},
- /* success case only one for client */
- {0, 0, use_ALPN_one, 0, 0, 0},
- {0, 0, use_ALPN_all, verify_ALPN_matching_spdy2, 0, 0},
- /* success case none for client */
- {0, 0, 0, 0, 0, 0},
- {0, 0, use_ALPN_all, 0, 0, 0},
- /* success case mismatch behavior but option 'continue' set */
- {0, 0, use_ALPN_all_continue, verify_ALPN_not_matching_continue, 0, 0},
- {0, 0, use_ALPN_unknown_continue, 0, 0, 0},
- /* success case read protocol send by client */
- {0, 0, use_ALPN_all, 0, 0, 0},
- {0, 0, use_ALPN_one, verify_ALPN_client_list, 0, 0},
- /* mismatch behavior with same list
- * the first and only this one must be taken */
- {0, 0, use_ALPN_all, 0, 0, 0},
- {0, 0, use_ALPN_all, verify_ALPN_not_matching_spdy3, 0, 0},
- /* default mismatch behavior */
- {0, 0, use_ALPN_all, 0, 0, 0},
- {0, 0, use_ALPN_unknown, verify_ALPN_FATAL_ERROR_on_client, 0, 0},
- };
- for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) {
- callbacks[i ].method = wolfSSLv23_client_method;
- callbacks[i + 1].method = wolfSSLv23_server_method;
- test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]);
- }
- }
- static void test_wolfSSL_UseALPN_params(void)
- {
- #ifndef NO_WOLFSSL_CLIENT
- /* "http/1.1" */
- char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
- /* "spdy/1" */
- char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31};
- /* "spdy/2" */
- char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
- /* "spdy/3" */
- char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- char buff[256];
- word32 idx;
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- AssertNotNull(ctx);
- AssertNotNull(ssl);
- /* error cases */
- AssertIntNE(WOLFSSL_SUCCESS,
- wolfSSL_UseALPN(NULL, http1, sizeof(http1),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0,
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* success case */
- /* http1 only */
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseALPN(ssl, http1, sizeof(http1),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* http1, spdy1 */
- XMEMCPY(buff, http1, sizeof(http1));
- idx = sizeof(http1);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
- idx += sizeof(spdy1);
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* http1, spdy2, spdy1 */
- XMEMCPY(buff, http1, sizeof(http1));
- idx = sizeof(http1);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
- idx += sizeof(spdy2);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
- idx += sizeof(spdy1);
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* spdy3, http1, spdy2, spdy1 */
- XMEMCPY(buff, spdy3, sizeof(spdy3));
- idx = sizeof(spdy3);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, http1, sizeof(http1));
- idx += sizeof(http1);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
- idx += sizeof(spdy2);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
- idx += sizeof(spdy1);
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- #endif /* HAVE_ALPN */
- static void test_wolfSSL_UseALPN(void)
- {
- #if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) &&\
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- test_wolfSSL_UseALPN_connection();
- test_wolfSSL_UseALPN_params();
- #endif
- }
- static void test_wolfSSL_DisableExtendedMasterSecret(void)
- {
- #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- AssertNotNull(ctx);
- AssertNotNull(ssl);
- /* error cases */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
- /* success cases */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
- {
- #if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- AssertNotNull(ctx);
- AssertNotNull(ssl);
- /* error cases */
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL));
- AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL));
- /* success cases */
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- /*----------------------------------------------------------------------------*
- | X509 Tests
- *----------------------------------------------------------------------------*/
- static void test_wolfSSL_X509_NAME_get_entry(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_RSA)
- #if defined(OPENSSL_ALL) || \
- (defined(OPENSSL_EXTRA) && \
- (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
- printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
- {
- /* use openssl like name to test mapping */
- X509_NAME_ENTRY* ne;
- X509_NAME* name;
- X509* x509;
- #ifndef NO_FILESYSTEM
- ASN1_STRING* asn;
- char* subCN = NULL;
- #endif
- int idx;
- ASN1_OBJECT *object = NULL;
- #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
- BIO* bio;
- #endif
- #ifndef NO_FILESYSTEM
- x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- name = X509_get_subject_name(x509);
- idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
- AssertIntGE(idx, 0);
- ne = X509_NAME_get_entry(name, idx);
- AssertNotNull(ne);
- asn = X509_NAME_ENTRY_get_data(ne);
- AssertNotNull(asn);
- subCN = (char*)ASN1_STRING_data(asn);
- AssertNotNull(subCN);
- wolfSSL_FreeX509(x509);
- #endif
- x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- name = X509_get_subject_name(x509);
- idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
- AssertIntGE(idx, 0);
- #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
- (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
- BIO_free(bio);
- #endif
- ne = X509_NAME_get_entry(name, idx);
- AssertNotNull(ne);
- AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
- wolfSSL_FreeX509(x509);
- }
- printf(resultFmt, passed);
- #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
- #endif /* !NO_CERTS && !NO_RSA */
- }
- /* Testing functions dealing with PKCS12 parsing out X509 certs */
- static void test_wolfSSL_PKCS12(void)
- {
- /* .p12 file is encrypted with DES3 */
- #ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
- * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
- * Password Key
- */
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
- !defined(NO_SHA)
- byte buffer[6000];
- char file[] = "./certs/test-servercert.p12";
- char order[] = "./certs/ecc-rsa-server.p12";
- char pass[] = "a password";
- #ifdef HAVE_ECC
- WOLFSSL_X509_NAME* subject;
- WOLFSSL_X509 *x509;
- #endif
- XFILE f;
- int bytes, ret;
- WOLFSSL_BIO *bio;
- WOLFSSL_EVP_PKEY *pkey;
- WC_PKCS12 *pkcs12;
- WC_PKCS12 *pkcs12_2;
- WOLFSSL_X509 *cert;
- WOLFSSL_X509 *tmp;
- WOLF_STACK_OF(WOLFSSL_X509) *ca;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
- || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
- WOLFSSL_CTX *ctx;
- WOLFSSL *ssl;
- WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
- #endif
- printf(testingFmt, "wolfSSL_PKCS12()");
- f = XFOPEN(file, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- bio = BIO_new_mem_buf((void*)buffer, bytes);
- AssertNotNull(bio);
- pkcs12 = d2i_PKCS12_bio(bio, NULL);
- AssertNotNull(pkcs12);
- PKCS12_free(pkcs12);
- d2i_PKCS12_bio(bio, &pkcs12);
- AssertNotNull(pkcs12);
- BIO_free(bio);
- /* check verify MAC fail case */
- ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
- AssertIntEQ(ret, 0);
- AssertNull(pkey);
- AssertNull(cert);
- /* check parse with no extra certs kept */
- ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
- AssertIntEQ(ret, 1);
- AssertNotNull(pkey);
- AssertNotNull(cert);
- wolfSSL_EVP_PKEY_free(pkey);
- wolfSSL_X509_free(cert);
- /* check parse with extra certs kept */
- ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
- AssertIntEQ(ret, 1);
- AssertNotNull(pkey);
- AssertNotNull(cert);
- AssertNotNull(ca);
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
- || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
- /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
- #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* Copy stack structure */
- AssertNotNull(tmp_ca = sk_X509_dup(ca));
- AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
- /* CTX now owns the tmp_ca stack structure */
- tmp_ca = NULL;
- AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
- AssertNotNull(tmp_ca);
- AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
- /* Check that the main cert is also set */
- AssertNotNull(ssl = SSL_new(ctx));
- AssertNotNull(SSL_get_certificate(ssl));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- /* should be 2 other certs on stack */
- tmp = sk_X509_pop(ca);
- AssertNotNull(tmp);
- X509_free(tmp);
- tmp = sk_X509_pop(ca);
- AssertNotNull(tmp);
- X509_free(tmp);
- AssertNull(sk_X509_pop(ca));
- EVP_PKEY_free(pkey);
- X509_free(cert);
- sk_X509_pop_free(ca, X509_free);
- /* check PKCS12_create */
- AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
- AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
- SSL_SUCCESS);
- AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
- -1, -1, 100, -1, 0)));
- EVP_PKEY_free(pkey);
- X509_free(cert);
- sk_X509_free(ca);
- AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
- SSL_SUCCESS);
- PKCS12_free(pkcs12_2);
- AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- 2000, 1, 0)));
- EVP_PKEY_free(pkey);
- X509_free(cert);
- sk_X509_free(ca);
- /* convert to DER then back and parse */
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
- PKCS12_free(pkcs12_2);
- AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
- BIO_free(bio);
- AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
- SSL_SUCCESS);
- /* should be 2 other certs on stack */
- tmp = sk_X509_pop(ca);
- AssertNotNull(tmp);
- X509_free(tmp);
- tmp = sk_X509_pop(ca);
- AssertNotNull(tmp);
- X509_free(tmp);
- AssertNull(sk_X509_pop(ca));
- #ifndef NO_RC4
- PKCS12_free(pkcs12_2);
- AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
- NID_pbe_WithSHA1And128BitRC4,
- NID_pbe_WithSHA1And128BitRC4,
- 2000, 1, 0)));
- EVP_PKEY_free(pkey);
- X509_free(cert);
- sk_X509_free(ca);
- AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
- SSL_SUCCESS);
- #endif /* NO_RC4 */
- EVP_PKEY_free(pkey);
- X509_free(cert);
- PKCS12_free(pkcs12);
- PKCS12_free(pkcs12_2);
- sk_X509_free(ca);
- #ifdef HAVE_ECC
- /* test order of parsing */
- f = XFOPEN(order, "rb");
- AssertTrue(f != XBADFILE);
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes));
- AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
- AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
- WOLFSSL_SUCCESS);
- AssertNotNull(pkey);
- AssertNotNull(cert);
- AssertNotNull(ca);
- /* compare subject lines of certificates */
- AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
- SSL_FILETYPE_PEM));
- AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
- (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
- X509_free(x509);
- /* test expected fail case */
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
- SSL_FILETYPE_PEM));
- AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
- (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
- X509_free(x509);
- X509_free(cert);
- /* get subject line from ca stack */
- AssertNotNull(cert = sk_X509_pop(ca));
- AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
- /* compare subject from certificate in ca to expected */
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
- SSL_FILETYPE_PEM));
- AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
- (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
- EVP_PKEY_free(pkey);
- X509_free(x509);
- X509_free(cert);
- BIO_free(bio);
- PKCS12_free(pkcs12);
- sk_X509_free(ca); /* TEST d2i_PKCS12_fp */
- /* test order of parsing */
- f = XFOPEN(file, "rb");
- AssertTrue(f != XBADFILE);
- AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
- XFCLOSE(f);
- /* check verify MAC fail case */
- ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
- AssertIntEQ(ret, 0);
- AssertNull(pkey);
- AssertNull(cert);
- /* check parse with no extra certs kept */
- ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
- AssertIntEQ(ret, 1);
- AssertNotNull(pkey);
- AssertNotNull(cert);
- wolfSSL_EVP_PKEY_free(pkey);
- wolfSSL_X509_free(cert);
- /* check parse with extra certs kept */
- ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
- AssertIntEQ(ret, 1);
- AssertNotNull(pkey);
- AssertNotNull(cert);
- AssertNotNull(ca);
- wolfSSL_EVP_PKEY_free(pkey);
- wolfSSL_X509_free(cert);
- sk_X509_free(ca);
- PKCS12_free(pkcs12);
- #endif /* HAVE_ECC */
- /* Test i2d_PKCS12_bio */
- f = XFOPEN(file, "rb");
- AssertTrue((f != XBADFILE));
- AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
- XFCLOSE(f);
- bio = BIO_new(BIO_s_mem());
- AssertNotNull(bio);
- ret = i2d_PKCS12_bio(bio, pkcs12);
- AssertIntEQ(ret, 1);
- ret = i2d_PKCS12_bio(NULL, pkcs12);
- AssertIntEQ(ret, 0);
- ret = i2d_PKCS12_bio(bio, NULL);
- AssertIntEQ(ret, 0);
- PKCS12_free(pkcs12);
- BIO_free(bio);
- (void)order;
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA */
- #endif /* HAVE_FIPS */
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
- defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
- (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5)
- #define TEST_PKCS8_ENC
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
- && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
- /* used to keep track if FailTestCallback was called */
- static int failTestCallbackCalled = 0;
- static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
- {
- (void)passwd;
- (void)sz;
- (void)rw;
- (void)userdata;
- /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */
- failTestCallbackCalled = 1;
- return -1;
- }
- #endif
- static void test_wolfSSL_no_password_cb(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
- && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
- WOLFSSL_CTX* ctx;
- byte buffer[FOURK_BUF];
- const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
- const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
- XFILE f;
- int bytes;
- printf(testingFmt, "test_wolfSSL_no_password_cb()");
- #ifndef NO_WOLFSSL_CLIENT
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
- #endif
- wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
- AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- AssertIntLE(bytes, sizeof(buffer));
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- AssertIntLE(bytes, sizeof(buffer));
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- if (failTestCallbackCalled != 0) {
- Fail(("Password callback should not be called by default"),
- ("Password callback was called without attempting "
- "to first decipher private key without password."));
- }
- printf(resultFmt, passed);
- #endif
- }
- #ifdef TEST_PKCS8_ENC
- /* for PKCS8 test case */
- static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
- {
- int flag = 0;
- (void)rw;
- if (userdata != NULL) {
- flag = *((int*)userdata); /* user set data */
- }
- switch (flag) {
- case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata
- * can be anything the user wishes to be passed to the callback
- * associated with the WOLFSSL_CTX */
- XSTRNCPY(passwd, "yassl123", sz);
- return 8;
- default:
- return BAD_FUNC_ARG;
- }
- }
- #endif /* TEST_PKCS8_ENC */
- /* Testing functions dealing with PKCS8 */
- static void test_wolfSSL_PKCS8(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
- byte buffer[FOURK_BUF];
- byte der[FOURK_BUF];
- #ifndef NO_RSA
- const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
- const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
- #endif
- const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
- #ifdef HAVE_ECC
- const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
- #endif
- XFILE f;
- int bytes;
- WOLFSSL_CTX* ctx;
- #ifdef HAVE_ECC
- int ret;
- ecc_key key;
- word32 x = 0;
- #endif
- #ifdef TEST_PKCS8_ENC
- #if !defined(NO_RSA) && !defined(NO_SHA)
- const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
- const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
- #endif
- #if defined(HAVE_ECC) && !defined(NO_SHA)
- const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
- const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
- #endif
- int flag;
- #endif
- printf(testingFmt, "wolfSSL_PKCS8()");
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #else
- #ifndef WOLFSSL_NO_TLS12
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- #endif
- #endif
- #ifdef TEST_PKCS8_ENC
- wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
- wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
- flag = 1; /* used by password callback as return code */
- #if !defined(NO_RSA) && !defined(NO_SHA)
- /* test loading PEM PKCS8 encrypted file */
- f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
- AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der),
- "yassl123"), 0);
- /* test that error value is returned with a bad password */
- AssertIntLT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der),
- "bad"), 0);
- /* test loading PEM PKCS8 encrypted file */
- f = XFOPEN(serverKeyPkcs8EncDerFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- flag = 1; /* used by password callback as return code */
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif /* !NO_RSA && !NO_SHA */
- #if defined(HAVE_ECC) && !defined(NO_SHA)
- /* test loading PEM PKCS8 encrypted ECC Key file */
- f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- flag = 1; /* used by password callback as return code */
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
- AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der),
- "yassl123"), 0);
- /* test that error value is returned with a bad password */
- AssertIntLT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der),
- "bad"), 0);
- /* test loading DER PKCS8 encrypted ECC Key file */
- f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- flag = 1; /* used by password callback as return code */
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* leave flag as "okay" */
- flag = 1;
- #endif /* HAVE_ECC && !NO_SHA */
- #endif /* TEST_PKCS8_ENC */
- #ifndef NO_RSA
- /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
- f = XFOPEN(serverKeyPkcs8DerFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* test loading PEM PKCS8 private key file (not encrypted) */
- f = XFOPEN(serverKeyPkcs8PemFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #endif /* !NO_RSA */
- /* Test PKCS8 PEM ECC key no crypt */
- f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- #ifdef HAVE_ECC
- /* Test PKCS8 PEM ECC key no crypt */
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* decrypt PKCS8 PEM to key in DER format */
- AssertIntGT((bytes = wc_KeyPemToDer(buffer, bytes, der,
- (word32)sizeof(der), NULL)), 0);
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
- wc_ecc_free(&key);
- }
- AssertIntEQ(ret, 0);
- /* Test PKCS8 DER ECC key no crypt */
- f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- /* Test using a PKCS8 ECC PEM */
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #else
- /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
- AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der,
- (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
- #endif /* HAVE_ECC */
- wolfSSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
- }
- static void test_wolfSSL_PKCS8_ED25519(void)
- {
- #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
- defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519)
- const byte encPrivKey[] = \
- "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
- "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
- "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
- "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
- "2L9W4v7swXkV+X+a1ww=\n"
- "-----END ENCRYPTED PRIVATE KEY-----\n";
- const char password[] = "abcdefghijklmnopqrstuvwxyz";
- byte der[FOURK_BUF];
- WOLFSSL_CTX* ctx;
- int bytes;
- XMEMSET(der, 0, sizeof(der));
- AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
- (word32)sizeof(der), password)), 0);
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_PKCS8_ED448(void)
- {
- #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
- defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448)
- const byte encPrivKey[] = \
- "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
- "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n"
- "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n"
- "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n"
- "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n"
- "-----END ENCRYPTED PRIVATE KEY-----\n";
- const char password[] = "abcdefghijklmnopqrstuvwxyz";
- byte der[FOURK_BUF];
- WOLFSSL_CTX* ctx;
- int bytes;
- XMEMSET(der, 0, sizeof(der));
- AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
- (word32)sizeof(der), password)), 0);
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- /* Testing functions dealing with PKCS5 */
- static void test_wolfSSL_PKCS5(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
- #ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
- const char* passwd = "myfipsPa$$W0rd";
- #else
- const char *passwd = "pass1234";
- #endif
- const unsigned char *salt = (unsigned char *)"salt1234";
- unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- int ret = 0;
- AssertNotNull(out);
- ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt,
- (int)XSTRLEN((const char *) salt), 10,
- WC_SHA_DIGEST_SIZE,out);
- AssertIntEQ(ret, SSL_SUCCESS);
- #ifdef WOLFSSL_SHA512
- ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
- (int)XSTRLEN((const char *) salt), 10,
- wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out);
- AssertIntEQ(ret, SSL_SUCCESS);
- #endif
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
- }
- /* test parsing URI from certificate */
- static void test_wolfSSL_URI(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
- && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
- defined(OPENSSL_EXTRA))
- WOLFSSL_X509* x509;
- const char uri[] = "./certs/client-uri-cert.pem";
- const char badUri[] = "./certs/client-relative-uri.pem";
- printf(testingFmt, "wolfSSL URI parse");
- x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- wolfSSL_FreeX509(x509);
- x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
- #ifndef IGNORE_NAME_CONSTRAINTS
- AssertNull(x509);
- #else
- AssertNotNull(x509);
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_TBS(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
- && defined(OPENSSL_EXTRA)
- WOLFSSL_X509* x509;
- const unsigned char* tbs;
- int tbsSz;
- printf(testingFmt, "wolfSSL TBS");
- AssertNotNull(x509 =
- wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
- AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
- AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
- AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
- AssertIntEQ(tbsSz, 1003);
- wolfSSL_FreeX509(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_verify(void)
- {
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
- && defined(OPENSSL_EXTRA)
- WOLFSSL_X509* ca;
- WOLFSSL_X509* server;
- WOLFSSL_EVP_PKEY* pkey;
- unsigned char buf[2048];
- const unsigned char* pt = NULL;
- int bufSz;
- printf(testingFmt, "wolfSSL X509 verify");
- AssertNotNull(ca =
- wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
- AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(bufSz, 294);
- bufSz = 2048;
- AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
- AssertNotNull(server =
- wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM));
- /* success case */
- pt = buf;
- AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
- AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);
- AssertIntEQ(wolfSSL_X509_verify(server, pkey), WOLFSSL_SUCCESS);
- wolfSSL_EVP_PKEY_free(pkey);
- /* fail case */
- bufSz = 2048;
- AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(server, buf, &bufSz),
- WOLFSSL_SUCCESS);
- pt = buf;
- AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
- AssertIntEQ(wolfSSL_X509_verify(server, pkey), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(wolfSSL_X509_verify(server, NULL), WOLFSSL_FATAL_ERROR);
- wolfSSL_EVP_PKEY_free(pkey);
- wolfSSL_FreeX509(ca);
- wolfSSL_FreeX509(server);
- printf(resultFmt, passed);
- #endif
- }
- /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
- * version allowed.
- * POST: 1 on success.
- */
- static int test_wolfSSL_CTX_SetMinVersion(void)
- {
- int failFlag = WOLFSSL_SUCCESS;
- #ifndef NO_WOLFSSL_CLIENT
- WOLFSSL_CTX* ctx;
- int itr;
- #ifndef NO_OLD_TLS
- const int versions[] = {
- #ifdef WOLFSSL_ALLOW_TLSV10
- WOLFSSL_TLSV1,
- #endif
- WOLFSSL_TLSV1_1,
- WOLFSSL_TLSV1_2 };
- #elif !defined(WOLFSSL_NO_TLS12)
- const int versions[] = { WOLFSSL_TLSV1_2 };
- #elif defined(WOLFSSL_TLS13)
- const int versions[] = { WOLFSSL_TLSV1_3 };
- #else
- const int versions[0];
- #endif
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
- for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
- if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != WOLFSSL_SUCCESS){
- failFlag = WOLFSSL_FAILURE;
- }
- }
- printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
- wolfSSL_CTX_free(ctx);
- #endif
- return failFlag;
- } /* END test_wolfSSL_CTX_SetMinVersion */
- /*----------------------------------------------------------------------------*
- | OCSP Stapling
- *----------------------------------------------------------------------------*/
- /* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
- * need to contact the CA, lowering the cost of cert revocation checking.
- * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
- * POST: 1 returned for success.
- */
- static int test_wolfSSL_UseOCSPStapling(void)
- {
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
- !defined(NO_WOLFSSL_CLIENT)
- int ret;
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
- #else
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
- #endif
- #else
- #ifndef WOLFSSL_NO_TLS12
- ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
- #else
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
- #endif
- #endif
- ssl = wolfSSL_new(ctx);
- printf(testingFmt, "wolfSSL_UseOCSPStapling()");
- ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE);
- printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- return ret;
- #else
- return WOLFSSL_SUCCESS;
- #endif
- } /*END test_wolfSSL_UseOCSPStapling */
- /* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP
- * stapling eliminates the need to contact the CA and lowers cert revocation
- * check.
- * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
- */
- static int test_wolfSSL_UseOCSPStaplingV2 (void)
- {
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
- !defined(NO_WOLFSSL_CLIENT)
- int ret;
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
- #else
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
- #endif
- #else
- #ifndef WOLFSSL_NO_TLS12
- ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
- #else
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
- #endif
- #endif
- ssl = wolfSSL_new(ctx);
- printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
- ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE );
- printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- return ret;
- #else
- return WOLFSSL_SUCCESS;
- #endif
- } /*END test_wolfSSL_UseOCSPStaplingV2*/
- /*----------------------------------------------------------------------------*
- | Multicast Tests
- *----------------------------------------------------------------------------*/
- static void test_wolfSSL_mcast(void)
- {
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST)
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- int result;
- byte preMasterSecret[512];
- byte clientRandom[32];
- byte serverRandom[32];
- byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
- byte buf[256];
- word16 newId;
- ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
- AssertNotNull(ctx);
- result = wolfSSL_CTX_mcast_set_member_id(ctx, 0);
- AssertIntEQ(result, WOLFSSL_SUCCESS);
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
- XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
- XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
- result = wolfSSL_set_secret(ssl, 23,
- preMasterSecret, sizeof(preMasterSecret),
- clientRandom, serverRandom, suite);
- AssertIntEQ(result, WOLFSSL_SUCCESS);
- result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf));
- AssertIntLE(result, 0);
- AssertIntLE(newId, 100);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST */
- }
- /*----------------------------------------------------------------------------*
- | Wolfcrypt
- *----------------------------------------------------------------------------*/
- /*
- * Unit test for the wc_InitBlake2b()
- */
- static int test_wc_InitBlake2b (void)
- {
- int ret = 0;
- #ifdef HAVE_BLAKE2
- Blake2b blake2;
- printf(testingFmt, "wc_InitBlake2B()");
- /* Test good arg. */
- ret = wc_InitBlake2b(&blake2, 64);
- if (ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!ret) {
- ret = wc_InitBlake2b(NULL, 64);
- if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- if (!ret) {
- ret = wc_InitBlake2b(NULL, 128);
- if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- if (!ret) {
- ret = wc_InitBlake2b(&blake2, 128);
- if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- if (!ret) {
- ret = wc_InitBlake2b(NULL, 0);
- if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- if (!ret) {
- ret = wc_InitBlake2b(&blake2, 0);
- if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /*END test_wc_InitBlake2b*/
- /*
- * Unit test for the wc_InitMd5()
- */
- static int test_wc_InitMd5 (void)
- {
- int flag = 0;
- #ifndef NO_MD5
- wc_Md5 md5;
- int ret;
- printf(testingFmt, "wc_InitMd5()");
- /* Test good arg. */
- ret = wc_InitMd5(&md5);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!flag) {
- ret = wc_InitMd5(NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Md5Free(&md5);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_InitMd5 */
- /*
- * Testing wc_UpdateMd5()
- */
- static int test_wc_Md5Update (void)
- {
- int flag = 0;
- #ifndef NO_MD5
- wc_Md5 md5;
- byte hash[WC_MD5_DIGEST_SIZE];
- testVector a, b, c;
- int ret;
- ret = wc_InitMd5(&md5);
- if (ret != 0) {
- flag = ret;
- }
- printf(testingFmt, "wc_Md5Update()");
- /* Input */
- if (!flag) {
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update input. */
- if (!flag) {
- a.input = "abc";
- a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
- "\x72";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /*Pass in bad values. */
- if (!flag) {
- b.input = NULL;
- b.inLen = 0;
- ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- c.input = NULL;
- c.inLen = WC_MD5_DIGEST_SIZE;
- ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Md5Free(&md5);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Md5Update() */
- /*
- * Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
- */
- static int test_wc_Md5Final (void)
- {
- int flag = 0;
- #ifndef NO_MD5
- /* Instantiate */
- wc_Md5 md5;
- byte* hash_test[3];
- byte hash1[WC_MD5_DIGEST_SIZE];
- byte hash2[2*WC_MD5_DIGEST_SIZE];
- byte hash3[5*WC_MD5_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitMd5(&md5);
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test)/sizeof(byte*);
- /* Test good args. */
- printf(testingFmt, "wc_Md5Final()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Md5Final(&md5, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_Md5Final(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Md5Final(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Md5Final(&md5, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Md5Free(&md5);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- }
- /*
- * Unit test for the wc_InitSha()
- */
- static int test_wc_InitSha(void)
- {
- int flag = 0;
- #ifndef NO_SHA
- wc_Sha sha;
- int ret;
- printf(testingFmt, "wc_InitSha()");
- /* Test good arg. */
- ret = wc_InitSha(&sha);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!flag) {
- ret = wc_InitSha(NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_ShaFree(&sha);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_InitSha */
- /*
- * Tesing wc_ShaUpdate()
- */
- static int test_wc_ShaUpdate (void)
- {
- int flag = 0;
- #ifndef NO_SHA
- wc_Sha sha;
- byte hash[WC_SHA_DIGEST_SIZE];
- testVector a, b, c;
- int ret;
- ret = wc_InitSha(&sha);
- if (ret != 0) {
- flag = ret;
- }
- printf(testingFmt, "wc_ShaUpdate()");
- /* Input. */
- if (!flag) {
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update input. */
- if (!flag) {
- a.input = "abc";
- a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
- "\x6C\x9C\xD0\xD8\x9D";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_ShaFinal(&sha, hash);
- if (ret !=0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try passing in bad values. */
- if (!flag) {
- b.input = NULL;
- b.inLen = 0;
- ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- c.input = NULL;
- c.inLen = WC_SHA_DIGEST_SIZE;
- ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_ShaFree(&sha);
- /* If not returned then the unit test passed test vectors. */
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_ShaUpdate() */
- /*
- * Unit test on wc_ShaFinal
- */
- static int test_wc_ShaFinal (void)
- {
- int flag = 0;
- #ifndef NO_SHA
- wc_Sha sha;
- byte* hash_test[3];
- byte hash1[WC_SHA_DIGEST_SIZE];
- byte hash2[2*WC_SHA_DIGEST_SIZE];
- byte hash3[5*WC_SHA_DIGEST_SIZE];
- int times, i, ret;
- /*Initialize*/
- ret = wc_InitSha(&sha);
- if (ret) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test)/sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_ShaFinal()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_ShaFinal(&sha, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_ShaFinal(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_ShaFinal(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_ShaFinal(&sha, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_ShaFree(&sha);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_ShaFinal */
- /*
- * Unit test for wc_InitSha256()
- */
- static int test_wc_InitSha256 (void)
- {
- int flag = 0;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- int ret;
- printf(testingFmt, "wc_InitSha256()");
- /* Test good arg. */
- ret = wc_InitSha256(&sha256);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!flag) {
- ret = wc_InitSha256(NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha256Free(&sha256);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_InitSha256 */
- /*
- * Unit test for wc_Sha256Update()
- */
- static int test_wc_Sha256Update (void)
- {
- int flag = 0;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- byte hash[WC_SHA256_DIGEST_SIZE];
- testVector a, b, c;
- int ret;
- ret = wc_InitSha256(&sha256);
- if (ret != 0) {
- flag = ret;
- }
- printf(testingFmt, "wc_Sha256Update()");
- /* Input. */
- if (!flag) {
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Sha256Final(&sha256, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update input. */
- if (!flag) {
- a.input = "abc";
- a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Sha256Final(&sha256, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try passing in bad values */
- if (!flag) {
- b.input = NULL;
- b.inLen = 0;
- ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- c.input = NULL;
- c.inLen = WC_SHA256_DIGEST_SIZE;
- ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha256Free(&sha256);
- /* If not returned then the unit test passed. */
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256Update */
- /*
- * Unit test function for wc_Sha256Final()
- */
- static int test_wc_Sha256Final (void)
- {
- int flag = 0;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- byte* hash_test[3];
- byte hash1[WC_SHA256_DIGEST_SIZE];
- byte hash2[2*WC_SHA256_DIGEST_SIZE];
- byte hash3[5*WC_SHA256_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitSha256(&sha256);
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_Sha256Final()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Sha256Final(&sha256, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag ) {
- ret = wc_Sha256Final(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha256Final(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha256Final(&sha256, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha256Free(&sha256);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256Final */
- /*
- * Unit test function for wc_Sha256FinalRaw()
- */
- static int test_wc_Sha256FinalRaw (void)
- {
- int flag = 0;
- #if !defined(NO_SHA256) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha256 sha256;
- byte* hash_test[3];
- byte hash1[WC_SHA256_DIGEST_SIZE];
- byte hash2[2*WC_SHA256_DIGEST_SIZE];
- byte hash3[5*WC_SHA256_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitSha256(&sha256);
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_Sha256FinalRaw()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Sha256FinalRaw(&sha256, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag ) {
- ret = wc_Sha256FinalRaw(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha256FinalRaw(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha256FinalRaw(&sha256, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha256Free(&sha256);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256FinalRaw */
- /*
- * Unit test function for wc_Sha256GetFlags()
- */
- static int test_wc_Sha256GetFlags (void)
- {
- int flag = 0;
- #if !defined(NO_SHA256) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha256 sha256;
- word32 flags = 0;
- printf(testingFmt, "wc_Sha256GetFlags()");
- /* Initialize */
- flag = wc_InitSha256(&sha256);
- if (flag == 0) {
- flag = wc_Sha256GetFlags(&sha256, &flags);
- }
- if (flag == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- flag = 0;
- }
- }
- wc_Sha256Free(&sha256);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256GetFlags */
- /*
- * Unit test function for wc_Sha256Free()
- */
- static int test_wc_Sha256Free (void)
- {
- int flag = 0;
- #ifndef NO_SHA256
- printf(testingFmt, "wc_Sha256Free()");
- wc_Sha256Free(NULL);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256Free */
- /*
- * Unit test function for wc_Sha256GetHash()
- */
- static int test_wc_Sha256GetHash (void)
- {
- int flag = 0;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- byte hash1[WC_SHA256_DIGEST_SIZE];
- printf(testingFmt, "wc_Sha256GetHash()");
- /* Initialize */
- flag = wc_InitSha256(&sha256);
- if (flag == 0) {
- flag = wc_Sha256GetHash(&sha256, hash1);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha256GetHash(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha256GetHash(NULL, hash1);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha256GetHash(&sha256, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha256Free(&sha256);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256GetHash */
- /*
- * Unit test function for wc_Sha256Copy()
- */
- static int test_wc_Sha256Copy (void)
- {
- int flag = 0;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- wc_Sha256 temp;
- printf(testingFmt, "wc_Sha256Copy()");
- /* Initialize */
- flag = wc_InitSha256(&sha256);
- if (flag == 0) {
- flag = wc_InitSha256(&temp);
- }
- if (flag == 0) {
- flag = wc_Sha256Copy(&sha256, &temp);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha256Copy(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha256Copy(NULL, &temp);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha256Copy(&sha256, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha256Free(&sha256);
- wc_Sha256Free(&temp);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256Copy */
- /*
- * Testing wc_InitSha512()
- */
- static int test_wc_InitSha512 (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- int ret;
- printf(testingFmt, "wc_InitSha512()");
- /* Test good arg. */
- ret = wc_InitSha512(&sha512);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!flag) {
- ret = wc_InitSha512(NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha512Free(&sha512);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_InitSha512 */
- /*
- * wc_Sha512Update() test.
- */
- static int test_wc_Sha512Update (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- byte hash[WC_SHA512_DIGEST_SIZE];
- testVector a, b, c;
- int ret;
- ret = wc_InitSha512(&sha512);
- if (ret != 0) {
- flag = ret;
- }
- printf(testingFmt, "wc_Sha512Update()");
- /* Input. */
- if (!flag) {
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- ret = wc_Sha512Final(&sha512, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update input. */
- if (!flag) {
- a.input = "abc";
- a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
- "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
- "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
- "\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Sha512Final(&sha512, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try passing in bad values */
- if (!flag) {
- b.input = NULL;
- b.inLen = 0;
- ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- c.input = NULL;
- c.inLen = WC_SHA512_DIGEST_SIZE;
- ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha512Free(&sha512);
- /* If not returned then the unit test passed test vectors. */
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha512Update */
- /*
- * Unit test function for wc_Sha512Final()
- */
- static int test_wc_Sha512Final (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- byte* hash_test[3];
- byte hash1[WC_SHA512_DIGEST_SIZE];
- byte hash2[2*WC_SHA512_DIGEST_SIZE];
- byte hash3[5*WC_SHA512_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitSha512(&sha512);
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte *);
- /* Good test args. */
- printf(testingFmt, "wc_Sha512Final()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Sha512Final(&sha512, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_Sha512Final(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- if (!flag) {}
- ret = wc_Sha512Final(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha512Final(&sha512, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha512Free(&sha512);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha512Final */
- /*
- * Unit test function for wc_Sha512GetFlags()
- */
- static int test_wc_Sha512GetFlags (void)
- {
- int flag = 0;
- #if !defined(NO_SHA512) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha512 sha512;
- word32 flags = 0;
- printf(testingFmt, "wc_Sha512GetFlags()");
- /* Initialize */
- flag = wc_InitSha512(&sha512);
- if (flag == 0) {
- flag = wc_Sha512GetFlags(&sha512, &flags);
- }
- if (flag == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- flag = 0;
- }
- }
- wc_Sha512Free(&sha512);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha512GetFlags */
- /*
- * Unit test function for wc_Sha512FinalRaw()
- */
- static int test_wc_Sha512FinalRaw (void)
- {
- int flag = 0;
- #if !defined(NO_SHA512) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha512 sha512;
- byte* hash_test[3];
- byte hash1[WC_SHA512_DIGEST_SIZE];
- byte hash2[2*WC_SHA512_DIGEST_SIZE];
- byte hash3[5*WC_SHA512_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitSha512(&sha512);
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_Sha512FinalRaw()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Sha512FinalRaw(&sha512, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag ) {
- ret = wc_Sha512FinalRaw(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha512FinalRaw(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha512FinalRaw(&sha512, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha512Free(&sha512);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha512FinalRaw */
- /*
- * Unit test function for wc_Sha512Free()
- */
- static int test_wc_Sha512Free (void)
- {
- int flag = 0;
- #if !defined(NO_SHA512) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- printf(testingFmt, "wc_Sha512Free()");
- wc_Sha512Free(NULL);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha512Free */
- /*
- * Unit test function for wc_Sha512GetHash()
- */
- static int test_wc_Sha512GetHash (void)
- {
- int flag = 0;
- #if !defined(NO_SHA512) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha512 sha512;
- byte hash1[WC_SHA512_DIGEST_SIZE];
- printf(testingFmt, "wc_Sha512GetHash()");
- /* Initialize */
- flag = wc_InitSha512(&sha512);
- if (flag == 0) {
- flag = wc_Sha512GetHash(&sha512, hash1);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha512GetHash(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha512GetHash(NULL, hash1);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha512GetHash(&sha512, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha512Free(&sha512);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha512GetHash */
- /*
- * Unit test function for wc_Sha512Copy()
- */
- static int test_wc_Sha512Copy (void)
- {
- int flag = 0;
- #if !defined(NO_SHA512) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha512 sha512;
- wc_Sha512 temp;
- printf(testingFmt, "wc_Sha512Copy()");
- /* Initialize */
- flag = wc_InitSha512(&sha512);
- if (flag == 0) {
- flag = wc_InitSha512(&temp);
- }
- if (flag == 0) {
- flag = wc_Sha512Copy(&sha512, &temp);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha512Copy(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha512Copy(NULL, &temp);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha512Copy(&sha512, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha512Free(&sha512);
- wc_Sha512Free(&temp);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha512Copy */
- /*
- * Testing wc_InitSha384()
- */
- static int test_wc_InitSha384 (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- int ret;
- printf(testingFmt, "wc_InitSha384()");
- /* Test good arg. */
- ret = wc_InitSha384(&sha384);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!flag) {
- ret = wc_InitSha384(NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha384Free(&sha384);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_InitSha384 */
- /*
- * test wc_Sha384Update()
- */
- static int test_wc_Sha384Update (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- byte hash[WC_SHA384_DIGEST_SIZE];
- testVector a, b, c;
- int ret;
- ret = wc_InitSha384(&sha384);
- if (ret != 0) {
- flag = ret;
- }
- printf(testingFmt, "wc_Sha384Update()");
- /* Input */
- if (!flag) {
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Sha384Final(&sha384, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update input. */
- if (!flag) {
- a.input = "abc";
- a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Sha384Final(&sha384, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass in bad values. */
- if (!flag) {
- b.input = NULL;
- b.inLen = 0;
- ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- c.input = NULL;
- c.inLen = WC_SHA384_DIGEST_SIZE;
- ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha384Free(&sha384);
- /* If not returned then the unit test passed test vectors. */
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384Update */
- /*
- * Unit test function for wc_Sha384Final();
- */
- static int test_wc_Sha384Final (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- byte* hash_test[3];
- byte hash1[WC_SHA384_DIGEST_SIZE];
- byte hash2[2*WC_SHA384_DIGEST_SIZE];
- byte hash3[5*WC_SHA384_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitSha384(&sha384);
- if (ret) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_Sha384Final()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Sha384Final(&sha384, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_Sha384Final(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha384Final(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha384Final(&sha384, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha384Free(&sha384);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384Final */
- /*
- * Unit test function for wc_Sha384GetFlags()
- */
- static int test_wc_Sha384GetFlags (void)
- {
- int flag = 0;
- #if !defined(NO_SHA384) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha384 sha384;
- word32 flags = 0;
- printf(testingFmt, "wc_Sha384GetFlags()");
- /* Initialize */
- flag = wc_InitSha384(&sha384);
- if (flag == 0) {
- flag = wc_Sha384GetFlags(&sha384, &flags);
- }
- if (flag == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- flag = 0;
- }
- }
- wc_Sha384Free(&sha384);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384GetFlags */
- /*
- * Unit test function for wc_Sha384FinalRaw()
- */
- static int test_wc_Sha384FinalRaw (void)
- {
- int flag = 0;
- #if !defined(NO_SHA384) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha384 sha384;
- byte* hash_test[3];
- byte hash1[WC_SHA384_DIGEST_SIZE];
- byte hash2[2*WC_SHA384_DIGEST_SIZE];
- byte hash3[5*WC_SHA384_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitSha384(&sha384);
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_Sha384FinalRaw()");
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Sha384FinalRaw(&sha384, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag ) {
- ret = wc_Sha384FinalRaw(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha384FinalRaw(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha384FinalRaw(&sha384, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha384Free(&sha384);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384FinalRaw */
- /*
- * Unit test function for wc_Sha384Free()
- */
- static int test_wc_Sha384Free (void)
- {
- int flag = 0;
- #if !defined(NO_SHA384) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- printf(testingFmt, "wc_Sha384Free()");
- wc_Sha384Free(NULL);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384Free */
- /*
- * Unit test function for wc_Sha384GetHash()
- */
- static int test_wc_Sha384GetHash (void)
- {
- int flag = 0;
- #if !defined(NO_SHA384) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha384 sha384;
- byte hash1[WC_SHA384_DIGEST_SIZE];
- printf(testingFmt, "wc_Sha384GetHash()");
- /* Initialize */
- flag = wc_InitSha384(&sha384);
- if (flag == 0) {
- flag = wc_Sha384GetHash(&sha384, hash1);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha384GetHash(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha384GetHash(NULL, hash1);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha384GetHash(&sha384, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha384Free(&sha384);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384GetHash */
- /*
- * Unit test function for wc_Sha384Copy()
- */
- static int test_wc_Sha384Copy (void)
- {
- int flag = 0;
- #if !defined(NO_SHA384) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha384 sha384;
- wc_Sha384 temp;
- printf(testingFmt, "wc_Sha384Copy()");
- /* Initialize */
- flag = wc_InitSha384(&sha384);
- if (flag == 0) {
- flag = wc_InitSha384(&temp);
- }
- if (flag == 0) {
- flag = wc_Sha384Copy(&sha384, &temp);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha384Copy(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha384Copy(NULL, &temp);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha384Copy(&sha384, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha384Free(&sha384);
- wc_Sha384Free(&temp);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384Copy */
- /*
- * Testing wc_InitSha224();
- */
- static int test_wc_InitSha224 (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- int ret;
- printf(testingFmt, "wc_InitSha224()");
- /* Test good arg. */
- ret = wc_InitSha224(&sha224);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!flag) {
- ret = wc_InitSha224(NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha224Free(&sha224);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_InitSha224 */
- /*
- * Unit test on wc_Sha224Update
- */
- static int test_wc_Sha224Update (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- byte hash[WC_SHA224_DIGEST_SIZE];
- testVector a, b, c;
- int ret;
- ret = wc_InitSha224(&sha224);
- if (ret != 0) {
- flag = ret;
- }
- printf(testingFmt, "wc_Sha224Update()");
- /* Input. */
- if (!flag) {
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Sha224Final(&sha224, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update input. */
- if (!flag) {
- a.input = "abc";
- a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
- "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_Sha224Final(&sha224, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass in bad values. */
- if (!flag) {
- b.input = NULL;
- b.inLen = 0;
- ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- c.input = NULL;
- c.inLen = WC_SHA224_DIGEST_SIZE;
- ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha224Free(&sha224);
- /* If not returned then the unit test passed test vectors. */
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224Update */
- /*
- * Unit test for wc_Sha224Final();
- */
- static int test_wc_Sha224Final (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- byte* hash_test[3];
- byte hash1[WC_SHA224_DIGEST_SIZE];
- byte hash2[2*WC_SHA224_DIGEST_SIZE];
- byte hash3[5*WC_SHA224_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitSha224(&sha224);
- if (ret) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_sha224Final()");
- /* Testing oversized buffers. */
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_Sha224Final(&sha224, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_Sha224Final(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha224Final(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_Sha224Final(&sha224, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha224Free(&sha224);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224Final */
- /*
- * Unit test function for wc_Sha224SetFlags()
- */
- static int test_wc_Sha224SetFlags (void)
- {
- int flag = 0;
- #if defined(WOLFSSL_SHA224) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha224 sha224;
- word32 flags = 0;
- printf(testingFmt, "wc_Sha224SetFlags()");
- /* Initialize */
- flag = wc_InitSha224(&sha224);
- if (flag == 0) {
- flag = wc_Sha224SetFlags(&sha224, flags);
- }
- if (flag == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- flag = 0;
- }
- }
- wc_Sha224Free(&sha224);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224SetFlags */
- /*
- * Unit test function for wc_Sha224GetFlags()
- */
- static int test_wc_Sha224GetFlags (void)
- {
- int flag = 0;
- #if defined(WOLFSSL_SHA224) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha224 sha224;
- word32 flags = 0;
- printf(testingFmt, "wc_Sha224GetFlags()");
- /* Initialize */
- flag = wc_InitSha224(&sha224);
- if (flag == 0) {
- flag = wc_Sha224GetFlags(&sha224, &flags);
- }
- if (flag == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- flag = 0;
- }
- }
- wc_Sha224Free(&sha224);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224GetFlags */
- /*
- * Unit test function for wc_Sha224Free()
- */
- static int test_wc_Sha224Free (void)
- {
- int flag = 0;
- #if defined(WOLFSSL_SHA224) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- printf(testingFmt, "wc_Sha224Free()");
- wc_Sha224Free(NULL);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224Free */
- /*
- * Unit test function for wc_Sha224GetHash()
- */
- static int test_wc_Sha224GetHash (void)
- {
- int flag = 0;
- #if defined(WOLFSSL_SHA224) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha224 sha224;
- byte hash1[WC_SHA224_DIGEST_SIZE];
- printf(testingFmt, "wc_Sha224GetHash()");
- /* Initialize */
- flag = wc_InitSha224(&sha224);
- if (flag == 0) {
- flag = wc_Sha224GetHash(&sha224, hash1);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha224GetHash(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha224GetHash(NULL, hash1);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha224GetHash(&sha224, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha224Free(&sha224);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224GetHash */
- /*
- * Unit test function for wc_Sha224Copy()
- */
- static int test_wc_Sha224Copy (void)
- {
- int flag = 0;
- #if defined(WOLFSSL_SHA224) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha224 sha224;
- wc_Sha224 temp;
- printf(testingFmt, "wc_Sha224Copy()");
- /* Initialize */
- flag = wc_InitSha224(&sha224);
- if (flag == 0) {
- flag = wc_InitSha224(&temp);
- }
- if (flag == 0) {
- flag = wc_Sha224Copy(&sha224, &temp);
- }
- /*test bad arguements*/
- if (flag == 0) {
- flag = wc_Sha224Copy(NULL, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha224Copy(NULL, &temp);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- if (flag == 0) {
- flag = wc_Sha224Copy(&sha224, NULL);
- if (flag == BAD_FUNC_ARG) {
- flag = 0;
- }
- }
- wc_Sha224Free(&sha224);
- wc_Sha224Free(&temp);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224Copy */
- /*
- * Testing wc_InitRipeMd()
- */
- static int test_wc_InitRipeMd (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_RIPEMD
- RipeMd ripemd;
- int ret;
- printf(testingFmt, "wc_InitRipeMd()");
- /* Test good arg. */
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad arg. */
- if (!flag) {
- ret = wc_InitRipeMd(NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_InitRipeMd */
- /*
- * Testing wc_RipeMdUpdate()
- */
- static int test_wc_RipeMdUpdate (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_RIPEMD
- RipeMd ripemd;
- byte hash[RIPEMD_DIGEST_SIZE];
- testVector a, b, c;
- int ret;
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- flag = ret;
- }
- printf(testingFmt, "wc_RipeMdUpdate()");
- /* Input */
- if (!flag) {
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_RipeMdFinal(&ripemd, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update input. */
- if (!flag) {
- a.input = "abc";
- a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
- "\xb0\x87\xf1\x5a\x0b\xfc";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_RipeMdFinal(&ripemd, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass in bad values. */
- if (!flag) {
- b.input = NULL;
- b.inLen = 0;
- ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- c.input = NULL;
- c.inLen = RIPEMD_DIGEST_SIZE;
- ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_RipeMdUdpate */
- /*
- * Unit test function for wc_RipeMdFinal()
- */
- static int test_wc_RipeMdFinal (void)
- {
- int flag = 0;
- #ifdef WOLFSSL_RIPEMD
- RipeMd ripemd;
- byte* hash_test[3];
- byte hash1[RIPEMD_DIGEST_SIZE];
- byte hash2[2*RIPEMD_DIGEST_SIZE];
- byte hash3[5*RIPEMD_DIGEST_SIZE];
- int times, i, ret;
- /* Initialize */
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- }
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- printf(testingFmt, "wc_RipeMdFinal()");
- /* Testing oversized buffers. */
- for (i = 0; i < times; i++) {
- if (!flag) {
- ret = wc_RipeMdFinal(&ripemd, hash_test[i]);
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_RipeMdFinal(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_RipeMdFinal(NULL, hash1);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_RipeMdFinal(&ripemd, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_RipeMdFinal */
- /*
- * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
- * wc_InitSha3_512
- */
- static int test_wc_InitSha3 (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3)
- wc_Sha3 sha3;
- (void)sha3;
- #if !defined(WOLFSSL_NOSHA3_224)
- printf(testingFmt, "wc_InitSha3_224()");
- ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_InitSha3_224(NULL, HEAP_HINT, devId);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_224_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* NOSHA3_224 */
- #if !defined(WOLFSSL_NOSHA3_256)
- if (ret == 0) {
- printf(testingFmt, "wc_InitSha3_256()");
- ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_InitSha3_256(NULL, HEAP_HINT, devId);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_256_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END sha3_256 */
- #endif /* NOSHA3_256 */
- #if !defined(WOLFSSL_NOSHA3_384)
- if (ret == 0) {
- printf(testingFmt, "wc_InitSha3_384()");
- ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_InitSha3_384(NULL, HEAP_HINT, devId);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_384_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END sha3_384 */
- #endif /* NOSHA3_384 */
- #if !defined(WOLFSSL_NOSHA3_512)
- if (ret == 0) {
- printf(testingFmt, "wc_InitSha3_512()");
- ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_InitSha3_512(NULL, HEAP_HINT, devId);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_512_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END sha3_512 */
- #endif /* NOSHA3_512 */
- #endif
- return ret;
- } /* END test_wc_InitSha3 */
- /*
- * Testing wc_Sha3_Update()
- */
- static int testing_wc_Sha3_Update (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !defined(WOLFSSL_AFALG_XILINX)
- wc_Sha3 sha3;
- byte msg[] = "Everybody's working for the weekend.";
- byte msg2[] = "Everybody gets Friday off.";
- byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
- "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
- "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
- "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
- "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
- word32 msglen = sizeof(msg) - 1;
- word32 msg2len = sizeof(msg2);
- word32 msgCmplen = sizeof(msgCmp);
- #if !defined(WOLFSSL_NOSHA3_224)
- printf(testingFmt, "wc_Sha3_224_Update()");
- ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_Sha3_224_Update(&sha3, msg, msglen);
- if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
- if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_Sha3_224_Update(NULL, msg2, msg2len);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_224_Update(&sha3, NULL, 5);
- }
- if (ret == BAD_FUNC_ARG) {
- wc_Sha3_224_Free(&sha3);
- if (wc_InitSha3_224(&sha3, HEAP_HINT, devId)) {
- return ret;
- }
- ret = wc_Sha3_224_Update(&sha3, NULL, 0);
- if (ret == 0) {
- ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
- }
- if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- wc_Sha3_224_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* SHA3_224 */
- #if !defined(WOLFSSL_NOSHA3_256)
- if (ret == 0) {
- printf(testingFmt, "wc_Sha3_256_Update()");
- ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_Sha3_256_Update(&sha3, msg, msglen);
- if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
- if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_Sha3_256_Update(NULL, msg2, msg2len);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_256_Update(&sha3, NULL, 5);
- }
- if (ret == BAD_FUNC_ARG) {
- wc_Sha3_256_Free(&sha3);
- if (wc_InitSha3_256(&sha3, HEAP_HINT, devId)) {
- return ret;
- }
- ret = wc_Sha3_256_Update(&sha3, NULL, 0);
- if (ret == 0) {
- ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
- }
- if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- wc_Sha3_256_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- #endif /* SHA3_256 */
- #if !defined(WOLFSSL_NOSHA3_384)
- if (ret == 0) {
- printf(testingFmt, "wc_Sha3_384_Update()");
- ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_Sha3_384_Update(&sha3, msg, msglen);
- if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
- if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_Sha3_384_Update(NULL, msg2, msg2len);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_384_Update(&sha3, NULL, 5);
- }
- if (ret == BAD_FUNC_ARG) {
- wc_Sha3_384_Free(&sha3);
- if (wc_InitSha3_384(&sha3, HEAP_HINT, devId)) {
- return ret;
- }
- ret = wc_Sha3_384_Update(&sha3, NULL, 0);
- if (ret == 0) {
- ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
- }
- if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- wc_Sha3_384_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- #endif /* SHA3_384 */
- #if !defined(WOLFSSL_NOSHA3_512)
- if (ret == 0) {
- printf(testingFmt, "wc_Sha3_512_Update()");
- ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_Sha3_512_Update(&sha3, msg, msglen);
- if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
- if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_Sha3_512_Update(NULL, msg2, msg2len);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_512_Update(&sha3, NULL, 5);
- }
- if (ret == BAD_FUNC_ARG) {
- wc_Sha3_512_Free(&sha3);
- if (wc_InitSha3_512(&sha3, HEAP_HINT, devId)) {
- return ret;
- }
- ret = wc_Sha3_512_Update(&sha3, NULL, 0);
- if (ret == 0) {
- ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
- }
- if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- wc_Sha3_512_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- #endif /* SHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- return ret;
- } /* END testing_wc_Sha3_Update */
- /*
- * Testing wc_Sha3_224_Final()
- */
- static int test_wc_Sha3_224_Final (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
- "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
- "\x64\xea\xd0\xfc\xce\x33";
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashRet[WC_SHA3_224_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- printf(testingFmt, "wc_Sha3_224_Final()");
- ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_224_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_224_Final(NULL, hash);
- if (ret == 0) {
- ret = wc_Sha3_224_Final(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_224_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_Sha3_224_GetHash()");
- ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_224_GetHash(&sha3, hashRet);
- }
- if (ret == 0) {
- ret = wc_Sha3_224_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- /* Test bad args. */
- ret = wc_Sha3_224_GetHash(NULL, hashRet);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_224_GetHash(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- wc_Sha3_224_Free(&sha3);
- #endif
- return ret;
- } /* END test_wc_Sha3_224_Final */
- /*
- * Testing wc_Sha3_256_Final()
- */
- static int test_wc_Sha3_256_Final (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
- "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
- "\xdd\x97\x49\x6d\x33\x76";
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashRet[WC_SHA3_256_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- printf(testingFmt, "wc_Sha3_256_Final()");
- ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_256_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_256_Final(NULL, hash);
- if (ret == 0) {
- ret = wc_Sha3_256_Final(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_256_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_Sha3_256_GetHash()");
- ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_256_GetHash(&sha3, hashRet);
- }
- if (ret == 0) {
- ret = wc_Sha3_256_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- /* Test bad args. */
- ret = wc_Sha3_256_GetHash(NULL, hashRet);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_256_GetHash(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- wc_Sha3_256_Free(&sha3);
- #endif
- return ret;
- } /* END test_wc_Sha3_256_Final */
- /*
- * Testing wc_Sha3_384_Final()
- */
- static int test_wc_Sha3_384_Final (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
- "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
- "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
- "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- byte hashRet[WC_SHA3_384_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- printf(testingFmt, "wc_Sha3_384_Final()");
- ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_384_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_384_Final(NULL, hash);
- if (ret == 0) {
- ret = wc_Sha3_384_Final(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_384_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_Sha3_384_GetHash()");
- ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_384_GetHash(&sha3, hashRet);
- }
- if (ret == 0) {
- ret = wc_Sha3_384_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- /* Test bad args. */
- ret = wc_Sha3_384_GetHash(NULL, hashRet);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_384_GetHash(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- wc_Sha3_384_Free(&sha3);
- #endif
- return ret;
- } /* END test_wc_Sha3_384_Final */
- /*
- * Testing wc_Sha3_512_Final()
- */
- static int test_wc_Sha3_512_Final (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
- !defined(WOLFSSL_NOSHA3_384)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
- "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
- "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
- "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
- "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashRet[WC_SHA3_512_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- printf(testingFmt, "wc_Sha3_512_Final()");
- ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_512_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_512_Final(NULL, hash);
- if (ret == 0) {
- ret = wc_Sha3_384_Final(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Sha3_512_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_Sha3_512_GetHash()");
- ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Sha3_512_GetHash(&sha3, hashRet);
- }
- if (ret == 0) {
- ret = wc_Sha3_512_Final(&sha3, hash);
- if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- /* Test bad args. */
- ret = wc_Sha3_512_GetHash(NULL, hashRet);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_512_GetHash(&sha3, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- wc_Sha3_512_Free(&sha3);
- #endif
- return ret;
- } /* END test_wc_Sha3_512_Final */
- /*
- * Testing wc_Sha3_224_Copy()
- */
- static int test_wc_Sha3_224_Copy (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = "Everyone gets Friday off.";
- word32 msglen = (word32)XSTRLEN(msg);
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_224_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- printf(testingFmt, "wc_Sha3_224_Copy()");
- ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha3_224_Free(&sha3);
- return ret;
- }
- ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen);
- if (ret == 0) {
- ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3);
- if (ret == 0) {
- ret = wc_Sha3_224_Final(&sha3, hash);
- if (ret == 0) {
- ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy);
- }
- }
- if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_224_Copy(NULL, &sha3);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_224_Copy(&sha3Cpy, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Sha3_224_Copy */
- /*
- * Testing wc_Sha3_256_Copy()
- */
- static int test_wc_Sha3_256_Copy (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = "Everyone gets Friday off.";
- word32 msglen = (word32)XSTRLEN(msg);
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_256_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- printf(testingFmt, "wc_Sha3_256_Copy()");
- ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha3_256_Free(&sha3);
- return ret;
- }
- ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen);
- if (ret == 0) {
- ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3);
- if (ret == 0) {
- ret = wc_Sha3_256_Final(&sha3, hash);
- if (ret == 0) {
- ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy);
- }
- }
- if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_256_Copy(NULL, &sha3);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_256_Copy(&sha3Cpy, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Sha3_256_Copy */
- /*
- * Testing wc_Sha3_384_Copy()
- */
- static int test_wc_Sha3_384_Copy (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = "Everyone gets Friday off.";
- word32 msglen = (word32)XSTRLEN(msg);
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_384_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- printf(testingFmt, "wc_Sha3_384_Copy()");
- ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha3_384_Free(&sha3);
- return ret;
- }
- ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen);
- if (ret == 0) {
- ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3);
- if (ret == 0) {
- ret = wc_Sha3_384_Final(&sha3, hash);
- if (ret == 0) {
- ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy);
- }
- }
- if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_384_Copy(NULL, &sha3);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_384_Copy(&sha3Cpy, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Sha3_384_Copy */
- /*
- * Testing wc_Sha3_512_Copy()
- */
- static int test_wc_Sha3_512_Copy (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = "Everyone gets Friday off.";
- word32 msglen = (word32)XSTRLEN(msg);
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_512_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- printf(testingFmt, "wc_Sha3_512_Copy()");
- ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha3_512_Free(&sha3);
- return ret;
- }
- ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen);
- if (ret == 0) {
- ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3);
- if (ret == 0) {
- ret = wc_Sha3_512_Final(&sha3, hash);
- if (ret == 0) {
- ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy);
- }
- }
- if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Sha3_512_Copy(NULL, &sha3);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Sha3_512_Copy(&sha3Cpy, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Sha3_512_Copy */
- /*
- * Unit test function for wc_Sha3_GetFlags()
- */
- static int test_wc_Sha3_GetFlags (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHA3) && \
- (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
- wc_Sha3 sha3;
- word32 flags = 0;
- printf(testingFmt, "wc_Sha3_GetFlags()");
- /* Initialize */
- ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- if (ret == 0) {
- ret = wc_Sha3_GetFlags(&sha3, &flags);
- }
- if (ret == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- ret = 0;
- }
- }
- wc_Sha3_224_Free(&sha3);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Sha3_GetFlags */
- static int test_wc_InitShake256 (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
- wc_Shake shake;
- printf(testingFmt, "wc_InitShake256()");
- ret = wc_InitShake256(&shake, HEAP_HINT, devId);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_InitShake256(NULL, HEAP_HINT, devId);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Shake256_Free(&shake);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_InitSha3 */
- static int testing_wc_Shake256_Update (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
- wc_Shake shake;
- byte msg[] = "Everybody's working for the weekend.";
- byte msg2[] = "Everybody gets Friday off.";
- byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
- "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
- "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
- "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
- "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
- word32 msglen = sizeof(msg) - 1;
- word32 msg2len = sizeof(msg2);
- word32 msgCmplen = sizeof(msgCmp);
- printf(testingFmt, "wc_Shake256_Update()");
- ret = wc_InitShake256(&shake, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_Shake256_Update(&shake, msg, msglen);
- if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_Shake256_Update(&shake, msg2, msg2len);
- if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_Shake256_Update(NULL, msg2, msg2len);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Shake256_Update(&shake, NULL, 5);
- }
- if (ret == BAD_FUNC_ARG) {
- wc_Shake256_Free(&shake);
- if (wc_InitShake256(&shake, HEAP_HINT, devId)) {
- return ret;
- }
- ret = wc_Shake256_Update(&shake, NULL, 0);
- if (ret == 0) {
- ret = wc_Shake256_Update(&shake, msg2, msg2len);
- }
- if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- wc_Shake256_Free(&shake);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* WOLFSSL_SHAKE256 && !WOLFSSL_NO_SHAKE256 */
- return ret;
- }
- static int test_wc_Shake256_Final (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
- wc_Shake shake;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
- "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
- "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
- "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
- "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
- "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
- "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
- "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
- "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
- byte hash[114];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- printf(testingFmt, "wc_Shake256_Final()");
- ret = wc_InitShake256(&shake, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg));
- if (ret == 0) {
- ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash));
- if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash));
- if (ret == 0) {
- ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Shake256_Free(&shake);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }
- /*
- * Testing wc_Shake256_Copy()
- */
- static int test_wc_Shake256_Copy (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
- wc_Shake shake, shakeCpy;
- const char* msg = "Everyone gets Friday off.";
- word32 msglen = (word32)XSTRLEN(msg);
- byte hash[144];
- byte hashCpy[144];
- word32 hashLen = sizeof(hash);
- word32 hashLenCpy = sizeof(hashCpy);
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- printf(testingFmt, "wc_Shake256_Copy()");
- ret = wc_InitShake256(&shake, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_InitShake256(&shakeCpy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Shake256_Free(&shake);
- return ret;
- }
- ret = wc_Shake256_Update(&shake, (byte*)msg, msglen);
- if (ret == 0) {
- ret = wc_Shake256_Copy(&shakeCpy, &shake);
- if (ret == 0) {
- ret = wc_Shake256_Final(&shake, hash, hashLen);
- if (ret == 0) {
- ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy);
- }
- }
- if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Shake256_Copy(NULL, &shake);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Shake256_Copy(&shakeCpy, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_Shake256_Free(&shake);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Shake256_Copy */
- /*
- * Unit test function for wc_Shake256Hash()
- */
- static int test_wc_Shake256Hash(void)
- {
- int ret = 0;
- #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- word32 len = sizeof(data);
- byte hash[144];
- word32 hashLen = sizeof(hash);
- printf(testingFmt, "wc_Shake256Hash()");
- ret = wc_Shake256Hash(data, len, hash, hashLen);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Shake256Hash */
- /*
- * unit test for wc_IdeaSetKey()
- */
- static int test_wc_IdeaSetKey (void)
- {
- int ret = 0;
- #ifdef HAVE_IDEA
- Idea idea;
- const byte key[] =
- {
- 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
- 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
- };
- int flag = 0;
- printf(testingFmt, "wc_IdeaSetKey()");
- /*IV can be NULL, default value is 0*/
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
- if (ret == 0) {
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
- }
- /* Bad args. */
- if (ret == 0) {
- ret = wc_IdeaSetKey(NULL, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
- if (ret != BAD_FUNC_ARG) {
- flag = 1;
- }
- ret = wc_IdeaSetKey(&idea, NULL, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
- if (ret != BAD_FUNC_ARG) {
- flag = 1;
- }
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE - 1,
- NULL, IDEA_ENCRYPTION);
- if (ret != BAD_FUNC_ARG) {
- flag = 1;
- }
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, -1);
- if (ret != BAD_FUNC_ARG) {
- flag = 1;
- }
- if (flag == 1) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- } /* END Test Bad Args. */
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_IdeaSetKey */
- /*
- * Unit test for wc_IdeaSetIV()
- */
- static int test_wc_IdeaSetIV (void)
- {
- int ret = 0;
- #ifdef HAVE_IDEA
- Idea idea;
- printf(testingFmt, "wc_IdeaSetIV()");
- ret = wc_IdeaSetIV(&idea, NULL);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_IdeaSetIV(NULL, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_IdeaSetIV */
- /*
- * Unit test for wc_IdeaCipher()
- */
- static int test_wc_IdeaCipher (void)
- {
- int ret = 0;
- #ifdef HAVE_IDEA
- Idea idea;
- const byte key[] =
- {
- 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
- 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48
- };
- const byte plain[] =
- {
- 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
- };
- byte enc[sizeof(plain)];
- byte dec[sizeof(enc)];
- printf(testingFmt, "wc_IdeaCipher()");
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
- if (ret == 0) {
- ret = wc_IdeaCipher(&idea, enc, plain);
- if (ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
- if (ret == 0) {
- ret = wc_IdeaCipher(&idea, dec, enc);
- }
- if (ret == 0) {
- ret = XMEMCMP(plain, dec, IDEA_BLOCK_SIZE);
- }
- if (ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass Bad Args. */
- if (ret == 0) {
- ret = wc_IdeaCipher(NULL, enc, dec);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_IdeaCipher(&idea, NULL, dec);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_IdeaCipher(&idea, enc, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_IdeaCipher */
- /*
- * Unit test for functions wc_IdeaCbcEncrypt and wc_IdeaCbcDecrypt
- */
- static int test_wc_IdeaCbcEncyptDecrypt (void)
- {
- int ret = 0;
- #ifdef HAVE_IDEA
- Idea idea;
- const byte key[] =
- {
- 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
- 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
- };
- const char* message = "International Data Encryption Algorithm";
- byte msg_enc[40];
- byte msg_dec[40];
- printf(testingFmt, "wc_IdeaCbcEncrypt()");
- ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_ENCRYPTION);
- if (ret == 0) {
- ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
- (word32)XSTRLEN(message) + 1);
- }
- if (ret == 0) {
- ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_DECRYPTION);
- }
- if (ret == 0) {
- ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
- (word32)XSTRLEN(message) + 1);
- if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. Enc */
- if (ret == 0) {
- ret = wc_IdeaCbcEncrypt(NULL, msg_enc, (byte*)message,
- (word32)XSTRLEN(message) + 1);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_IdeaCbcEncrypt(&idea, NULL, (byte*)message,
- (word32)XSTRLEN(message) + 1);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_IdeaCbcEncrypt(&idea, msg_enc, NULL,
- (word32)XSTRLEN(message) + 1);
- }
- if (ret != BAD_FUNC_ARG) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- } /* END test bad args ENC */
- /* Test bad args DEC */
- if (ret == 0) {
- ret = wc_IdeaCbcDecrypt(NULL, msg_dec, msg_enc,
- (word32)XSTRLEN(message) + 1);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_IdeaCbcDecrypt(&idea, NULL, msg_enc,
- (word32)XSTRLEN(message) + 1);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_IdeaCbcDecrypt(&idea, msg_dec, NULL,
- (word32)XSTRLEN(message) + 1);
- }
- if (ret != BAD_FUNC_ARG) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_IdeaCbcEncryptDecrypt */
- /*
- * Test function for wc_HmacSetKey
- */
- static int test_wc_Md5HmacSetKey (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_MD5)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- flag = 0;
- printf(testingFmt, "wc_HmacSetKey() with MD5");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- for (itr = 0; itr < times; itr++) {
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr]));
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Bad args. */
- if (!flag) {
- ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- if (ret != HMAC_MIN_KEYLEN_E) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #else
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #endif
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Md5HmacSetKey */
- /*
- * testing wc_HmacSetKey() on wc_Sha hash.
- */
- static int test_wc_ShaHmacSetKey (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- flag = 0;
- printf(testingFmt, "wc_HmacSetKey() with SHA");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- for (itr = 0; itr < times; itr++) {
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr]));
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Bad args. */
- if (!flag) {
- ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- if (ret != HMAC_MIN_KEYLEN_E) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #else
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #endif
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_ShaHmacSetKey() */
- /*
- * testing wc_HmacSetKey() on Sha224 hash.
- */
- static int test_wc_Sha224HmacSetKey (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- flag = 0;
- printf(testingFmt, "wc_HmacSetKey() with SHA 224");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- for (itr = 0; itr < times; itr++) {
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr]));
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Bad args. */
- if (!flag) {
- ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- if (ret != HMAC_MIN_KEYLEN_E) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #else
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #endif
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224HmacSetKey() */
- /*
- * testing wc_HmacSetKey() on Sha256 hash
- */
- static int test_wc_Sha256HmacSetKey (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- flag = 0;
- printf(testingFmt, "wc_HmacSetKey() with SHA256");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- for (itr = 0; itr < times; itr++) {
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr]));
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Bad args. */
- if (!flag) {
- ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- if (ret != HMAC_MIN_KEYLEN_E) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #else
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #endif
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256HmacSetKey() */
- /*
- * testing wc_HmacSetKey on Sha384 hash.
- */
- static int test_wc_Sha384HmacSetKey (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- flag = 0;
- printf(testingFmt, "wc_HmacSetKey() with SHA384");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- for (itr = 0; itr < times; itr++) {
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr]));
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Bad args. */
- if (!flag) {
- ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
- (word32)XSTRLEN(keys[0]));
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- if (ret != HMAC_MIN_KEYLEN_E) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #else
- if (ret != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- #endif
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384HmacSetKey() */
- /*
- * testing wc_HmacUpdate on wc_Md5 hash.
- */
- static int test_wc_Md5HmacUpdate (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_MD5)
- Hmac hmac;
- testVector a, b;
- int ret;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- flag = 0;
- printf(testingFmt, "wc_HmacUpdate() with MD5");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update Hmac. */
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
- if (ret != 0) {
- flag = ret;
- }
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Md5HmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA hash.
- */
- static int test_wc_ShaHmacUpdate (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- Hmac hmac;
- testVector a, b;
- int ret;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- flag = 0;
- printf(testingFmt, "wc_HmacUpdate() with SHA");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update Hmac. */
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
- if (ret != 0) {
- flag = ret;
- }
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_ShaHmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA224 hash.
- */
- static int test_wc_Sha224HmacUpdate (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- Hmac hmac;
- testVector a, b;
- int ret;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- flag = 0;
- printf(testingFmt, "wc_HmacUpdate() with SHA224");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update Hmac. */
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
- if (ret != 0) {
- flag = ret;
- }
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224HmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA256 hash.
- */
- static int test_wc_Sha256HmacUpdate (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- Hmac hmac;
- testVector a, b;
- int ret;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- flag = 0;
- printf(testingFmt, "wc_HmacUpdate() with WC_SHA256");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update Hmac. */
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
- if (ret != 0) {
- flag = ret;
- }
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256HmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA384 hash.
- */
- static int test_wc_Sha384HmacUpdate (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- Hmac hmac;
- testVector a, b;
- int ret;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- flag = 0;
- printf(testingFmt, "wc_HmacUpdate() with SHA384");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Update Hmac. */
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- /* Test bad args. */
- if (!flag) {
- ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
- if (ret != 0) {
- flag = ret;
- }
- }
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384HmacUpdate */
- /*
- * Testing wc_HmacFinal() with MD5
- */
- static int test_wc_Md5HmacFinal (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_MD5)
- Hmac hmac;
- byte hash[WC_MD5_DIGEST_SIZE];
- testVector a;
- int ret;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
- "\x9d";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- flag = 0;
- printf(testingFmt, "wc_HmacFinal() with MD5");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try bad parameters. */
- if (!flag) {
- ret = wc_HmacFinal(NULL, hash);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_FIPS
- if (!flag) {
- ret = wc_HmacFinal(&hmac, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Md5HmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA
- */
- static int test_wc_ShaHmacFinal (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- Hmac hmac;
- byte hash[WC_SHA_DIGEST_SIZE];
- testVector a;
- int ret;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
- "\x8e\xf1\x46\xbe\x00";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- flag = 0;
- printf(testingFmt, "wc_HmacFinal() with SHA");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try bad parameters. */
- if (!flag) {
- ret = wc_HmacFinal(NULL, hash);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_FIPS
- if (!flag) {
- ret = wc_HmacFinal(&hmac, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_ShaHmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA224
- */
- static int test_wc_Sha224HmacFinal (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- Hmac hmac;
- byte hash[WC_SHA224_DIGEST_SIZE];
- testVector a;
- int ret;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
- "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- flag = 0;
- printf(testingFmt, "wc_HmacFinal() with SHA224");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try bad parameters. */
- if (!flag) {
- ret = wc_HmacFinal(NULL, hash);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_FIPS
- if (!flag) {
- ret = wc_HmacFinal(&hmac, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha224HmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA256
- */
- static int test_wc_Sha256HmacFinal (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- Hmac hmac;
- byte hash[WC_SHA256_DIGEST_SIZE];
- testVector a;
- int ret;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
- "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
- "\xcf\xf7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- flag = 0;
- printf(testingFmt, "wc_HmacFinal() with WC_SHA256");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try bad parameters. */
- if (!flag) {
- ret = wc_HmacFinal(NULL, hash);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_FIPS
- if (!flag) {
- ret = wc_HmacFinal(&hmac, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha256HmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA384
- */
- static int test_wc_Sha384HmacFinal (void)
- {
- int flag = 0;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- Hmac hmac;
- byte hash[WC_SHA384_DIGEST_SIZE];
- testVector a;
- int ret;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
- "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
- "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
- "\xfa\x9c\xb6";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- flag = 0;
- printf(testingFmt, "wc_HmacFinal() with SHA384");
- ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key));
- if (ret != 0) {
- flag = ret;
- }
- if (!flag) {
- ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0) {
- flag = ret;
- }
- }
- if (!flag) {
- if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Try bad parameters. */
- if (!flag) {
- ret = wc_HmacFinal(NULL, hash);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_FIPS
- if (!flag) {
- ret = wc_HmacFinal(&hmac, NULL);
- if (ret != BAD_FUNC_ARG) {
- flag = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- wc_HmacFree(&hmac);
- printf(resultFmt, flag == 0 ? passed : failed);
- #endif
- return flag;
- } /* END test_wc_Sha384HmacFinal */
- /*
- * Testing wc_InitCmac()
- */
- static int test_wc_InitCmac (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- Cmac cmac1, cmac2, cmac3;
- /* AES 128 key. */
- byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x10\x11\x12\x13\x14\x15\x16";
- /* AES 192 key. */
- byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x01\x11\x12\x13\x14\x15\x16"
- "\x01\x02\x03\x04\x05\x06\x07\x08";
- /* AES 256 key. */
- byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x01\x11\x12\x13\x14\x15\x16"
- "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x01\x11\x12\x13\x14\x15\x16";
- word32 key1Sz = (word32)sizeof(key1) - 1;
- word32 key2Sz = (word32)sizeof(key2) - 1;
- word32 key3Sz = (word32)sizeof(key3) - 1;
- int type = WC_CMAC_AES;
- printf(testingFmt, "wc_InitCmac()");
- #ifdef WOLFSSL_AES_128
- ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL);
- #endif
- #ifdef WOLFSSL_AES_192
- if (ret == 0)
- ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL);
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0)
- ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL);
- #endif
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_InitCmac(&cmac3, key3, 0, type, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- (void)key1;
- (void)key1Sz;
- (void)key2;
- (void)key2Sz;
- (void)cmac1;
- (void)cmac2;
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_InitCmac */
- /*
- * Testing wc_CmacUpdate()
- */
- static int test_wc_CmacUpdate (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
- Cmac cmac;
- byte key[] =
- {
- 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
- 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
- };
- byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
- "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
- "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
- "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
- "\xf4";
- word32 inSz = (word32)sizeof(in) - 1;
- word32 keySz = (word32)sizeof(key);
- int type = WC_CMAC_AES;
- ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
- if (ret != 0) {
- return ret;
- }
- printf(testingFmt, "wc_CmacUpdate()");
- ret = wc_CmacUpdate(&cmac, in, inSz);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_CmacUpdate(NULL, in, inSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_CmacUpdate(&cmac, NULL, 30);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_CmacUpdate */
- /*
- * Testing wc_CmacFinal()
- */
- static int test_wc_CmacFinal (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
- Cmac cmac;
- byte key[] =
- {
- 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
- 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
- };
- byte msg[] =
- {
- 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
- 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
- 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
- 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
- 0xf4
- };
- /* Test vectors from CMACGenAES128.rsp from
- * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
- * Per RFC4493 truncation of lsb is possible.
- */
- byte expMac[] =
- {
- 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
- 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
- };
- byte mac[AES_BLOCK_SIZE];
- word32 msgSz = (word32)sizeof(msg);
- word32 keySz = (word32)sizeof(key);
- word32 macSz = sizeof(mac);
- word32 badMacSz = 17;
- int expMacSz = sizeof(expMac);
- int type = WC_CMAC_AES;
- XMEMSET(mac, 0, macSz);
- ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
- if (ret != 0) {
- return ret;
- }
- ret = wc_CmacUpdate(&cmac, msg, msgSz);
- printf(testingFmt, "wc_CmacFinal()");
- if (ret == 0) {
- ret = wc_CmacFinal(&cmac, mac, &macSz);
- if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_CmacFinal(NULL, mac, &macSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_CmacFinal(&cmac, NULL, &macSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_CmacFinal(&cmac, mac, &badMacSz);
- if (ret == BUFFER_E) {
- ret = 0;
- }
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_CmacFinal */
- /*
- * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
- */
- static int test_wc_AesCmacGenerate (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
- Cmac cmac;
- byte key[] =
- {
- 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
- 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
- };
- byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
- "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
- byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
- "\x3d\x32\x65\x4c\x66\x23\xc5";
- byte mac[AES_BLOCK_SIZE];
- word32 keySz = sizeof(key);
- word32 macSz = sizeof(mac);
- word32 msgSz = sizeof(msg) - 1;
- word32 expMacSz = sizeof(expMac) - 1;
- int type = WC_CMAC_AES;
- XMEMSET(mac, 0, macSz);
- ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
- if (ret != 0) {
- return ret;
- }
- ret = wc_CmacUpdate(&cmac, msg, msgSz);
- if (ret != 0) {
- return ret;
- }
- printf(testingFmt, "wc_AesCmacGenerate()");
- ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);
- if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_AesCmacVerify()");
- ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- }
- #endif
- return ret;
- } /* END test_wc_AesCmacGenerate */
- /*
- * unit test for wc_Des3_SetIV()
- */
- static int test_wc_Des3_SetIV (void)
- {
- int ret = 0;
- #ifndef NO_DES3
- Des3 des;
- const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- printf(testingFmt, "wc_Des3_SetIV()");
- ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- /* DES_ENCRYPTION or DES_DECRYPTION */
- ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
- if (ret == 0) {
- if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
- /* Test explicitly wc_Des3_SetIV() */
- if (ret == 0) {
- ret = wc_Des3_SetIV(NULL, iv);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_SetIV(&des, NULL);
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- wc_Des3Free(&des);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Des3_SetIV */
- /*
- * unit test for wc_Des3_SetKey()
- */
- static int test_wc_Des3_SetKey (void)
- {
- int ret = 0;
- #ifndef NO_DES3
- Des3 des;
- const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- printf(testingFmt, "wc_Des3_SetKey()");
- ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- /* DES_ENCRYPTION or DES_DECRYPTION */
- ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
- if (ret == 0) {
- if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_SetKey(&des, key, iv, -1);
- }
- if (ret == BAD_FUNC_ARG) {
- /* Default case. Should return 0. */
- ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION);
- }
- } /* END if ret != 0 */
- wc_Des3Free(&des);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Des3_SetKey */
- /*
- * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
- */
- static int test_wc_Des3_CbcEncryptDecrypt (void)
- {
- int ret = 0;
- #ifndef NO_DES3
- Des3 des;
- byte cipher[24];
- byte plain[24];
- const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- printf(testingFmt, "wc_Des3_CbcEncrypt()");
- ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
- if (ret == 0) {
- ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24);
- if (ret == 0) {
- ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION);
- }
- if (ret == 0) {
- ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24);
- }
- }
- if (ret == 0) {
- if (XMEMCMP(plain, vector, 24) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector));
- }
- if (ret != BAD_FUNC_ARG) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24);
- }
- if (ret != BAD_FUNC_ARG) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- wc_Des3Free(&des);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END wc_Des3_CbcEncrypt */
- /*
- * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
- */
- static int test_wc_Des3_CbcEncryptDecryptWithKey (void)
- {
- int ret = 0;
- #ifndef NO_DES3
- word32 vectorSz, cipherSz;
- byte cipher[24];
- byte plain[24];
- byte vector[] = /* Now is the time for all w/o trailing 0 */
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- vectorSz = sizeof(byte) * 24;
- cipherSz = sizeof(byte) * 24;
- printf(testingFmt, "wc_Des3_CbcEncryptWithKey()");
- ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv);
- if (ret == 0) {
- ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv);
- if (ret == 0) {
- if (XMEMCMP(plain, vector, 24) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* pass in bad args. */
- if (ret == 0) {
- ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz,
- key, NULL);
- } else {
- /* Return code catch. */
- ret = WOLFSSL_FAILURE;
- }
- }
- if (ret == 0) {
- ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL);
- } else {
- ret = WOLFSSL_FAILURE;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Des3_CbcEncryptDecryptWithKey */
- /*
- * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
- */
- static int test_wc_Chacha_SetKey (void)
- {
- int ret = 0;
- #ifdef HAVE_CHACHA
- ChaCha ctx;
- const byte key[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- byte cipher[128];
- printf(testingFmt, "wc_Chacha_SetKey()");
- ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Chacha_SetKey(&ctx, key, 18);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret != 0) {
- return ret;
- }
- printf(testingFmt, "wc_Chacha_SetIV");
- ret = wc_Chacha_SetIV(&ctx, cipher, 0);
- if (ret == 0) {
- /* Test bad args. */
- ret = wc_Chacha_SetIV(NULL, cipher, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FAILURE;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Chacha_SetKey */
- /*
- * unit test for wc_Poly1305SetKey()
- */
- static int test_wc_Poly1305SetKey(void)
- {
- int ret = 0;
- #ifdef HAVE_POLY1305
- Poly1305 ctx;
- const byte key[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- printf(testingFmt, "wc_Poly1305_SetKey()");
- ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
- if(ret == BAD_FUNC_ARG) {
- ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte)));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Poly1305SetKey(&ctx, key, 18);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Poly1305_SetKey() */
- /*
- * Testing wc_Chacha_Process()
- */
- static int test_wc_Chacha_Process (void)
- {
- int ret = 0;
- #ifdef HAVE_CHACHA
- ChaCha enc, dec;
- byte cipher[128];
- byte plain[128];
- const byte key[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- const char* input = "Everybody gets Friday off.";
- word32 keySz = sizeof(key)/sizeof(byte);
- unsigned long int inlen = XSTRLEN(input);
- /*Initialize stack varialbes.*/
- XMEMSET(cipher, 0, 128);
- XMEMSET(plain, 0, 128);
- printf(testingFmt, "wc_Chacha_Process()");
- ret = wc_Chacha_SetKey(&enc, key, keySz);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_SetKey(&dec, key, keySz);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_SetIV(&enc, cipher, 0);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_SetIV(&dec, cipher, 0);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen);
- AssertIntEQ(ret, 0);
- ret = XMEMCMP(input, plain, (int)inlen);
- AssertIntEQ(ret, 0);
- #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
- /* test checking and using leftovers, currently just in C code */
- ret = wc_Chacha_SetIV(&enc, cipher, 0);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_SetIV(&dec, cipher, 0);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_Process(&enc, cipher + (inlen - 2),
- (byte*)input + (inlen - 2), 2);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_Process(&dec, cipher + (inlen - 2),
- (byte*)input + (inlen - 2), 2);
- AssertIntEQ(ret, 0);
- ret = XMEMCMP(input, plain, (int)inlen);
- AssertIntEQ(ret, 0);
- /* check edge cases with counter increment */
- {
- /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
- const byte expected[] = {
- 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
- 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
- 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
- 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
- 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
- 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
- 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
- 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
- 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
- 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
- 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
- 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
- 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
- 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
- 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
- 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
- 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
- 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
- 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
- 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
- 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
- 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
- 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
- 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
- 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
- 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
- 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
- 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
- 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
- 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
- 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
- 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
- };
- const byte iv2[] = {
- 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
- 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
- };
- byte input2[256];
- int i;
- for (i = 0; i < 256; i++)
- input2[i] = i;
- ret = wc_Chacha_SetIV(&enc, iv2, 0);
- AssertIntEQ(ret, 0);
- ret = wc_Chacha_Process(&enc, cipher, input2, 64);
- AssertIntEQ(ret, 0);
- AssertIntEQ(XMEMCMP(expected, cipher, 64), 0);
- ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128);
- AssertIntEQ(ret, 0);
- AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
- /* partial */
- ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32);
- AssertIntEQ(ret, 0);
- AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
- ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32);
- AssertIntEQ(ret, 0);
- AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
- }
- #endif
- /* Test bad args. */
- ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Chacha_Process */
- /*
- * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
- */
- static int test_wc_ChaCha20Poly1305_aead (void)
- {
- int ret = 0;
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- const byte key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- const byte plaintext[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
- 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
- 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
- 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
- 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
- 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
- 0x74, 0x2e
- };
- const byte iv[] = {
- 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47
- };
- const byte aad[] = { /* additional data */
- 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
- 0xc4, 0xc5, 0xc6, 0xc7
- };
- const byte cipher[] = { /* expected output from operation */
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
- 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
- 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
- 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
- 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
- 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
- 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
- 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
- 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
- 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
- 0x61, 0x16
- };
- const byte authTag[] = { /* expected output from operation */
- 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
- 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
- };
- byte generatedCiphertext[272];
- byte generatedPlaintext[272];
- byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- /* Initialize stack variables. */
- XMEMSET(generatedCiphertext, 0, 272);
- XMEMSET(generatedPlaintext, 0, 272);
- /* Test Encrypt */
- printf(testingFmt, "wc_ChaCha20Poly1305_Encrypt()");
- ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext,
- sizeof(plaintext), generatedCiphertext, generatedAuthTag);
- AssertIntEQ(ret, 0);
- ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte));
- AssertIntEQ(ret, 0);
- /* Test bad args. */
- ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext,
- sizeof(plaintext), generatedCiphertext, generatedAuthTag);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
- plaintext, sizeof(plaintext),
- generatedCiphertext, generatedAuthTag);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
- sizeof(plaintext), generatedCiphertext, generatedAuthTag);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
- plaintext, 0, generatedCiphertext, generatedAuthTag);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
- plaintext, sizeof(plaintext), NULL, generatedAuthTag);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
- plaintext, sizeof(plaintext), generatedCiphertext, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret != 0) {
- return ret;
- }
- printf(testingFmt, "wc_ChaCha20Poly1305_Decrypt()");
- ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), authTag, generatedPlaintext);
- AssertIntEQ(ret, 0);
- ret = XMEMCMP(generatedPlaintext, plaintext,
- sizeof(plaintext)/sizeof(byte));
- AssertIntEQ(ret, 0);
- /* Test bad args. */
- ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), authTag, generatedPlaintext);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
- cipher, sizeof(cipher), authTag, generatedPlaintext);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
- sizeof(cipher), authTag, generatedPlaintext);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), NULL, generatedPlaintext);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), authTag, NULL);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
- 0, authTag, generatedPlaintext);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */
- /*
- * Testing function for wc_AesSetIV
- */
- static int test_wc_AesSetIV (void)
- {
- int ret = 0;
- #if !defined(NO_AES) && defined(WOLFSSL_AES_128)
- Aes aes;
- byte key16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte iv1[] = "1234567890abcdef";
- byte iv2[] = "0987654321fedcba";
- printf(testingFmt, "wc_AesSetIV()");
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
- iv1, AES_ENCRYPTION);
- if(ret == 0) {
- ret = wc_AesSetIV(&aes, iv2);
- }
- /* Test bad args. */
- if(ret == 0) {
- ret = wc_AesSetIV(NULL, iv1);
- if(ret == BAD_FUNC_ARG) {
- /* NULL iv should return 0. */
- ret = wc_AesSetIV(&aes, NULL);
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&aes);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* test_wc_AesSetIV */
- /*
- * Testing function for wc_AesSetKey().
- */
- static int test_wc_AesSetKey (void)
- {
- int ret = 0;
- #ifndef NO_AES
- Aes aes;
- byte key16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #ifdef WOLFSSL_AES_192
- byte key24[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- byte badKey16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
- };
- byte iv[] = "1234567890abcdef";
- printf(testingFmt, "wc_AesSetKey()");
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- #ifdef WOLFSSL_AES_128
- ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
- iv, AES_ENCRYPTION);
- #endif
- #ifdef WOLFSSL_AES_192
- if (ret == 0) {
- ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte),
- iv, AES_ENCRYPTION);
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte),
- iv, AES_ENCRYPTION);
- }
- #endif
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte),
- iv, AES_ENCRYPTION);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesSetKey(&aes, badKey16,
- (word32) sizeof(badKey16) / sizeof(byte),
- iv, AES_ENCRYPTION);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&aes);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_AesSetKey */
- /*
- * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
- * and wc_AesCbcDecryptWithKey()
- */
- static int test_wc_AesCbcEncryptDecrypt (void)
- {
- int ret = 0;
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
- defined(WOLFSSL_AES_256)
- Aes aes;
- byte key32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte vector[] = /* Now is the time for all w/o trailing 0 */
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte iv[] = "1234567890abcdef";
- byte enc[sizeof(vector)];
- byte dec[sizeof(vector)];
- int cbcE = WOLFSSL_FATAL_ERROR;
- int cbcD = WOLFSSL_FATAL_ERROR;
- int cbcDWK = WOLFSSL_FATAL_ERROR;
- byte dec2[sizeof(vector)];
- /* Init stack variables. */
- XMEMSET(enc, 0, sizeof(enc));
- XMEMSET(dec, 0, sizeof(vector));
- XMEMSET(dec2, 0, sizeof(vector));
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
- if (ret == 0) {
- ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector));
- if (ret == 0) {
- /* Re init for decrypt and set flag. */
- cbcE = 0;
- wc_AesFree(&aes);
- ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2,
- iv, AES_DECRYPTION);
- }
- if (ret == 0) {
- ret = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(vector, dec, AES_BLOCK_SIZE) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- /* Set flag. */
- cbcD = 0;
- }
- }
- }
- /* If encrypt succeeds but cbc decrypt fails, we can still test. */
- if (ret == 0 || cbcE == 0) {
- ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
- key32, sizeof(key32)/sizeof(byte), iv);
- if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) {
- cbcDWK = 0;
- }
- }
- printf(testingFmt, "wc_AesCbcEncrypt()");
- /* Pass in bad args */
- if (cbcE == 0) {
- cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector));
- if (cbcE == BAD_FUNC_ARG) {
- cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector));
- }
- if (cbcE == BAD_FUNC_ARG) {
- cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector));
- }
- if (cbcE == BAD_FUNC_ARG) {
- cbcE = 0;
- } else {
- cbcE = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, cbcE == 0 ? passed : failed);
- if (cbcE != 0) {
- wc_AesFree(&aes);
- return cbcE;
- }
- printf(testingFmt, "wc_AesCbcDecrypt()");
- if (cbcD == 0) {
- cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE);
- if (cbcD == BAD_FUNC_ARG) {
- cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE);
- }
- if (cbcD == BAD_FUNC_ARG) {
- cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE);
- }
- if (cbcD == BAD_FUNC_ARG) {
- cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
- }
- if (cbcD == BAD_FUNC_ARG) {
- cbcD = 0;
- } else {
- cbcD = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, cbcD == 0 ? passed : failed);
- if (cbcD != 0) {
- wc_AesFree(&aes);
- return cbcD;
- }
- printf(testingFmt, "wc_AesCbcDecryptWithKey()");
- if (cbcDWK == 0) {
- cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
- key32, sizeof(key32)/sizeof(byte), iv);
- if (cbcDWK == BAD_FUNC_ARG) {
- cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
- key32, sizeof(key32)/sizeof(byte), iv);
- }
- if (cbcDWK == BAD_FUNC_ARG) {
- cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
- NULL, sizeof(key32)/sizeof(byte), iv);
- }
- if (cbcDWK == BAD_FUNC_ARG) {
- cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
- key32, sizeof(key32)/sizeof(byte), NULL);
- }
- if (cbcDWK == BAD_FUNC_ARG) {
- cbcDWK = 0;
- } else {
- cbcDWK = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&aes);
- printf(resultFmt, cbcDWK == 0 ? passed : failed);
- if (cbcDWK != 0) {
- return cbcDWK;
- }
- #endif
- return ret;
- } /* END test_wc_AesCbcEncryptDecrypt */
- /*
- * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
- */
- static int test_wc_AesCtrEncryptDecrypt (void)
- {
- int ret = 0;
- #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
- Aes aesEnc, aesDec;
- byte key32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte vector[] = /* Now is the time for all w/o trailing 0 */
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte iv[] = "1234567890abcdef";
- byte enc[AES_BLOCK_SIZE * 2];
- byte dec[AES_BLOCK_SIZE * 2];
- /* Init stack variables. */
- XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
- XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
- printf(testingFmt, "wc_AesCtrEncrypt()");
- ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID);
- if (ret != 0) {
- wc_AesFree(&aesEnc);
- return ret;
- }
- ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2,
- iv, AES_ENCRYPTION);
- if (ret == 0) {
- ret = wc_AesCtrEncrypt(&aesEnc, enc, vector,
- sizeof(vector)/sizeof(byte));
- if (ret == 0) {
- /* Decrypt with wc_AesCtrEncrypt() */
- ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2,
- iv, AES_ENCRYPTION);
- }
- if (ret == 0) {
- ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte));
- if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte));
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&aesEnc);
- wc_AesFree(&aesDec);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_AesCtrEncryptDecrypt */
- /*
- * test function for wc_AesGcmSetKey()
- */
- static int test_wc_AesGcmSetKey (void)
- {
- int ret = 0;
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- Aes aes;
- #ifdef WOLFSSL_AES_128
- byte key16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte key24[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- byte badKey16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
- };
- byte badKey24[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
- };
- byte badKey32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
- };
- printf(testingFmt, "wc_AesGcmSetKey()");
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- #ifdef WOLFSSL_AES_128
- ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte));
- #endif
- #ifdef WOLFSSL_AES_192
- if (ret == 0) {
- ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte));
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
- }
- #endif
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte));
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&aes);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_AesGcmSetKey */
- /*
- * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
- */
- static int test_wc_AesGcmEncryptDecrypt (void)
- {
- int ret = 0;
- /* WOLFSSL_AFALG requires 12 byte IV */
- #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
- !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
- Aes aes;
- byte key32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte vector[] = /* Now is the time for all w/o trailing 0 */
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- const byte a[] =
- {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- byte iv[] = "1234567890a";
- byte longIV[] = "1234567890abcdefghij";
- byte enc[sizeof(vector)];
- byte resultT[AES_BLOCK_SIZE];
- byte dec[sizeof(vector)];
- int gcmD = WOLFSSL_FATAL_ERROR;
- int gcmE = WOLFSSL_FATAL_ERROR;
- /* Init stack variables. */
- XMEMSET(enc, 0, sizeof(vector));
- XMEMSET(dec, 0, sizeof(vector));
- XMEMSET(resultT, 0, AES_BLOCK_SIZE);
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
- if (ret == 0) {
- gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
- iv, sizeof(iv)/sizeof(byte), resultT,
- sizeof(resultT), a, sizeof(a));
- }
- if (gcmE == 0) { /* If encrypt fails, no decrypt. */
- gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
- iv, sizeof(iv)/sizeof(byte), resultT,
- sizeof(resultT), a, sizeof(a));
- if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
- gcmD = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(testingFmt, "wc_AesGcmEncrypt()");
- /*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
- if (gcmE == 0) {
- gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector),
- iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT),
- a, sizeof(a));
- if (gcmE == BAD_FUNC_ARG) {
- gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
- sizeof(vector), iv, sizeof(iv)/sizeof(byte),
- resultT, sizeof(resultT) + 1, a, sizeof(a));
- }
- if (gcmE == BAD_FUNC_ARG) {
- gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
- sizeof(vector), iv, sizeof(iv)/sizeof(byte),
- resultT, sizeof(resultT) - 5, a, sizeof(a));
- }
- #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)
- /* FIPS does not check the lower bound of ivSz */
- #else
- if (gcmE == BAD_FUNC_ARG) {
- gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
- sizeof(vector), iv, 0,
- resultT, sizeof(resultT), a, sizeof(a));
- }
- #endif
- if (gcmE == BAD_FUNC_ARG) {
- gcmE = 0;
- } else {
- gcmE = WOLFSSL_FATAL_ERROR;
- }
- }
- /* This case is now considered good. Long IVs are now allowed.
- * Except for the original FIPS release, it still has an upper
- * bound on the IV length. */
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- if (gcmE == 0) {
- gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
- sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
- a, sizeof(a));
- }
- #else
- (void)longIV;
- #endif /* Old FIPS */
- /* END wc_AesGcmEncrypt */
- printf(resultFmt, gcmE == 0 ? passed : failed);
- if (gcmE != 0) {
- wc_AesFree(&aes);
- return gcmE;
- }
- #ifdef HAVE_AES_DECRYPT
- printf(testingFmt, "wc_AesGcmDecrypt()");
- if (gcmD == 0) {
- gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
- iv, sizeof(iv)/sizeof(byte), resultT,
- sizeof(resultT), a, sizeof(a));
- if (gcmD == BAD_FUNC_ARG) {
- gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
- iv, sizeof(iv)/sizeof(byte), resultT,
- sizeof(resultT), a, sizeof(a));
- }
- if (gcmD == BAD_FUNC_ARG) {
- gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
- iv, sizeof(iv)/sizeof(byte), resultT,
- sizeof(resultT), a, sizeof(a));
- }
- if (gcmD == BAD_FUNC_ARG) {
- gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
- NULL, sizeof(iv)/sizeof(byte), resultT,
- sizeof(resultT), a, sizeof(a));
- }
- if (gcmD == BAD_FUNC_ARG) {
- gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
- iv, sizeof(iv)/sizeof(byte), NULL,
- sizeof(resultT), a, sizeof(a));
- }
- if (gcmD == BAD_FUNC_ARG) {
- gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
- iv, sizeof(iv)/sizeof(byte), resultT,
- sizeof(resultT) + 1, a, sizeof(a));
- }
- #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)
- /* FIPS does not check the lower bound of ivSz */
- #else
- if (gcmD == BAD_FUNC_ARG) {
- gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
- iv, 0, resultT,
- sizeof(resultT), a, sizeof(a));
- }
- #endif
- if (gcmD == BAD_FUNC_ARG) {
- gcmD = 0;
- } else {
- gcmD = WOLFSSL_FATAL_ERROR;
- }
- } /* END wc_AesGcmDecrypt */
- printf(resultFmt, gcmD == 0 ? passed : failed);
- #endif /* HAVE_AES_DECRYPT */
- wc_AesFree(&aes);
- #endif
- return ret;
- } /* END test_wc_AesGcmEncryptDecrypt */
- /*
- * unit test for wc_GmacSetKey()
- */
- static int test_wc_GmacSetKey (void)
- {
- int ret = 0;
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- Gmac gmac;
- byte key16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #ifdef WOLFSSL_AES_192
- byte key24[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- byte badKey16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
- };
- byte badKey24[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- byte badKey32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- printf(testingFmt, "wc_GmacSetKey()");
- ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- #ifdef WOLFSSL_AES_128
- ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte));
- #endif
- #ifdef WOLFSSL_AES_192
- if (ret == 0) {
- ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
- }
- #endif
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte));
- if (ret == BAD_FUNC_ARG) {
- ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte));
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&gmac.aes);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_GmacSetKey */
- /*
- * unit test for wc_GmacUpdate
- */
- static int test_wc_GmacUpdate (void)
- {
- int ret = 0;
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- Gmac gmac;
- #ifdef WOLFSSL_AES_128
- const byte key16[] =
- {
- 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
- 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte key24[] =
- {
- 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
- 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
- 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] =
- {
- 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
- 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
- 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
- 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
- };
- #endif
- #ifdef WOLFSSL_AES_128
- const byte authIn[] =
- {
- 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
- 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
- };
- #endif
- #ifdef WOLFSSL_AES_192
- const byte authIn2[] =
- {
- 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
- 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
- };
- #endif
- const byte authIn3[] =
- {
- 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
- 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
- };
- #ifdef WOLFSSL_AES_128
- const byte tag1[] = /* Known. */
- {
- 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- #endif
- #ifdef WOLFSSL_AES_192
- const byte tag2[] = /* Known */
- {
- 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
- 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
- };
- #endif
- const byte tag3[] = /* Known */
- {
- 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
- 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
- };
- #ifdef WOLFSSL_AES_128
- const byte iv[] =
- {
- 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
- 0xe2, 0x8c, 0x8f, 0x16
- };
- #endif
- #ifdef WOLFSSL_AES_192
- const byte iv2[] =
- {
- 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
- 0x7e, 0x1a, 0x6f, 0xbc
- };
- #endif
- const byte iv3[] =
- {
- 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
- 0xc3, 0xfb, 0x6c, 0x8a
- };
- byte tagOut[16];
- byte tagOut2[24];
- byte tagOut3[32];
- /* Init stack variables. */
- XMEMSET(tagOut, 0, sizeof(tagOut));
- XMEMSET(tagOut2, 0, sizeof(tagOut2));
- XMEMSET(tagOut3, 0, sizeof(tagOut3));
- printf(testingFmt, "wc_GmacUpdate()");
- ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- #ifdef WOLFSSL_AES_128
- ret = wc_GmacSetKey(&gmac, key16, sizeof(key16));
- if (ret == 0) {
- ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
- tagOut, sizeof(tag1));
- if (ret == 0) {
- ret = XMEMCMP(tag1, tagOut, sizeof(tag1));
- }
- }
- #endif
- #ifdef WOLFSSL_AES_192
- if (ret == 0) {
- XMEMSET(&gmac, 0, sizeof(Gmac));
- ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
- }
- if (ret == 0) {
- ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2,
- sizeof(authIn2), tagOut2, sizeof(tag2));
- }
- if (ret == 0) {
- ret = XMEMCMP(tagOut2, tag2, sizeof(tag2));
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- XMEMSET(&gmac, 0, sizeof(Gmac));
- ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
- }
- if (ret == 0) {
- ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
- sizeof(authIn3), tagOut3, sizeof(tag3));
- }
- if (ret == 0) {
- ret = XMEMCMP(tag3, tagOut3, sizeof(tag3));
- }
- #endif
- /*Pass bad args. */
- if (ret == 0) {
- ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3,
- sizeof(authIn3), tagOut3, sizeof(tag3));
- if (ret == BAD_FUNC_ARG) {
- ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
- sizeof(authIn3), tagOut3, sizeof(tag3) - 5);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
- sizeof(authIn3), tagOut3, sizeof(tag3) + 1);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&gmac.aes);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_GmacUpdate */
- /*
- * testing wc_CamelliaSetKey
- */
- static int test_wc_CamelliaSetKey (void)
- {
- int ret = 0;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- /*128-bit key*/
- static const byte key16[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- /* 192-bit key */
- static const byte key24[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- /* 256-bit key */
- static const byte key32[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- static const byte iv[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- printf(testingFmt, "wc_CamelliaSetKey()");
- ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv);
- if (ret == 0) {
- ret = wc_CamelliaSetKey(&camellia, key16,
- (word32)sizeof(key16), NULL);
- if (ret == 0) {
- ret = wc_CamelliaSetKey(&camellia, key24,
- (word32)sizeof(key24), iv);
- }
- if (ret == 0) {
- ret = wc_CamelliaSetKey(&camellia, key24,
- (word32)sizeof(key24), NULL);
- }
- if (ret == 0) {
- ret = wc_CamelliaSetKey(&camellia, key32,
- (word32)sizeof(key32), iv);
- }
- if (ret == 0) {
- ret = wc_CamelliaSetKey(&camellia, key32,
- (word32)sizeof(key32), NULL);
- }
- }
- /* Bad args. */
- if (ret == 0) {
- ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv);
- if (ret != BAD_FUNC_ARG) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- } /* END bad args. */
- #endif
- return ret;
- } /* END test_wc_CammeliaSetKey */
- /*
- * Testing wc_CamelliaSetIV()
- */
- static int test_wc_CamelliaSetIV (void)
- {
- int ret = 0;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- static const byte iv[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- printf(testingFmt, "wc_CamelliaSetIV()");
- ret = wc_CamelliaSetIV(&camellia, iv);
- if (ret == 0) {
- ret = wc_CamelliaSetIV(&camellia, NULL);
- }
- /* Bad args. */
- if (ret == 0) {
- ret = wc_CamelliaSetIV(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /*END test_wc_CamelliaSetIV*/
- /*
- * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
- */
- static int test_wc_CamelliaEncryptDecryptDirect (void)
- {
- int ret = 0;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- static const byte key24[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- static const byte iv[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- static const byte plainT[] =
- {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- byte enc[sizeof(plainT)];
- byte dec[sizeof(enc)];
- int camE = WOLFSSL_FATAL_ERROR;
- int camD = WOLFSSL_FATAL_ERROR;
- /*Init stack variables.*/
- XMEMSET(enc, 0, 16);
- XMEMSET(enc, 0, 16);
- ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv);
- if (ret == 0) {
- ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT);
- if (ret == 0) {
- ret = wc_CamelliaDecryptDirect(&camellia, dec, enc);
- if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- printf(testingFmt, "wc_CamelliaEncryptDirect()");
- /* Pass bad args. */
- if (ret == 0) {
- camE = wc_CamelliaEncryptDirect(NULL, enc, plainT);
- if (camE == BAD_FUNC_ARG) {
- camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT);
- }
- if (camE == BAD_FUNC_ARG) {
- camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL);
- }
- if (camE == BAD_FUNC_ARG) {
- camE = 0;
- } else {
- camE = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, camE == 0 ? passed : failed);
- if (camE != 0) {
- return camE;
- }
- printf(testingFmt, "wc_CamelliaDecryptDirect()");
- if (ret == 0) {
- camD = wc_CamelliaDecryptDirect(NULL, dec, enc);
- if (camD == BAD_FUNC_ARG) {
- camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc);
- }
- if (camD == BAD_FUNC_ARG) {
- camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL);
- }
- if (camD == BAD_FUNC_ARG) {
- camD = 0;
- } else {
- camD = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, camD == 0 ? passed : failed);
- if (camD != 0) {
- return camD;
- }
- #endif
- return ret;
- } /* END test-wc_CamelliaEncryptDecryptDirect */
- /*
- * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
- */
- static int test_wc_CamelliaCbcEncryptDecrypt (void)
- {
- int ret = 0;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- static const byte key24[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- static const byte plainT[] =
- {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- byte enc[CAMELLIA_BLOCK_SIZE];
- byte dec[CAMELLIA_BLOCK_SIZE];
- int camCbcE = WOLFSSL_FATAL_ERROR;
- int camCbcD = WOLFSSL_FATAL_ERROR;
- /* Init stack variables. */
- XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
- XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
- ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
- if (ret == 0) {
- ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE);
- if (ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
- if (ret == 0) {
- ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE);
- if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- printf(testingFmt, "wc_CamelliaCbcEncrypt");
- /* Pass in bad args. */
- if (ret == 0) {
- camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE);
- if (camCbcE == BAD_FUNC_ARG) {
- camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
- CAMELLIA_BLOCK_SIZE);
- }
- if (camCbcE == BAD_FUNC_ARG) {
- camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
- CAMELLIA_BLOCK_SIZE);
- }
- if (camCbcE == BAD_FUNC_ARG) {
- camCbcE = 0;
- } else {
- camCbcE = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, camCbcE == 0 ? passed : failed);
- if (camCbcE != 0) {
- return camCbcE;
- }
- printf(testingFmt, "wc_CamelliaCbcDecrypt()");
- if (ret == 0) {
- camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE);
- if (camCbcD == BAD_FUNC_ARG) {
- camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
- CAMELLIA_BLOCK_SIZE);
- }
- if (camCbcD == BAD_FUNC_ARG) {
- camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
- CAMELLIA_BLOCK_SIZE);
- }
- if (camCbcD == BAD_FUNC_ARG) {
- camCbcD = 0;
- } else {
- camCbcD = WOLFSSL_FATAL_ERROR;
- }
- } /* END bad args. */
- printf(resultFmt, camCbcD == 0 ? passed : failed);
- if (camCbcD != 0) {
- return camCbcD;
- }
- #endif
- return ret;
- } /* END test_wc_CamelliaCbcEncryptDecrypt */
- /*
- * Testing wc_RabbitSetKey()
- */
- static int test_wc_RabbitSetKey (void)
- {
- int ret = 0;
- #ifndef NO_RABBIT
- Rabbit rabbit;
- const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
- "\xFE\x36\x3D\x2E\x29\x13\x28\x91";
- const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";
- printf(testingFmt, "wc_RabbitSetKey()");
- ret = wc_RabbitSetKey(&rabbit, (byte*)key, (byte*)iv);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_RabbitSetKey(NULL, (byte*)key, (byte*)iv);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RabbitSetKey(&rabbit, NULL, (byte*)iv);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RabbitSetKey(&rabbit, (byte*)key, NULL);
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RabbitSetKey */
- /*
- * Test wc_RabbitProcess()
- */
- static int test_wc_RabbitProcess (void)
- {
- int ret = 0;
- #ifndef NO_RABBIT
- Rabbit enc, dec;
- byte cipher[25];
- byte plain[25];
- const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
- "\xFE\x36\x3D\x2E\x29\x13\x28\x91";
- const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";
- const char* input = "Everyone gets Friday off.";
- unsigned long int inlen = XSTRLEN(input);
- /* Initialize stack variables. */
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- printf(testingFmt, "wc_RabbitProcess()");
- ret = wc_RabbitSetKey(&enc, (byte*)key, (byte*)iv);
- if (ret == 0) {
- ret = wc_RabbitSetKey(&dec, (byte*)key, (byte*)iv);
- }
- if (ret == 0) {
- ret = wc_RabbitProcess(&enc, cipher, (byte*)input, (word32)inlen);
- }
- if (ret == 0) {
- ret = wc_RabbitProcess(&dec, plain, cipher, (word32)inlen);
- if (ret != 0 || XMEMCMP(input, plain, inlen)) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_RabbitProcess(NULL, plain, cipher, (word32)inlen);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RabbitProcess(&dec, NULL, cipher, (word32)inlen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RabbitProcess(&dec, plain, NULL, (word32)inlen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RabbitProcess */
- /*
- * Testing wc_Arc4SetKey()
- */
- static int test_wc_Arc4SetKey (void)
- {
- int ret = 0;
- #ifndef NO_RC4
- Arc4 arc;
- const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- int keyLen = 8;
- printf(testingFmt, "wc_Arch4SetKey()");
- ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
- if (ret == BAD_FUNC_ARG)
- ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
- if (ret == BAD_FUNC_ARG)
- ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
- if (ret == BAD_FUNC_ARG)
- ret = WOLFSSL_ERROR_NONE;
- else
- ret = WOLFSSL_FATAL_ERROR;
- } /* END test bad args. */
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Arc4SetKey */
- /*
- * Testing wc_Arc4Process for ENC/DEC.
- */
- static int test_wc_Arc4Process (void)
- {
- int ret = 0;
- #ifndef NO_RC4
- Arc4 enc, dec;
- const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- int keyLen = 8;
- const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- byte cipher[8];
- byte plain[8];
- /* Init stack variables */
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- /* Use for async. */
- ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID);
- }
- printf(testingFmt, "wc_Arc4Process()");
- if (ret == 0) {
- ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen);
- }
- if (ret == 0) {
- ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen);
- }
- if (ret == 0) {
- ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen);
- }
- if (ret == 0) {
- ret = wc_Arc4Process(&dec, plain, cipher, keyLen);
- if (ret != 0 || XMEMCMP(plain, input, keyLen)) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- /* Bad args. */
- if (ret == 0) {
- ret = wc_Arc4Process(NULL, plain, cipher, keyLen);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Arc4Process(&dec, NULL, cipher, keyLen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Arc4Process(&dec, plain, NULL, keyLen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_Arc4Free(&enc);
- wc_Arc4Free(&dec);
- #endif
- return ret;
- }/* END test_wc_Arc4Process */
- /*
- * Testing wc_Init RsaKey()
- */
- static int test_wc_InitRsaKey (void)
- {
- int ret = 0;
- #ifndef NO_RSA
- RsaKey key;
- printf(testingFmt, "wc_InitRsaKey()");
- ret = wc_InitRsaKey(&key, NULL);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_InitRsaKey(NULL, NULL);
- #ifndef HAVE_USER_RSA
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- #else
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- #endif
- ret = WOLFSSL_FATAL_ERROR;
- }
- } /* end if */
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_InitRsaKey */
- /*
- * Testing wc_RsaPrivateKeyDecode()
- */
- static int test_wc_RsaPrivateKeyDecode (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
- || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
- RsaKey key;
- byte* tmp;
- word32 idx = 0;
- int bytes = 0;
- printf(testingFmt, "wc_RsaPrivateKeyDecode()");
- tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_InitRsaKey(&key, NULL);
- }
- if (ret == 0) {
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
- bytes = sizeof_client_key_der_1024;
- #else
- XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
- bytes = sizeof_client_key_der_2048;
- #endif /* Use cert buffers. */
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
- }
- #ifndef HAVE_USER_RSA
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Test bad args. User RSA. */
- if (ret == 0) {
- ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- if (tmp != NULL) {
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaPrivateKeyDecode */
- /*
- * Testing wc_RsaPublicKeyDecode()
- */
- static int test_wc_RsaPublicKeyDecode (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
- || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
- RsaKey keyPub;
- byte* tmp;
- word32 idx = 0;
- int bytes = 0;
- word32 keySz = 0;
- word32 tstKeySz = 0;
- tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_InitRsaKey(&keyPub, NULL);
- }
- if (ret == 0) {
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- bytes = sizeof_client_keypub_der_1024;
- keySz = 1024;
- #else
- XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- bytes = sizeof_client_keypub_der_2048;
- keySz = 2048;
- #endif
- printf(testingFmt, "wc_RsaPublicKeyDecode()");
- ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes);
- }
- #ifndef HAVE_USER_RSA
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- if (wc_FreeRsaKey(&keyPub) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- /* Test for getting modulus key size */
- idx = 0;
- ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
- &tstKeySz, NULL, NULL);
- ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
- }
- if (tmp != NULL) {
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaPublicKeyDecode */
- /*
- * Testing wc_RsaPublicKeyDecodeRaw()
- */
- static int test_wc_RsaPublicKeyDecodeRaw (void)
- {
- int ret = 0;
- #if !defined(NO_RSA)
- RsaKey key;
- const byte n = 0x23;
- const byte e = 0x03;
- int nSz = sizeof(n);
- int eSz = sizeof(e);
- printf(testingFmt, "wc_RsaPublicKeyDecodeRaw()");
- ret = wc_InitRsaKey(&key, NULL);
- if (ret == 0) {
- ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key);
- }
- #ifndef HAVE_USER_RSA
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Pass in bad args. User RSA. */
- if (ret == 0) {
- ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaPublicKeyDecodeRaw */
- #if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
- /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
- * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
- * trying until it gets a probable prime. */
- #ifdef HAVE_FIPS
- static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
- {
- int ret;
- for (;;) {
- ret = wc_MakeRsaKey(key, size, e, rng);
- if (ret != PRIME_GEN_E) break;
- printf("MakeRsaKey couldn't find prime; trying again.\n");
- }
- return ret;
- }
- #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
- #else
- #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
- #endif
- #endif
- /*
- * Testing wc_MakeRsaKey()
- */
- static int test_wc_MakeRsaKey (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey genKey;
- WC_RNG rng;
- #ifndef WOLFSSL_SP_MATH
- int bits = 1024;
- #else
- int bits = 2048;
- #endif
- printf(testingFmt, "wc_MakeRsaKey()");
- ret = wc_InitRsaKey(&genKey, NULL);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
- if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- #ifndef HAVE_USER_RSA
- /* Test bad args. */
- if (ret == 0) {
- ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
- if (ret == BAD_FUNC_ARG) {
- ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- /* e < 3 */
- ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
- }
- if (ret == BAD_FUNC_ARG) {
- /* e & 1 == 0 */
- ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Test bad args. */
- if (ret == 0) {
- ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
- if (ret == USER_CRYPTO_ERROR) {
- ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
- }
- if (ret == USER_CRYPTO_ERROR) {
- /* e < 3 */
- ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
- }
- if (ret == USER_CRYPTO_ERROR) {
- /* e & 1 == 0 */
- ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_MakeRsaKey */
- /*
- * Test the bounds checking on the cipher text versus the key modulus.
- * 1. Make a new RSA key.
- * 2. Set c to 1.
- * 3. Decrypt c into k. (error)
- * 4. Copy the key modulus to c and sub 1 from the copy.
- * 5. Decrypt c into k. (error)
- * Valid bounds test cases are covered by all the other RSA tests.
- */
- static int test_RsaDecryptBoundsCheck(void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
- (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
- defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
- RsaKey key;
- byte flatC[256];
- word32 flatCSz;
- byte out[256];
- word32 outSz = sizeof(out);
- WC_RNG rng;
- printf(testingFmt, "RSA decrypt bounds check");
- XMEMSET(&rng, 0, sizeof(rng));
- ret = wc_InitRng(&rng);
- if (ret == 0)
- ret = wc_InitRsaKey(&key, NULL);
- if (ret == 0) {
- const byte* derKey;
- word32 derKeySz;
- word32 idx = 0;
- #ifdef USE_CERT_BUFFERS_1024
- derKey = server_key_der_1024;
- derKeySz = (word32)sizeof_server_key_der_1024;
- flatCSz = 128;
- #else
- derKey = server_key_der_2048;
- derKeySz = (word32)sizeof_server_key_der_2048;
- flatCSz = 256;
- #endif
- ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz);
- }
- if (ret == 0) {
- XMEMSET(flatC, 0, flatCSz);
- flatC[flatCSz-1] = 1;
- ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
- RSA_PRIVATE_DECRYPT, &rng);
- }
- if (ret == RSA_OUT_OF_RANGE_E) {
- mp_int c;
- mp_init_copy(&c, &key.n);
- mp_sub_d(&c, 1, &c);
- mp_to_unsigned_bin(&c, flatC);
- ret = wc_RsaDirect(flatC, sizeof(flatC), out, &outSz, &key,
- RSA_PRIVATE_DECRYPT, NULL);
- mp_clear(&c);
- }
- if (ret == RSA_OUT_OF_RANGE_E)
- ret = 0;
- if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0)
- ret = WOLFSSL_FATAL_ERROR;
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaDecryptBoundsCheck */
- /*
- * Testing wc_SetKeyUsage()
- */
- static int test_wc_SetKeyUsage (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
- Cert myCert;
- ret = wc_InitCert(&myCert);
- printf(testingFmt, "wc_SetKeyUsage()");
- if (ret == 0) {
- ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement");
- if (ret == 0) {
- ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation");
- }
- if (ret == 0) {
- ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly");
- }
- if (ret == 0) {
- ret = wc_SetKeyUsage(&myCert, "decipherOnly");
- }
- if (ret == 0) {
- ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign");
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_SetKeyUsage(NULL, "decipherOnly");
- if (ret == BAD_FUNC_ARG) {
- ret = wc_SetKeyUsage(&myCert, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_SetKeyUsage(&myCert, "");
- }
- if (ret == KEYUSAGE_E) {
- ret = wc_SetKeyUsage(&myCert, ",");
- }
- if (ret == KEYUSAGE_E) {
- ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign");
- }
- if (ret == KEYUSAGE_E) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_SetKeyUsage */
- #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- static void sample_mutex_cb (int flag, int type, const char* file, int line)
- {
- (void)flag;
- (void)type;
- (void)file;
- (void)line;
- }
- #endif
- /*
- * Testing wc_LockMutex_ex
- */
- static int test_wc_LockMutex_ex (void)
- {
- int ret = 0;
- #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- int flag = CRYPTO_LOCK;
- int type = 0;
- const char* file = "./test-LockMutex_ex.txt";
- int line = 0;
- printf(testingFmt, "wc_LockMutex_ex()");
- /*without SetMutexCb*/
- ret = wc_LockMutex_ex(flag, type, file, line);
- if (ret == BAD_STATE_E) {
- ret = 0;
- }
- /*with SetMutexCb*/
- if (ret == 0) {
- ret = wc_SetMutexCb(sample_mutex_cb);
- if (ret == 0) {
- ret = wc_LockMutex_ex(flag, type, file, line);
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/*End test_wc_LockMutex_ex*/
- /*
- * Testing wc_SetMutexCb
- */
- static int test_wc_SetMutexCb (void)
- {
- int ret = 0;
- #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- printf(testingFmt, "wc_SetMutexCb()");
- ret = wc_SetMutexCb(sample_mutex_cb);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/*End test_wc_SetMutexCb*/
- /*
- * Testing wc_RsaKeyToDer()
- */
- static int test_wc_RsaKeyToDer (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey genKey;
- WC_RNG rng;
- byte* der;
- #ifndef WOLFSSL_SP_MATH
- int bits = 1024;
- word32 derSz = 611;
- /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
- + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
- #else
- int bits = 2048;
- word32 derSz = 1196;
- /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
- + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
- #endif
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&genKey, 0, sizeof(genKey));
- der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- /* Init structures. */
- if (ret == 0) {
- ret = wc_InitRsaKey(&genKey, NULL);
- }
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- /* Make key. */
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
- if (ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(testingFmt, "wc_RsaKeyToDer()");
- if (ret == 0) {
- ret = wc_RsaKeyToDer(&genKey, der, derSz);
- if (ret > 0) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_USER_RSA
- /* Pass good/bad args. */
- if (ret == 0) {
- ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
- if (ret == BAD_FUNC_ARG) {
- /* Get just the output length */
- ret = wc_RsaKeyToDer(&genKey, NULL, 0);
- }
- if (ret > 0) {
- /* Try Public Key. */
- genKey.type = 0;
- ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Pass good/bad args. */
- if (ret == 0) {
- ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
- if (ret == USER_CRYPTO_ERROR) {
- /* Get just the output length */
- ret = wc_RsaKeyToDer(&genKey, NULL, 0);
- }
- if (ret > 0) {
- /* Try Public Key. */
- genKey.type = 0;
- ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- if (der != NULL) {
- XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (wc_FreeRsaKey(&genKey) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaKeyToDer */
- /*
- * Testing wc_RsaKeyToPublicDer()
- */
- static int test_wc_RsaKeyToPublicDer (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\
- (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
- RsaKey key;
- WC_RNG rng;
- byte* der;
- #ifndef WOLFSSL_SP_MATH
- int bits = 1024;
- word32 derLen = 162;
- #else
- int bits = 2048;
- word32 derLen = 290;
- #endif
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_InitRsaKey(&key, NULL);
- }
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
- }
- printf(testingFmt, "wc_RsaKeyToPublicDer()");
- if (ret == 0) {
- ret = wc_RsaKeyToPublicDer(&key, der, derLen);
- if (ret >= 0) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_USER_RSA
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaKeyToPublicDer(&key, der, -1);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaKeyToPublicDer(&key, der, -1);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- if (der != NULL) {
- XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaKeyToPublicDer */
- /*
- * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
- */
- static int test_wc_RsaPublicEncryptDecrypt (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- const char* inStr = "Everyone gets Friday off.";
- word32 plainLen = 25;
- word32 inLen = (word32)XSTRLEN(inStr);
- #ifndef WOLFSSL_SP_MATH
- int bits = 1024;
- word32 cipherLen = 128;
- #else
- int bits = 2048;
- word32 cipherLen = 256;
- #endif
- DECLARE_VAR_INIT(in, byte, inLen, inStr, NULL);
- DECLARE_VAR(plain, byte, plainLen, NULL);
- DECLARE_VAR(cipher, byte, cipherLen, NULL);
- ret = wc_InitRsaKey(&key, NULL);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
- }
- /* Encrypt. */
- printf(testingFmt, "wc_RsaPublicEncrypt()");
- if (ret == 0) {
- ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng);
- if (ret >= 0) {
- cipherLen = ret;
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass bad args. */
- /* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret != 0) {
- return ret;
- }
- /* Decrypt */
- printf(testingFmt, "wc_RsaPrivateDecrypt()");
- #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
- /* Bind rng */
- if (ret == 0) {
- ret = wc_RsaSetRNG(&key, &rng);
- }
- #endif
- if (ret == 0) {
- ret = wc_RsaPrivateDecrypt(cipher, cipherLen, plain, plainLen, &key);
- }
- if (ret >= 0) {
- ret = XMEMCMP(plain, inStr, plainLen);
- }
- /* Pass in bad args. */
- /* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/
- FREE_VAR(in, NULL);
- FREE_VAR(plain, NULL);
- FREE_VAR(cipher, NULL);
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaPublicEncryptDecrypt */
- /*
- * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
- */
- static int test_wc_RsaPublicEncryptDecrypt_ex (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
- && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
- && !defined(NO_SHA)
- RsaKey key;
- WC_RNG rng;
- const char* inStr = "Everyone gets Friday off.";
- word32 inLen = (word32)XSTRLEN(inStr);
- const word32 plainSz = 25;
- byte* res = NULL;
- int idx = 0;
- #ifndef WOLFSSL_SP_MATH
- int bits = 1024;
- const word32 cipherSz = 128;
- #else
- int bits = 2048;
- const word32 cipherSz = 256;
- #endif
- DECLARE_VAR_INIT(in, byte, inLen, inStr, NULL);
- DECLARE_VAR(plain, byte, plainSz, NULL);
- DECLARE_VAR(cipher, byte, cipherSz, NULL);
- /* Initialize stack structures. */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
- }
- /* Encrypt */
- printf(testingFmt, "wc_RsaPublicEncrypt_ex()");
- if (ret == 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- if (ret >= 0) {
- idx = ret;
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /*Pass bad args.*/
- /* Tests RsaPublicEncryptEx again. No need duplicate. */
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret != 0) {
- return ret;
- }
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- /* Decrypt */
- printf(testingFmt, "wc_RsaPrivateDecrypt_ex()");
- #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
- if (ret == 0) {
- ret = wc_RsaSetRNG(&key, &rng);
- }
- #endif
- if (ret == 0) {
- ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
- plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
- WC_MGF1SHA1, NULL, 0);
- }
- if (ret >= 0) {
- if (!XMEMCMP(plain, inStr, plainSz)) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /*Pass bad args.*/
- /* Tests RsaPrivateDecryptEx() again. No need duplicate. */
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret != 0) {
- return ret;
- }
- printf(testingFmt, "wc_RsaPrivateDecryptInline_ex()");
- if (ret == 0) {
- ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
- &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
- WC_MGF1SHA1, NULL, 0);
- if (ret >= 0) {
- if (!XMEMCMP(inStr, res, plainSz)) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- #endif
- FREE_VAR(in, NULL);
- FREE_VAR(plain, NULL);
- FREE_VAR(cipher, NULL);
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaPublicEncryptDecrypt_ex */
- /*
- * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
- */
- static int test_wc_RsaSSL_SignVerify (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- const char* inStr = "Everyone gets Friday off.";
- const word32 plainSz = 25;
- word32 inLen = (word32)XSTRLEN(inStr);
- word32 idx = 0;
- #ifndef WOLFSSL_SP_MATH
- int bits = 1024;
- const word32 outSz = 128;
- #else
- int bits = 2048;
- const word32 outSz = 256;
- #endif
- DECLARE_VAR_INIT(in, byte, inLen, inStr, NULL);
- DECLARE_VAR(out, byte, outSz, NULL);
- DECLARE_VAR(plain, byte, plainSz, NULL);
- ret = wc_InitRsaKey(&key, NULL);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
- }
- /* Sign. */
- printf(testingFmt, "wc_RsaSSL_Sign()");
- if (ret == 0) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng);
- if (ret == (int)outSz) {
- idx = ret;
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_USER_RSA
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret != 0) {
- return ret;
- }
- /* Verify. */
- printf(testingFmt, "wc_RsaSSL_Verify()");
- if (ret == 0) {
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
- if (ret == (int)inLen) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #ifndef HAVE_USER_RSA
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- FREE_VAR(in, NULL);
- FREE_VAR(out, NULL);
- FREE_VAR(plain, NULL);
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaSSL_SignVerify */
- /*
- * Testing wc_RsaEncryptSize()
- */
- static int test_wc_RsaEncryptSize (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- ret = wc_InitRsaKey(&key, NULL);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- printf(testingFmt, "wc_RsaEncryptSize()");
- #ifndef WOLFSSL_SP_MATH
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng);
- if (ret == 0) {
- ret = wc_RsaEncryptSize(&key);
- }
- if (ret == 128) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- #endif
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng);
- if (ret == 0) {
- ret = wc_RsaEncryptSize(&key);
- }
- if (ret == 256) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Pass in bad arg. */
- if (ret == 0) {
- ret = wc_RsaEncryptSize(NULL);
- #ifndef HAVE_USER_RSA
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- #endif
- }
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaEncryptSize*/
- /*
- * Testing wc_RsaFlattenPublicKey()
- */
- static int test_wc_RsaFlattenPublicKey (void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- byte e[256];
- byte n[256];
- word32 eSz = sizeof(e);
- word32 nSz = sizeof(n);
- #ifndef WOLFSSL_SP_MATH
- int bits = 1024;
- #else
- int bits = 2048;
- #endif
- ret = wc_InitRsaKey(&key, NULL);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
- if (ret >= 0) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(testingFmt, "wc_RsaFlattenPublicKey()");
- if (ret == 0) {
- ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
- }
- #ifndef HAVE_USER_RSA
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- /* Pass bad args. */
- if (ret == 0) {
- ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
- }
- if (ret == USER_CRYPTO_ERROR) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- if (wc_FreeRsaKey(&key) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) || ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_RsaFlattenPublicKey */
- /*
- * unit test for wc_AesCcmSetKey
- */
- static int test_wc_AesCcmSetKey (void)
- {
- int ret = 0;
- #ifdef HAVE_AESCCM
- Aes aes;
- const byte key16[] =
- {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- const byte key24[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- const byte key32[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- printf(testingFmt, "wc_AesCcmSetKey()");
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- #ifdef WOLFSSL_AES_128
- ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
- #endif
- #ifdef WOLFSSL_AES_192
- if (ret == 0) {
- ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24));
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32));
- }
- #endif
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1);
- }
- if (ret != BAD_FUNC_ARG) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- }
- wc_AesFree(&aes);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_AesCcmSetKey */
- /*
- * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
- */
- static int test_wc_AesCcmEncryptDecrypt (void)
- {
- int ret = 0;
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- Aes aes;
- const byte key16[] =
- {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- /* plaintext */
- const byte plainT[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
- };
- /* nonce */
- const byte iv[] =
- {
- 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
- 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
- };
- const byte c[] = /* cipher text. */
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
- };
- const byte t[] = /* Auth tag */
- {
- 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
- };
- const byte authIn[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- byte cipherOut[sizeof(plainT)];
- byte authTag[sizeof(t)];
- int ccmE = WOLFSSL_FATAL_ERROR;
- #ifdef HAVE_AES_DECRYPT
- int ccmD = WOLFSSL_FATAL_ERROR;
- byte plainOut[sizeof(cipherOut)];
- #endif
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
- if (ret == 0) {
- ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag),
- authIn , sizeof(authIn));
- if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) ||
- XMEMCMP(t, authTag, sizeof(t))) {
- ccmE = WOLFSSL_FATAL_ERROR;
- ret = WOLFSSL_FATAL_ERROR;
- }
- #ifdef HAVE_AES_DECRYPT
- if (ret == 0) {
- ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
- sizeof(plainOut), iv, sizeof(iv),
- authTag, sizeof(authTag),
- authIn, sizeof(authIn));
- if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) {
- ccmD = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- }
- printf(testingFmt, "wc_AesCcmEncrypt()");
- /* Pass in bad args. Encrypt*/
- if (ret == 0 && ccmE == 0) {
- ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag),
- authIn , sizeof(authIn));
- if (ccmE == BAD_FUNC_ARG) {
- ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag),
- authIn , sizeof(authIn));
- }
- if (ccmE == BAD_FUNC_ARG) {
- ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag),
- authIn , sizeof(authIn));
- }
- if (ccmE == BAD_FUNC_ARG) {
- ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- NULL, sizeof(iv), authTag, sizeof(authTag),
- authIn , sizeof(authIn));
- }
- if (ccmE == BAD_FUNC_ARG) {
- ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv), NULL, sizeof(authTag),
- authIn , sizeof(authIn));
- }
- if (ccmE == BAD_FUNC_ARG) {
- ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv) + 1, authTag, sizeof(authTag),
- authIn , sizeof(authIn));
- }
- if (ccmE == BAD_FUNC_ARG) {
- ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv) - 7, authTag, sizeof(authTag),
- authIn , sizeof(authIn));
- }
- if (ccmE != BAD_FUNC_ARG) {
- ccmE = WOLFSSL_FATAL_ERROR;
- } else {
- ccmE = 0;
- }
- } /* End Encrypt */
- printf(resultFmt, ccmE == 0 ? passed : failed);
- if (ccmE != 0) {
- wc_AesFree(&aes);
- return ccmE;
- }
- #ifdef HAVE_AES_DECRYPT
- printf(testingFmt, "wc_AesCcmDecrypt()");
- /* Pass in bad args. Decrypt*/
- if (ret == 0 && ccmD == 0) {
- ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
- iv, sizeof(iv), authTag, sizeof(authTag),
- authIn, sizeof(authIn));
- if (ccmD == BAD_FUNC_ARG) {
- ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
- iv, sizeof(iv), authTag, sizeof(authTag),
- authIn, sizeof(authIn));
- }
- if (ccmD == BAD_FUNC_ARG) {
- ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
- iv, sizeof(iv), authTag, sizeof(authTag),
- authIn, sizeof(authIn));
- }
- if (ccmD == BAD_FUNC_ARG) {
- ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
- sizeof(plainOut), NULL, sizeof(iv),
- authTag, sizeof(authTag),
- authIn, sizeof(authIn));
- }
- if (ccmD == BAD_FUNC_ARG) {
- ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
- sizeof(plainOut), iv, sizeof(iv), NULL,
- sizeof(authTag), authIn, sizeof(authIn));
- }
- if (ccmD == BAD_FUNC_ARG) {
- ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
- sizeof(plainOut), iv, sizeof(iv) + 1,
- authTag, sizeof(authTag),
- authIn, sizeof(authIn));
- }
- if (ccmD == BAD_FUNC_ARG) {
- ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
- sizeof(plainOut), iv, sizeof(iv) - 7,
- authTag, sizeof(authTag),
- authIn, sizeof(authIn));
- }
- if (ccmD != BAD_FUNC_ARG) {
- ccmD = WOLFSSL_FATAL_ERROR;
- } else {
- ccmD = 0;
- }
- } /* END Decrypt */
- printf(resultFmt, ccmD == 0 ? passed : failed);
- if (ccmD != 0) {
- return ccmD;
- }
- #endif
- wc_AesFree(&aes);
- #endif /* HAVE_AESCCM */
- return ret;
- } /* END test_wc_AesCcmEncryptDecrypt */
- /*
- * Test wc_Hc128_SetKey()
- */
- static int test_wc_Hc128_SetKey (void)
- {
- int ret = 0;
- #ifdef HAVE_HC128
- HC128 ctx;
- const char* key = "\x80\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- const char* iv = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
- "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
- printf(testingFmt, "wc_Hc128_SetKey()");
- ret = wc_Hc128_SetKey(&ctx, (byte*)key, (byte*)iv);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_Hc128_SetKey(NULL, (byte*)key, (byte*)iv);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Hc128_SetKey(&ctx, NULL, (byte*)iv);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Hc128_SetKey(&ctx, (byte*)key, NULL);
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Hc128_SetKey */
- /*
- * Testing wc_Hc128_Process()
- */
- static int test_wc_Hc128_Process (void)
- {
- int ret = 0;
- #ifdef HAVE_HC128
- HC128 enc;
- HC128 dec;
- const char* key = "\x0F\x62\xB5\x08\x5B\xAE\x01\x54"
- "\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC";
- const char* input = "Encrypt Hc128, and then Decrypt.";
- size_t inlen = XSTRLEN(input) + 1; /* Add null terminator */
- byte cipher[inlen];
- byte plain[inlen];
- printf(testingFmt, "wc_Hc128_Process()");
- ret = wc_Hc128_SetKey(&enc, (byte*)key, NULL);
- if (ret == 0) {
- ret = wc_Hc128_SetKey(&dec, (byte*)key, NULL);
- }
- if (ret == 0) {
- ret = wc_Hc128_Process(&enc, cipher, (byte*)input, (word32)inlen);
- if (ret == 0) {
- ret = wc_Hc128_Process(&dec, plain, cipher, (word32)inlen);
- }
- }
- /* Bad args. */
- if (ret == 0) {
- ret = wc_Hc128_Process(NULL, plain, cipher, (word32)inlen);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Hc128_Process(&dec, NULL, cipher, (word32)inlen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_Hc128_Process(&dec, plain, NULL, (word32)inlen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_Hc128_Process */
- /*
- * Testing wc_InitDsaKey()
- */
- static int test_wc_InitDsaKey (void)
- {
- int ret = 0;
- #ifndef NO_DSA
- DsaKey key;
- printf(testingFmt, "wc_InitDsaKey()");
- ret = wc_InitDsaKey(&key);
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_InitDsaKey(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&key);
- #endif
- return ret;
- } /* END test_wc_InitDsaKey */
- /*
- * Testing wc_DsaSign() and wc_DsaVerify()
- */
- static int test_wc_DsaSignVerify (void)
- {
- int ret = 0;
- #if !defined(NO_DSA)
- DsaKey key;
- WC_RNG rng;
- wc_Sha sha;
- byte signature[DSA_SIG_SIZE];
- byte hash[WC_SHA_DIGEST_SIZE];
- word32 idx = 0;
- word32 bytes;
- int answer;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
- if (fp == XBADFILE) {
- return WOLFSSL_BAD_FILE;
- }
- bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- ret = wc_InitSha(&sha);
- if (ret == 0) {
- ret = wc_ShaUpdate(&sha, tmp, bytes);
- if (ret == 0) {
- ret = wc_ShaFinal(&sha, hash);
- }
- if (ret == 0) {
- ret = wc_InitDsaKey(&key);
- }
- if (ret == 0) {
- ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
- }
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- }
- printf(testingFmt, "wc_DsaSign()");
- /* Sign. */
- if (ret == 0) {
- ret = wc_DsaSign(hash, signature, &key, &rng);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_DsaSign(NULL, signature, &key, &rng);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaSign(hash, NULL, &key, &rng);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaSign(hash, signature, NULL, &rng);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaSign(hash, signature, &key, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret != 0) {
- return ret;
- }
- /* Verify. */
- printf(testingFmt, "wc_DsaVerify()");
- ret = wc_DsaVerify(hash, signature, &key, &answer);
- if (ret != 0 || answer != 1) {
- ret = WOLFSSL_FATAL_ERROR;
- } else {
- ret = 0;
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_DsaVerify(NULL, signature, &key, &answer);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaVerify(hash, NULL, &key, &answer);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaVerify(hash, signature, NULL, &answer);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaVerify(hash, signature, &key, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&key);
- wc_ShaFree(&sha);
- #endif
- return ret;
- } /* END test_wc_DsaSign */
- /*
- * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
- */
- static int test_wc_DsaPublicPrivateKeyDecode (void)
- {
- int ret = 0;
- #if !defined(NO_DSA)
- DsaKey key;
- word32 bytes;
- word32 idx = 0;
- int priv = WOLFSSL_FATAL_ERROR;
- int pub = WOLFSSL_FATAL_ERROR;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
- if (fp == XBADFILE)
- {
- return WOLFSSL_BAD_FILE;
- }
- bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- ret = wc_InitDsaKey(&key);
- printf(testingFmt, "wc_DsaPrivateKeyDecode()");
- if (ret == 0) {
- priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
- /* Test bad args. */
- if (priv == 0) {
- priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes);
- if (priv == BAD_FUNC_ARG) {
- priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes);
- }
- if (priv == BAD_FUNC_ARG) {
- priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes);
- }
- if (priv == BAD_FUNC_ARG) {
- priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
- }
- if (priv == ASN_PARSE_E) {
- priv = 0;
- } else {
- priv = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_FreeDsaKey(&key);
- ret = wc_InitDsaKey(&key);
- }
- printf(resultFmt, priv == 0 ? passed : failed);
- printf(testingFmt, "wc_DsaPublicKeyDecode()");
- if (ret == 0) {
- idx = 0; /* Reset */
- pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
- /* Test bad args. */
- if (pub == 0) {
- pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes);
- if (pub == BAD_FUNC_ARG) {
- pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes);
- }
- if (pub == BAD_FUNC_ARG) {
- pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes);
- }
- if (pub == BAD_FUNC_ARG) {
- pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
- }
- if (pub == ASN_PARSE_E) {
- pub = 0;
- } else {
- pub = WOLFSSL_FATAL_ERROR;
- }
- }
- } /* END Public Key */
- printf(resultFmt, pub == 0 ? passed : failed);
- wc_FreeDsaKey(&key);
- #endif
- return ret;
- } /* END test_wc_DsaPublicPrivateKeyDecode */
- /*
- * Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
- */
- static int test_wc_MakeDsaKey (void)
- {
- int ret = 0;
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey genKey;
- WC_RNG rng;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&genKey, 0, sizeof(genKey));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_InitDsaKey(&genKey);
- }
- printf(testingFmt, "wc_MakeDsaParameters()");
- if (ret == 0) {
- ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_MakeDsaKey()");
- if (ret == 0) {
- ret = wc_MakeDsaKey(&rng, &genKey);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_MakeDsaKey(NULL, &genKey);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_MakeDsaKey(&rng, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FAILURE;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&genKey);
- #endif
- return ret;
- } /* END test_wc_MakeDsaKey */
- /*
- * Testing wc_DsaKeyToDer()
- */
- static int test_wc_DsaKeyToDer (void)
- {
- int ret = 0;
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey genKey;
- WC_RNG rng;
- word32 bytes;
- word32 idx = 0;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- byte der[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMSET(der, 0, sizeof(der));
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- byte der[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMSET(der, 0, sizeof(der));
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- byte der[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMSET(der, 0, sizeof(der));
- XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
- if (fp == XBADFILE) {
- return WOLFSSL_BAD_FILE;
- }
- bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&genKey, 0, sizeof(genKey));
- #endif
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_InitDsaKey(&genKey);
- }
- if (ret == 0) {
- ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey);
- if (ret == 0) {
- wc_FreeDsaKey(&genKey);
- ret = wc_InitDsaKey(&genKey);
- }
- }
- if (ret == 0) {
- ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes);
- }
- printf(testingFmt, "wc_DsaKeyToDer()");
- if (ret == 0) {
- ret = wc_DsaKeyToDer(&genKey, der, bytes);
- if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) {
- ret = 0;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&genKey);
- #endif
- return ret;
- } /* END test_wc_DsaKeyToDer */
- /*
- * Testing wc_DsaKeyToPublicDer()
- * (indirectly testing setDsaPublicKey())
- */
- static int test_wc_DsaKeyToPublicDer(void)
- {
- int ret = 0;
- #ifndef HAVE_SELFTEST
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey genKey;
- WC_RNG rng;
- byte* der;
- printf(testingFmt, "wc_DsaKeyToPublicDer()");
- der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_InitDsaKey(&genKey);
- }
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
- }
- if (ret == 0) {
- ret = wc_MakeDsaKey(&rng, &genKey);
- }
- if (ret == 0) {
- ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
- if (ret >= 0) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- XFREE(der,NULL,DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(&genKey);
- #endif /* !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) */
- #endif /* HAVE_SELFTEST */
- return ret;
- } /* END test_wc_DsaKeyToPublicDer */
- /*
- * Testing wc_DsaImportParamsRaw()
- */
- static int test_wc_DsaImportParamsRaw (void)
- {
- int ret = 0;
- #if !defined(NO_DSA)
- DsaKey key;
- /* [mod = L=1024, N=160], from CAVP KeyPair */
- const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
- "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
- "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
- "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
- "47123188f8dc551054ee162b634d60f097f719076640e209"
- "80a0093113a8bd73";
- const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
- const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
- "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
- "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
- "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
- "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
- "76341a7e7d9";
- /* invalid p and q parameters */
- const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
- const char* invalidQ = "96c5390a";
- printf(testingFmt, "wc_DsaImportParamsRaw()");
- ret = wc_InitDsaKey(&key);
- if (ret == 0) {
- ret = wc_DsaImportParamsRaw(&key, p, q, g);
- }
- /* test bad args */
- if (ret == 0) {
- /* null key struct */
- ret = wc_DsaImportParamsRaw(NULL, p, q, g);
- if (ret == BAD_FUNC_ARG) {
- /* null param pointers */
- ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- /* illegal p length */
- ret = wc_DsaImportParamsRaw(&key, invalidP, q, g);
- }
- if (ret == BAD_FUNC_ARG) {
- /* illegal q length */
- ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&key);
- #endif
- return ret;
- } /* END test_wc_DsaImportParamsRaw */
- /*
- * Testing wc_DsaImportParamsRawCheck()
- */
- static int test_wc_DsaImportParamsRawCheck (void)
- {
- int ret = 0;
- #if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- DsaKey key;
- int trusted = 0;
- /* [mod = L=1024, N=160], from CAVP KeyPair */
- const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
- "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
- "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
- "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
- "47123188f8dc551054ee162b634d60f097f719076640e209"
- "80a0093113a8bd73";
- const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
- const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
- "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
- "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
- "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
- "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
- "76341a7e7d9";
- /* invalid p and q parameters */
- const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
- const char* invalidQ = "96c5390a";
- printf(testingFmt, "wc_DsaImportParamsRawCheck()");
- ret = wc_InitDsaKey(&key);
- if (ret == 0) {
- ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL);
- }
- /* test bad args */
- if (ret == 0) {
- /* null key struct */
- ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL);
- if (ret == BAD_FUNC_ARG) {
- /* null param pointers */
- ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- /* illegal p length */
- ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- /* illegal q length */
- ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&key);
- #endif
- return ret;
- } /* END test_wc_DsaImportParamsRawCheck */
- /*
- * Testing wc_DsaExportParamsRaw()
- */
- static int test_wc_DsaExportParamsRaw (void)
- {
- int ret = 0;
- #if !defined(NO_DSA)
- DsaKey key;
- /* [mod = L=1024, N=160], from CAVP KeyPair */
- const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
- "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
- "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
- "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
- "47123188f8dc551054ee162b634d60f097f719076640e209"
- "80a0093113a8bd73";
- const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
- const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
- "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
- "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
- "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
- "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
- "76341a7e7d9";
- const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
- "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
- "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
- "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
- "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
- "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
- "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
- "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
- "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
- "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
- "\x80\xa0\x09\x31\x13\xa8\xbd\x73";
- const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
- "\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
- const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
- "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
- "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
- "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
- "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
- "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
- "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
- "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
- "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
- "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
- "\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
- byte pOut[MAX_DSA_PARAM_SIZE];
- byte qOut[MAX_DSA_PARAM_SIZE];
- byte gOut[MAX_DSA_PARAM_SIZE];
- word32 pOutSz, qOutSz, gOutSz;
- printf(testingFmt, "wc_DsaExportParamsRaw()");
- ret = wc_InitDsaKey(&key);
- if (ret == 0) {
- /* first test using imported raw parameters, for expected */
- ret = wc_DsaImportParamsRaw(&key, p, q, g);
- }
- if (ret == 0) {
- pOutSz = sizeof(pOut);
- qOutSz = sizeof(qOut);
- gOutSz = sizeof(gOut);
- ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
- gOut, &gOutSz);
- }
- if (ret == 0) {
- /* validate exported parameters are correct */
- if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) ||
- (XMEMCMP(qOut, qCompare, qOutSz) != 0) ||
- (XMEMCMP(gOut, gCompare, gOutSz) != 0) ) {
- ret = -1;
- }
- }
- /* test bad args */
- if (ret == 0) {
- /* null key struct */
- ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz,
- gOut, &gOutSz);
- if (ret == BAD_FUNC_ARG) {
- /* null output pointers */
- ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz,
- NULL, &gOutSz);
- }
- if (ret == LENGTH_ONLY_E) {
- /* null output size pointers */
- ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL,
- gOut, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- /* p output buffer size too small */
- pOutSz = 1;
- ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
- gOut, &gOutSz);
- pOutSz = sizeof(pOut);
- }
- if (ret == BUFFER_E) {
- /* q output buffer size too small */
- qOutSz = 1;
- ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
- gOut, &gOutSz);
- qOutSz = sizeof(qOut);
- }
- if (ret == BUFFER_E) {
- /* g output buffer size too small */
- gOutSz = 1;
- ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
- gOut, &gOutSz);
- if (ret == BUFFER_E)
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&key);
- #endif
- return ret;
- } /* END test_wc_DsaExportParamsRaw */
- /*
- * Testing wc_DsaExportKeyRaw()
- */
- static int test_wc_DsaExportKeyRaw (void)
- {
- int ret = 0;
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey key;
- WC_RNG rng;
- byte xOut[MAX_DSA_PARAM_SIZE];
- byte yOut[MAX_DSA_PARAM_SIZE];
- word32 xOutSz, yOutSz;
- printf(testingFmt, "wc_DsaExportKeyRaw()");
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_InitDsaKey(&key);
- }
- if (ret == 0) {
- ret = wc_MakeDsaParameters(&rng, 1024, &key);
- if (ret == 0) {
- ret = wc_MakeDsaKey(&rng, &key);
- }
- }
- /* try successful export */
- if (ret == 0) {
- xOutSz = sizeof(xOut);
- yOutSz = sizeof(yOut);
- ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
- }
- /* test bad args */
- if (ret == 0) {
- /* null key struct */
- ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz);
- if (ret == BAD_FUNC_ARG) {
- /* null output pointers */
- ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz);
- }
- if (ret == LENGTH_ONLY_E) {
- /* null output size pointers */
- ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- /* x output buffer size too small */
- xOutSz = 1;
- ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
- xOutSz = sizeof(xOut);
- }
- if (ret == BUFFER_E) {
- /* y output buffer size too small */
- yOutSz = 1;
- ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
- if (ret == BUFFER_E)
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeDsaKey(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /* END test_wc_DsaExportParamsRaw */
- /*
- * Testing wc_ed25519_make_key().
- */
- static int test_wc_ed25519_make_key (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519)
- ed25519_key key;
- WC_RNG rng;
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed25519_init(&key);
- }
- printf(testingFmt, "wc_ed25519_make_key()");
- if (ret == 0) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed25519_make_key */
- /*
- * Testing wc_ed25519_init()
- */
- static int test_wc_ed25519_init (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519)
- ed25519_key key;
- printf(testingFmt, "wc_ed25519_init()");
- ret = wc_ed25519_init(&key);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed25519_init(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ed25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed25519_init */
- /*
- * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
- */
- static int test_wc_ed25519_sign_msg (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
- WC_RNG rng;
- ed25519_key key;
- byte msg[] = "Everybody gets Friday off.\n";
- byte sig[ED25519_SIG_SIZE];
- word32 msglen = sizeof(msg);
- word32 siglen = sizeof(sig);
- word32 badSigLen = sizeof(sig) - 1;
- int verify_ok = 0; /*1 = Verify success.*/
- /* Initialize stack variables. */
- XMEMSET(sig, 0, siglen);
- /* Initialize key. */
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed25519_init(&key);
- if (ret == 0) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- }
- }
- printf(testingFmt, "wc_ed25519_sign_msg()");
- if (ret == 0) {
- ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key);
- }
- /* Test bad args. */
- if (ret == 0 && siglen == ED25519_SIG_SIZE) {
- ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key);
- }
- if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) {
- badSigLen -= 1;
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- } /* END sign */
- printf(resultFmt, ret == 0 ? passed : failed);
- #ifdef HAVE_ED25519_VERIFY
- printf(testingFmt, "wc_ed25519_verify_msg()");
- if (ret == 0) {
- ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key);
- if (ret == 0 && verify_ok == 1) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- /* Test bad args. */
- if (ret == 0) {
- AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg,
- msglen, &verify_ok, &key),
- BAD_FUNC_ARG);
- AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg,
- msglen, &verify_ok, &key),
- BAD_FUNC_ARG);
- ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
- &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen,
- &verify_ok, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
- NULL, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
- &verify_ok, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen,
- &verify_ok, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- } /* END verify. */
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* Verify. */
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed25519_sign_msg */
- /*
- * Testing wc_ed25519_import_public()
- */
- static int test_wc_ed25519_import_public (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
- WC_RNG rng;
- ed25519_key pubKey;
- const byte in[] = "Ed25519PublicKeyUnitTest......\n";
- word32 inlen = sizeof(in);
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed25519_init(&pubKey);
- if (ret == 0) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey);
- }
- }
- printf(testingFmt, "wc_ed25519_import_public()");
- if (ret == 0) {
- ret = wc_ed25519_import_public(in, inlen, &pubKey);
- if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
- ret = 0;
- } else {
- ret = SSL_FATAL_ERROR;
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed25519_import_public(NULL, inlen, &pubKey);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_import_public(in, inlen, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_import_public(in, inlen - 1, &pubKey);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&pubKey);
- #endif
- return ret;
- } /* END wc_ed25519_import_public */
- /*
- * Testing wc_ed25519_import_private_key()
- */
- static int test_wc_ed25519_import_private_key (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
- WC_RNG rng;
- ed25519_key key;
- const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
- const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n";
- word32 privKeySz = sizeof(privKey);
- word32 pubKeySz = sizeof(pubKey);
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed25519_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- printf(testingFmt, "wc_ed25519_import_private_key()");
- if (ret == 0) {
- ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz, &key);
- if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
- || XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
- ret = SSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
- &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
- pubKeySz, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
- pubKeySz, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz - 1, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed25519_import_private_key */
- /*
- * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
- */
- static int test_wc_ed25519_export (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- WC_RNG rng;
- ed25519_key key;
- byte priv[ED25519_PRV_KEY_SIZE];
- byte pub[ED25519_PUB_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed25519_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- if (ret == 0) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- }
- printf(testingFmt, "wc_ed25519_export_public()");
- if (ret == 0) {
- ret = wc_ed25519_export_public(&key, pub, &pubSz);
- if (ret == 0 && (pubSz != ED25519_KEY_SIZE
- || XMEMCMP(key.p, pub, pubSz) != 0)) {
- ret = SSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_ed25519_export_public(NULL, pub, &pubSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_public(&key, NULL, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_public(&key, pub, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_ed25519_export_private_only()");
- if (ret == 0) {
- ret = wc_ed25519_export_private_only(&key, priv, &privSz);
- if (ret == 0 && (privSz != ED25519_KEY_SIZE
- || XMEMCMP(key.k, priv, privSz) != 0)) {
- ret = SSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_ed25519_export_private_only(NULL, priv, &privSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_private_only(&key, NULL, &privSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_private_only(&key, priv, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed25519_export */
- /*
- * Testing wc_ed25519_size()
- */
- static int test_wc_ed25519_size (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519)
- WC_RNG rng;
- ed25519_key key;
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed25519_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- wc_ed25519_free(&key);
- return ret;
- }
- printf(testingFmt, "wc_ed25519_size()");
- ret = wc_ed25519_size(&key);
- /* Test bad args. */
- if (ret == ED25519_KEY_SIZE) {
- ret = wc_ed25519_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_ed25519_sig_size()");
- ret = wc_ed25519_sig_size(&key);
- if (ret == ED25519_SIG_SIZE) {
- ret = 0;
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed25519_sig_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed25519_sig_size() */
- if (ret == 0) {
- printf(testingFmt, "wc_ed25519_pub_size");
- ret = wc_ed25519_pub_size(&key);
- if (ret == ED25519_PUB_KEY_SIZE) {
- ret = 0;
- }
- if (ret == 0) {
- ret = wc_ed25519_pub_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed25519_pub_size */
- if (ret == 0) {
- printf(testingFmt, "wc_ed25519_priv_size");
- ret = wc_ed25519_priv_size(&key);
- if (ret == ED25519_PRV_KEY_SIZE) {
- ret = 0;
- }
- if (ret == 0) {
- ret = wc_ed25519_priv_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed25519_pub_size */
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed25519_size */
- /*
- * Testing wc_ed25519_export_private() and wc_ed25519_export_key()
- */
- static int test_wc_ed25519_exportKey (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- WC_RNG rng;
- ed25519_key key;
- byte priv[ED25519_PRV_KEY_SIZE];
- byte pub[ED25519_PUB_KEY_SIZE];
- byte privOnly[ED25519_PRV_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- word32 privOnlySz = sizeof(privOnly);
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed25519_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- wc_ed25519_free(&key);
- return ret;
- }
- printf(testingFmt, "wc_ed25519_export_private()");
- ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz);
- if (ret == 0) {
- ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_private(&key, NULL, &privOnlySz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_private(&key, privOnly, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_ed25519_export_key()");
- ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz);
- if (ret == 0) {
- ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed25519_export_key() */
- /* Cross check output. */
- if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
- ret = SSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed25519_exportKey */
- /*
- * Testing wc_Ed25519PublicKeyToDer
- */
- static int test_wc_Ed25519PublicKeyToDer (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- int tmp;
- ed25519_key key;
- byte derBuf[1024];
- printf(testingFmt, "wc_Ed25519PublicKeyToDer()");
- /* Test bad args */
- tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0);
- if (tmp != BAD_FUNC_ARG) {
- ret = SSL_FATAL_ERROR;
- }
- if (ret == 0) {
- wc_ed25519_init(&key);
- tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0);
- if (tmp != BUFFER_E) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed25519_free(&key);
- }
- /* Test good args */
- if (ret == 0) {
- WC_RNG rng;
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed25519_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- wc_ed25519_free(&key);
- return ret;
- }
- tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1);
- if (tmp <= 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_FreeRng(&rng);
- wc_ed25519_free(&key);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END testing wc_Ed25519PublicKeyToDer */
- /*
- * Testing wc_curve25519_init and wc_curve25519_free.
- */
- static int test_wc_curve25519_init (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- printf(testingFmt, "wc_curve25519_init()");
- ret = wc_curve25519_init(&key);
- /* Test bad args for wc_curve25519_init */
- if (ret == 0) {
- ret = wc_curve25519_init(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- /* Test good args for wc_curve_25519_free */
- wc_curve25519_free(&key);
- wc_curve25519_free(NULL);
- #endif
- return ret;
- } /* END test_wc_curve25519_init and wc_curve_25519_free*/
- /*
- * Testing test_wc_curve25519_size.
- */
- static int test_wc_curve25519_size (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- printf(testingFmt, "wc_curve25519_size()");
- ret = wc_curve25519_init(&key);
- /* Test good args for wc_curve25519_size */
- if (ret == 0) {
- ret = wc_curve25519_size(&key);
- }
- /* Test bad args for wc_curve25519_size */
- if (ret != 0) {
- ret = wc_curve25519_size(NULL);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&key);
- #endif
- return ret;
- } /* END test_wc_curve25519_size*/
- /*
- * Testing test_wc_curve25519_export_key_raw().
- */
- static int test_wc_curve25519_export_key_raw (void)
- {
- #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
- curve25519_key key;
- WC_RNG rng;
- byte privateKey[CURVE25519_KEYSIZE];
- byte publicKey[CURVE25519_KEYSIZE];
- word32 prvkSz;
- word32 pubkSz;
- byte prik[CURVE25519_KEYSIZE];
- byte pubk[CURVE25519_KEYSIZE];
- word32 prksz;
- word32 pbksz;
- printf(testingFmt, "wc_curve25519_export_key_raw()");
- if(0 != wc_InitRng(&rng)){
- printf(testingFmt, "failed due to wc_InitRng");
- fflush( stdout );
- return 1;
- }
- if(0 != wc_curve25519_init(&key)){
- printf(testingFmt, "failed due to wc_curve25519_init");
- fflush( stdout );
- wc_FreeRng(&rng);
- return 1;
- }
- if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
- printf(testingFmt, "failed due to wc_curve25519_make_key");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- /*
- bad-argument-test cases
- target function sould return BAD_FUNC_ARG
- */
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
- NULL , privateKey, &prvkSz, publicKey, &pubkSz)){
- printf(testingFmt,"failed at bad-arg-case-1.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
- &key , NULL, &prvkSz, publicKey, &pubkSz)){
- printf(testingFmt,"failed at bad-arg-case-2.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
- &key , privateKey, NULL, publicKey, &pubkSz)){
- printf(testingFmt,"failed at bad-arg-case-3.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
- &key , privateKey, &prvkSz, NULL, &pubkSz)){
- printf(testingFmt,"failed at bad-arg-case-4.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
- &key , privateKey, &prvkSz, publicKey, NULL )){
- printf(testingFmt,"failed at bad-arg-case-5.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- /*
- cross-testing
- */
- prksz = CURVE25519_KEYSIZE;
- if( 0 != wc_curve25519_export_private_raw(&key, prik, &prksz)){
- printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- pbksz = CURVE25519_KEYSIZE;
- if(0 != wc_curve25519_export_public(&key, pubk, &pbksz)){
- printf(testingFmt,"failed due to wc_curve25519_export_public");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(0 != wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
- publicKey, &pubkSz)){
- printf(testingFmt,"failed due to wc_curve25519_export_key_raw");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- if((prksz == CURVE25519_KEYSIZE) &&
- (pbksz == CURVE25519_KEYSIZE) &&
- (prvkSz == CURVE25519_KEYSIZE) &&
- (pubkSz == CURVE25519_KEYSIZE)){
- if( 0 == XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) &&
- 0 == XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE)){
- printf(resultFmt,passed);
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 0;
- }
- else{
- printf(testingFmt,"failed due to key-contents-inconsistency.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- }
- else{
- printf(testingFmt,"failed due to bad-key-size.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- #endif
- fflush( stdout );
- return 0;
- } /* end of test_wc_curve25519_export_key_raw */
- /*
- * Testing test_wc_curve25519_export_key_raw_ex().
- */
- static int test_wc_curve25519_export_key_raw_ex (void)
- {
- #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
- curve25519_key key;
- WC_RNG rng;
- byte privateKey[CURVE25519_KEYSIZE];
- byte publicKey[CURVE25519_KEYSIZE];
- word32 prvkSz;
- word32 pubkSz;
- byte prik[CURVE25519_KEYSIZE];
- byte pubk[CURVE25519_KEYSIZE];
- word32 prksz;
- word32 pbksz;
- printf(testingFmt, "wc_curve25519_export_key_raw_ex()");
- if(0 != wc_InitRng(&rng)){
- printf(testingFmt, "failed due to wc_InitRng");
- fflush( stdout );
- return 1;
- }
- if(0 != wc_curve25519_init(&key)){
- printf(testingFmt, "failed due to wc_curve25519_init");
- fflush( stdout );
- wc_FreeRng(&rng);
- return 1;
- }
- if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
- printf(testingFmt, "failed due to wc_curve25519_make_key");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- /*
- bad-argument-test cases
- target function sould return BAD_FUNC_ARG
- */
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey,
- &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-1.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL,
- &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-2.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey,
- NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-3.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
- &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-4.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
- &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-5.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey,
- &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-6.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL, &prvkSz,
- publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-7.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
- NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-8.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
- &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-9.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
- &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)){
- printf(testingFmt,"failed at bad-arg-case-10.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- /* illegal value for endien */
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
- &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10 )){
- printf(testingFmt,"failed at bad-arg-case-11.");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- /*
- cross-testing
- */
- prksz = CURVE25519_KEYSIZE;
- if(0 != wc_curve25519_export_private_raw( &key, prik, &prksz )){
- printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- pbksz = CURVE25519_KEYSIZE;
- if(0 != wc_curve25519_export_public( &key, pubk, &pbksz )){
- printf(testingFmt,"failed due to wc_curve25519_export_public");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if(0 != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
- publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {
- printf(testingFmt,"failed due to wc_curve25519_export_key_raw_ex");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- if( prksz == CURVE25519_KEYSIZE &&
- pbksz == CURVE25519_KEYSIZE &&
- prvkSz == CURVE25519_KEYSIZE &&
- pubkSz == CURVE25519_KEYSIZE ){
- if( 0 == XMEMCMP( privateKey, prik, CURVE25519_KEYSIZE ) &&
- 0 == XMEMCMP( publicKey, pubk, CURVE25519_KEYSIZE )){
- if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
- &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
- if( prvkSz == CURVE25519_KEYSIZE &&
- pubkSz == CURVE25519_KEYSIZE ){
- ; /* proceed to the next test */
- }
- else{
- printf(testingFmt,"failed due to key-size-inconsistency");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- }
- else{
- printf(testingFmt,
- "failed due to wc_curve25519_export_key_raw_ex");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- }
- else{
- printf(testingFmt,"failed due to key-contents-inconsistency");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- }
- else{
- printf(testingFmt,"failed due to bad-key-size");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- /*
- try once with another endian
- */
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
- &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
- if( prvkSz == CURVE25519_KEYSIZE &&
- pubkSz == CURVE25519_KEYSIZE ){
- /* no more test*/
- printf(resultFmt, passed );
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 0;
- }
- else{
- printf(testingFmt,"failed due to key-size-inconsistency");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- }
- else{
- printf(testingFmt,
- "failed due to wc_curve25519_export_key_raw_ex(BIGENDIAN)");
- fflush( stdout );
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- return 1;
- }
- #endif
- return 0;
- } /* end of test_wc_curve25519_export_key_raw_ex */
- /*
- * Testing wc_curve25519_make_key
- */
- static int test_wc_curve25519_make_key (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- WC_RNG rng;
- curve25519_key key;
- int keysize;
- printf(testingFmt, "wc_curve25519_make_key()");
- ret = wc_curve25519_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
- if (ret == 0) {
- keysize = wc_curve25519_size(&key);
- if (keysize != CURVE25519_KEYSIZE) {
- ret = SSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, keysize, &key);
- }
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve25519_make_key(NULL, 0, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, keysize, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(NULL, keysize, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, 0, &key);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve25519_make_key*/
- /*
- * Testing wc_curve25519_shared_secret_ex
- */
- static int test_wc_curve25519_shared_secret_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- WC_RNG rng;
- curve25519_key private_key, public_key;
- byte out[CURVE25519_KEYSIZE];
- word32 outLen = sizeof(out);
- int endian = EC25519_BIG_ENDIAN;
- printf(testingFmt, "wc_curve25519_shared_secret_ex()");
- ret = wc_curve25519_init(&private_key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key);
- }
- if (ret == 0) {
- ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian);
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL,
- 0, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- /*curve25519.c is checking for public_key size less than or equal to 0x7f,
- *increasing to 0x8f checks for error being returned*/
- public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
- ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- outLen = outLen - 2;
- if (ret == 0) {
- ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&private_key);
- wc_curve25519_free(&public_key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve25519_shared_secret_ex*/
- /*
- * Testing wc_curve25519_make_pub
- */
- static int test_wc_curve25519_make_pub (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- WC_RNG rng;
- curve25519_key key;
- byte out[CURVE25519_KEYSIZE];
- printf(testingFmt, "wc_curve25519_make_pub()");
- ret = wc_curve25519_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve25519_make_pub((int)sizeof key.k.point - 1, key.k.point, (int)sizeof out, out);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, NULL);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof key.k.point, key.k.point);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof key.k.point, key.k.point);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- /* verify clamping test */
- key.k.point[0] |= ~248;
- ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- key.k.point[0] &= 248;
- }
- /* repeat the expected-to-succeed test. */
- if (ret == 0) {
- ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve25519_make_pub */
- /*
- * Testing test_wc_curve25519_export_public_ex
- */
- static int test_wc_curve25519_export_public_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- WC_RNG rng;
- curve25519_key key;
- byte out[CURVE25519_KEYSIZE];
- word32 outLen = sizeof(out);
- int endian = EC25519_BIG_ENDIAN;
- printf(testingFmt, "wc_curve25519_export_public_ex()");
- ret = wc_curve25519_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
- if (ret == 0) {
- ret = wc_curve25519_export_public(&key, out, &outLen);
- }
- if (ret == 0) {
- ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
- }
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_export_public_ex(&key, out, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- outLen = outLen - 2;
- if (ret == 0) {
- ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve25519_export_public_ex*/
- /*
- * Testing test_wc_curve25519_import_private_raw_ex
- */
- static int test_wc_curve25519_import_private_raw_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- WC_RNG rng;
- curve25519_key key;
- byte priv[CURVE25519_KEYSIZE];
- byte pub[CURVE25519_KEYSIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- int endian = EC25519_BIG_ENDIAN;
- printf(testingFmt, "wc_curve25519_import_private_raw_ex()");
- ret = wc_curve25519_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian);
- }
- if (ret == 0) {
- ret = wc_curve25519_export_public(&key, pub, &pubSz);
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, endian);
- }
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
- endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
- &key, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
- &key, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
- NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
- &key, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
- &key, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, EC25519_LITTLE_ENDIAN);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve25519_import_private_raw_ex*/
- /*
- * Testing test_wc_curve25519_import_private
- */
- static int test_wc_curve25519_import_private (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- WC_RNG rng;
- byte priv[CURVE25519_KEYSIZE];
- word32 privSz = sizeof(priv);
- printf(testingFmt, "wc_curve25519_import_private()");
- ret = wc_curve25519_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw(&key, priv, &privSz);
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_import_private(priv, privSz, &key);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve25519_import*/
- /*
- * Testing test_wc_curve25519_export_private_raw_ex
- */
- static int test_wc_curve25519_export_private_raw_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE25519)
- WC_RNG rng;
- curve25519_key key;
- byte out[CURVE25519_KEYSIZE];
- word32 outLen = sizeof(out);
- int endian = EC25519_BIG_ENDIAN;
- printf(testingFmt, "wc_curve25519_export_private_raw_ex()");
- ret = wc_curve25519_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen,
- EC25519_LITTLE_ENDIAN);
- }
- outLen = outLen - 2;
- if (ret == 0) {
- ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve25519_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- }/*END test_wc_curve25519_export_private_raw_ex*/
- /*
- * Testing wc_ed448_make_key().
- */
- static int test_wc_ed448_make_key (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448)
- ed448_key key;
- WC_RNG rng;
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed448_init(&key);
- }
- printf(testingFmt, "wc_ed448_make_key()");
- if (ret == 0) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed448_make_key */
- /*
- * Testing wc_ed448_init()
- */
- static int test_wc_ed448_init (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448)
- ed448_key key;
- printf(testingFmt, "wc_ed448_init()");
- ret = wc_ed448_init(&key);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed448_init(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ed448_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed448_init */
- /*
- * Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
- */
- static int test_wc_ed448_sign_msg (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
- WC_RNG rng;
- ed448_key key;
- byte msg[] = "Everybody gets Friday off.\n";
- byte sig[ED448_SIG_SIZE];
- word32 msglen = sizeof(msg);
- word32 siglen = sizeof(sig);
- word32 badSigLen = sizeof(sig) - 1;
- int verify_ok = 0; /*1 = Verify success.*/
- /* Initialize stack variables. */
- XMEMSET(sig, 0, siglen);
- /* Initialize key. */
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed448_init(&key);
- if (ret == 0) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- }
- }
- printf(testingFmt, "wc_ed448_sign_msg()");
- if (ret == 0) {
- ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0);
- }
- /* Test bad args. */
- if (ret == 0 && siglen == ED448_SIG_SIZE) {
- ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key,
- NULL, 0);
- }
- if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) {
- badSigLen -= 1;
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- } /* END sign */
- printf(resultFmt, ret == 0 ? passed : failed);
- #ifdef HAVE_ED448_VERIFY
- printf(testingFmt, "wc_ed448_verify_msg()");
- if (ret == 0) {
- ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
- &key, NULL, 0);
- if (ret == 0 && verify_ok == 1) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- /* Test bad args. */
- if (ret == 0) {
- AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg,
- msglen, &verify_ok, &key,
- NULL, 0),
- BAD_FUNC_ARG);
- AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg,
- msglen, &verify_ok, &key,
- NULL, 0),
- BAD_FUNC_ARG);
- ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
- &key, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen,
- &verify_ok, &key, NULL, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
- NULL, &key, NULL, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
- &verify_ok, NULL, NULL, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen,
- &verify_ok, &key, NULL, 0);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- } /* END verify. */
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* Verify. */
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed448_sign_msg */
- /*
- * Testing wc_ed448_import_public()
- */
- static int test_wc_ed448_import_public (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
- WC_RNG rng;
- ed448_key pubKey;
- const byte in[] =
- "Ed448PublicKeyUnitTest.................................\n";
- word32 inlen = sizeof(in);
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed448_init(&pubKey);
- if (ret == 0) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey);
- }
- }
- printf(testingFmt, "wc_ed448_import_public()");
- if (ret == 0) {
- ret = wc_ed448_import_public(in, inlen, &pubKey);
- if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
- ret = 0;
- } else {
- ret = SSL_FATAL_ERROR;
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed448_import_public(NULL, inlen, &pubKey);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_import_public(in, inlen, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_import_public(in, inlen - 1, &pubKey);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&pubKey);
- #endif
- return ret;
- } /* END wc_ed448_import_public */
- /*
- * Testing wc_ed448_import_private_key()
- */
- static int test_wc_ed448_import_private_key (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
- WC_RNG rng;
- ed448_key key;
- const byte privKey[] =
- "Ed448PrivateKeyUnitTest................................\n";
- const byte pubKey[] =
- "Ed448PublicKeyUnitTest.................................\n";
- word32 privKeySz = sizeof(privKey);
- word32 pubKeySz = sizeof(pubKey);
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed448_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- printf(testingFmt, "wc_ed448_import_private_key()");
- if (ret == 0) {
- ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz,
- &key);
- if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
- XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
- ret = SSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
- &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
- pubKeySz, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
- pubKeySz, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz - 1, &key);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed448_import_private_key */
- /*
- * Testing wc_ed448_export_public() and wc_ed448_export_private_only()
- */
- static int test_wc_ed448_export (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- WC_RNG rng;
- ed448_key key;
- byte priv[ED448_PRV_KEY_SIZE];
- byte pub[ED448_PUB_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed448_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- if (ret == 0) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- }
- printf(testingFmt, "wc_ed448_export_public()");
- if (ret == 0) {
- ret = wc_ed448_export_public(&key, pub, &pubSz);
- if (ret == 0 && (pubSz != ED448_KEY_SIZE ||
- XMEMCMP(key.p, pub, pubSz) != 0)) {
- ret = SSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_ed448_export_public(NULL, pub, &pubSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_public(&key, NULL, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_public(&key, pub, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_ed448_export_private_only()");
- if (ret == 0) {
- ret = wc_ed448_export_private_only(&key, priv, &privSz);
- if (ret == 0 && (privSz != ED448_KEY_SIZE ||
- XMEMCMP(key.k, priv, privSz) != 0)) {
- ret = SSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_ed448_export_private_only(NULL, priv, &privSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_private_only(&key, NULL, &privSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_private_only(&key, priv, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed448_export */
- /*
- * Testing wc_ed448_size()
- */
- static int test_wc_ed448_size (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448)
- WC_RNG rng;
- ed448_key key;
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed448_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- wc_ed448_free(&key);
- return ret;
- }
- printf(testingFmt, "wc_ed448_size()");
- ret = wc_ed448_size(&key);
- /* Test bad args. */
- if (ret == ED448_KEY_SIZE) {
- ret = wc_ed448_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_ed448_sig_size()");
- ret = wc_ed448_sig_size(&key);
- if (ret == ED448_SIG_SIZE) {
- ret = 0;
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ed448_sig_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed448_sig_size() */
- if (ret == 0) {
- printf(testingFmt, "wc_ed448_pub_size");
- ret = wc_ed448_pub_size(&key);
- if (ret == ED448_PUB_KEY_SIZE) {
- ret = 0;
- }
- if (ret == 0) {
- ret = wc_ed448_pub_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed448_pub_size */
- if (ret == 0) {
- printf(testingFmt, "wc_ed448_priv_size");
- ret = wc_ed448_priv_size(&key);
- if (ret == ED448_PRV_KEY_SIZE) {
- ret = 0;
- }
- if (ret == 0) {
- ret = wc_ed448_priv_size(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed448_pub_size */
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed448_size */
- /*
- * Testing wc_ed448_export_private() and wc_ed448_export_key()
- */
- static int test_wc_ed448_exportKey (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- WC_RNG rng;
- ed448_key key;
- byte priv[ED448_PRV_KEY_SIZE];
- byte pub[ED448_PUB_KEY_SIZE];
- byte privOnly[ED448_PRV_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- word32 privOnlySz = sizeof(privOnly);
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed448_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- wc_ed448_free(&key);
- return ret;
- }
- printf(testingFmt, "wc_ed448_export_private()");
- ret = wc_ed448_export_private(&key, privOnly, &privOnlySz);
- if (ret == 0) {
- ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_private(&key, NULL, &privOnlySz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_private(&key, privOnly, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (ret == 0) {
- printf(testingFmt, "wc_ed448_export_key()");
- ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz);
- if (ret == 0) {
- ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- } /* END wc_ed448_export_key() */
- /* Cross check output. */
- if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
- ret = SSL_FATAL_ERROR;
- }
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&key);
- #endif
- return ret;
- } /* END test_wc_ed448_exportKey */
- /*
- * Testing wc_Ed448PublicKeyToDer
- */
- static int test_wc_Ed448PublicKeyToDer (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- int tmp;
- ed448_key key;
- byte derBuf[1024];
- printf(testingFmt, "wc_Ed448PublicKeyToDer()");
- /* Test bad args */
- tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0);
- if (tmp != BAD_FUNC_ARG) {
- ret = SSL_FATAL_ERROR;
- }
- if (ret == 0) {
- wc_ed448_init(&key);
- tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0);
- if (tmp != BUFFER_E) {
- ret = SSL_FATAL_ERROR;
- }
- wc_ed448_free(&key);
- }
- /* Test good args */
- if (ret == 0) {
- WC_RNG rng;
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed448_init(&key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- return ret;
- }
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- if (ret != 0) {
- wc_FreeRng(&rng);
- wc_ed448_free(&key);
- return ret;
- }
- tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1);
- if (tmp <= 0) {
- ret = SSL_FATAL_ERROR;
- }
- wc_FreeRng(&rng);
- wc_ed448_free(&key);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END testing wc_Ed448PublicKeyToDer */
- /*
- * Testing wc_curve448_init and wc_curve448_free.
- */
- static int test_wc_curve448_init (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- printf(testingFmt, "wc_curve448_init()");
- ret = wc_curve448_init(&key);
- /* Test bad args for wc_curve448_init */
- if (ret == 0) {
- ret = wc_curve448_init(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = SSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- /* Test good args for wc_curve_448_free */
- wc_curve448_free(&key);
- wc_curve448_free(NULL);
- #endif
- return ret;
- } /* END test_wc_curve448_init and wc_curve_448_free*/
- /*
- * Testing wc_curve448_make_key
- */
- static int test_wc_curve448_make_key (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- WC_RNG rng;
- curve448_key key;
- int keysize;
- printf(testingFmt, "wc_curve448_make_key()");
- ret = wc_curve448_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
- if (ret == 0) {
- keysize = wc_curve448_size(&key);
- if (keysize != CURVE448_KEY_SIZE) {
- ret = SSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, keysize, &key);
- }
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve448_make_key(NULL, 0, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, keysize, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(NULL, keysize, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, 0, &key);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (wc_FreeRng(&rng) != 0 && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&key);
- #endif
- return ret;
- } /*END test_wc_curve448_make_key*/
- /*
- * Testing test_wc_curve448_shared_secret_ex
- */
- static int test_wc_curve448_shared_secret_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- WC_RNG rng;
- curve448_key private_key, public_key;
- byte out[CURVE448_KEY_SIZE];
- word32 outLen = sizeof(out);
- int endian = EC448_BIG_ENDIAN;
- printf(testingFmt, "wc_curve448_shared_secret_ex()");
- ret = wc_curve448_init(&private_key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key);
- }
- }
- if (ret == 0) {
- ret = wc_curve448_init(&public_key);
- }
- if (ret == 0) {
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key);
- }
- }
- if (ret == 0) {
- ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian);
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL,
- 0, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_shared_secret_ex(NULL, &public_key, out,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_shared_secret_ex(&private_key, NULL, out,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
- NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- outLen = outLen - 2;
- if (ret == 0) {
- ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&private_key);
- wc_curve448_free(&public_key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve448_shared_secret_ex*/
- /*
- * Testing test_wc_curve448_export_public_ex
- */
- static int test_wc_curve448_export_public_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- WC_RNG rng;
- curve448_key key;
- byte out[CURVE448_KEY_SIZE];
- word32 outLen = sizeof(out);
- int endian = EC448_BIG_ENDIAN;
- printf(testingFmt, "wc_curve448_export_public_ex()");
- ret = wc_curve448_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
- if (ret == 0){
- ret = wc_curve448_export_public(&key, out, &outLen);
- }
- if (ret == 0) {
- ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
- }
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_export_public_ex(&key, out, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- outLen = outLen - 2;
- if (ret == 0) {
- ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve448_export_public_ex*/
- /*
- * Testing test_wc_curve448_export_private_raw_ex
- */
- static int test_wc_curve448_export_private_raw_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- WC_RNG rng;
- curve448_key key;
- byte out[CURVE448_KEY_SIZE];
- word32 outLen = sizeof(out);
- int endian = EC448_BIG_ENDIAN;
- printf(testingFmt, "wc_curve448_export_private_raw_ex()");
- ret = wc_curve448_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_export_private_raw_ex(&key, out, &outLen,
- EC448_LITTLE_ENDIAN);
- }
- outLen = outLen - 2;
- if (ret == 0) {
- ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- }/*END test_wc_curve448_export_private_raw_ex*/
- /*
- * Testing test_wc_curve448_import_private_raw_ex
- */
- static int test_wc_curve448_import_private_raw_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- WC_RNG rng;
- curve448_key key;
- byte priv[CURVE448_KEY_SIZE];
- byte pub[CURVE448_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- int endian = EC448_BIG_ENDIAN;
- printf(testingFmt, "wc_curve448_import_private_raw_ex()");
- ret = wc_curve448_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
- if (ret == 0){
- ret = wc_curve448_export_private_raw(&key, priv, &privSz);
- }
- if (ret == 0){
- ret = wc_curve448_export_public(&key, pub, &pubSz);
- }
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, endian);
- }
- }
- /*test bad cases*/
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
- &key, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
- &key, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
- NULL, endian);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
- &key, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
- &key, endian);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, EC448_LITTLE_ENDIAN);
- }
- if (wc_FreeRng(&rng) != 0 && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&key);
- #endif
- return ret;
- } /*END test_wc_curve448_import_private_raw_ex*/
- /*
- * Testing test_curve448_export_key_raw
- */
- static int test_wc_curve448_export_key_raw (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- WC_RNG rng;
- curve448_key key;
- byte priv[CURVE448_KEY_SIZE];
- byte pub[CURVE448_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- printf(testingFmt, "wc_curve448_export_key_raw()");
- ret = wc_curve448_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
- if (ret == 0) {
- ret = wc_curve448_export_private_raw(&key, priv, &privSz);
- }
- if (ret == 0) {
- ret = wc_curve448_export_public(&key, pub, &pubSz);
- }
- if (ret == 0) {
- ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz);
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- }/*END test_wc_curve448_import_private_raw_ex*/
- /*
- * Testing test_wc_curve448_import_private
- */
- static int test_wc_curve448_import_private (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- WC_RNG rng;
- byte priv[CURVE448_KEY_SIZE];
- word32 privSz = sizeof(priv);
- printf(testingFmt, "wc_curve448_import_private()");
- ret = wc_curve448_init(&key);
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
- if (ret == 0) {
- ret = wc_curve448_export_private_raw(&key, priv, &privSz);
- }
- }
- if (ret == 0) {
- ret = wc_curve448_import_private(priv, privSz, &key);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&key);
- wc_FreeRng(&rng);
- #endif
- return ret;
- } /*END test_wc_curve448_import*/
- /*
- * Testing test_wc_curve448_size.
- */
- static int test_wc_curve448_size (void)
- {
- int ret = 0;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- printf(testingFmt, "wc_curve448_size()");
- ret = wc_curve448_init(&key);
- /* Test good args for wc_curve448_size */
- if (ret == 0) {
- ret = wc_curve448_size(&key);
- }
- /* Test bad args for wc_curve448_size */
- if (ret != 0) {
- ret = wc_curve448_size(NULL);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_curve448_free(&key);
- #endif
- return ret;
- } /* END test_wc_curve448_size*/
- /*
- * Testing wc_ecc_make_key.
- */
- static int test_wc_ecc_make_key (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecc_key key;
- printf(testingFmt, "wc_ecc_make_key()");
- ret = wc_InitRng(&rng);
- if (ret != 0)
- return ret;
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_ecc_make_key(NULL, KEY14, &key);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_make_key(&rng, KEY14, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_ecc_free(&key);
- }
- if (wc_FreeRng(&rng) != 0 && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_ecc_make_key */
- /*
- * Testing wc_ecc_init()
- */
- static int test_wc_ecc_init (void)
- {
- int ret = 0;
- #ifdef HAVE_ECC
- ecc_key key;
- printf(testingFmt, "wc_ecc_init()");
- ret = wc_ecc_init(&key);
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_ecc_init(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ecc_free(&key);
- #endif
- return ret;
- } /* END test_wc_ecc_init */
- /*
- * Testing wc_ecc_check_key()
- */
- static int test_wc_ecc_check_key (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecc_key key;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- }
- }
- printf(testingFmt, "wc_ecc_check_key()");
- if (ret == 0) {
- ret = wc_ecc_check_key(&key);
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_ecc_check_key(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END test_wc_ecc_check_key */
- /*
- * Testing wc_ecc_get_generator()
- */
- static int test_wc_ecc_get_generator(void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
- ecc_point* pt;
- printf(testingFmt, "wc_ecc_new_point()");
- pt = wc_ecc_new_point();
- if (!pt) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(testingFmt, "wc_ecc_get_generator()");
- if (ret == 0) {
- ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1));
- }
- /* Test bad args. */
- if (ret == MP_OKAY) {
- /* Returns Zero for bad arg. */
- ret = wc_ecc_get_generator(pt, -1);
- if (ret != MP_OKAY)
- wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1));
- if (ret != MP_OKAY)
- wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves
- * increase this number */
- if (ret != MP_OKAY)
- wc_ecc_get_generator(NULL, -1);
- ret = ret == MP_OKAY ? WOLFSSL_FATAL_ERROR : 0;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ecc_del_point(pt);
- #endif
- return ret;
- } /* END test_wc_ecc_get_generator */
- /*
- * Testing wc_ecc_size()
- */
- static int test_wc_ecc_size (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecc_key key;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- }
- }
- printf(testingFmt, "wc_ecc_size()");
- if (ret == 0) {
- ret = wc_ecc_size(&key);
- if (ret == KEY14) {
- ret = 0;
- } else if (ret == 0){
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- /* Returns Zero for bad arg. */
- ret = wc_ecc_size(NULL);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #endif
- return ret;
- } /* END test_wc_ecc_size */
- static void test_wc_ecc_params(void)
- {
- /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
- It was added after certifications */
- #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- const ecc_set_type* ecc_set;
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- /* Test for SECP256R1 curve */
- int curve_id = ECC_SECP256R1;
- int curve_idx = wc_ecc_get_curve_idx(curve_id);
- AssertIntNE(curve_idx, ECC_CURVE_INVALID);
- ecc_set = wc_ecc_get_curve_params(curve_idx);
- AssertNotNull(ecc_set);
- AssertIntEQ(ecc_set->id, curve_id);
- #endif
- /* Test case when SECP256R1 is not enabled */
- /* Test that we get curve params for index 0 */
- ecc_set = wc_ecc_get_curve_params(0);
- AssertNotNull(ecc_set);
- #endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
- }
- /*
- * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
- */
- static int test_wc_ecc_signVerify_hash (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecc_key key;
- int signH = WOLFSSL_FATAL_ERROR;
- #ifdef HAVE_ECC_VERIFY
- int verifyH = WOLFSSL_FATAL_ERROR;
- int verify = 0;
- #endif
- word32 siglen = ECC_BUFSIZE;
- byte sig[ECC_BUFSIZE];
- byte digest[] = "Everyone gets Friday off.";
- word32 digestlen = (word32)XSTRLEN((char*)digest);
- /* Init stack var */
- XMEMSET(sig, 0, siglen);
- XMEMSET(&key, 0, sizeof(key));
- /* Init structs. */
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- }
- }
- printf(testingFmt, "wc_ecc_sign_hash()");
- if (ret == 0) {
- ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key);
- }
- /* Check bad args. */
- if (ret == 0) {
- signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key);
- if (signH == ECC_BAD_ARG_E) {
- signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen,
- &rng, &key);
- }
- if (signH == ECC_BAD_ARG_E) {
- signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL,
- &rng, &key);
- }
- if (signH == ECC_BAD_ARG_E) {
- signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
- NULL, &key);
- }
- if (signH == ECC_BAD_ARG_E) {
- signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
- &rng, NULL);
- }
- if (signH == ECC_BAD_ARG_E) {
- signH = 0;
- } else if (ret == 0) {
- signH = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, signH == 0 ? passed : failed);
- #ifdef HAVE_ECC_VERIFY
- printf(testingFmt, "wc_ecc_verify_hash()");
- ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key);
- if (verify != 1 && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- /* Test bad args. */
- if (ret == 0) {
- verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
- &verify, &key);
- if (verifyH == ECC_BAD_ARG_E) {
- verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen,
- &verify, &key);
- }
- if (verifyH == ECC_BAD_ARG_E) {
- verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
- NULL, &key);
- }
- if (verifyH == ECC_BAD_ARG_E) {
- verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
- &verify, NULL);
- }
- if (verifyH == ECC_BAD_ARG_E) {
- verifyH = 0;
- } else if (ret == 0) {
- verifyH = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, verifyH == 0 ? passed : failed);
- #endif /* HAVE_ECC_VERIFY */
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END test_wc_ecc_sign_hash */
- /*
- * Testing wc_ecc_shared_secret()
- */
- static int test_wc_ecc_shared_secret (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
- ecc_key key, pubKey;
- WC_RNG rng;
- int keySz = KEY16;
- byte out[KEY16];
- word32 outlen = (word32)sizeof(out);
- /* Initialize variables. */
- XMEMSET(out, 0, keySz);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- XMEMSET(&pubKey, 0, sizeof(pubKey));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_init(&pubKey);
- }
- }
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &key);
- }
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &pubKey);
- }
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- if (ret == 0) {
- ret = wc_ecc_set_rng(&key, &rng);
- }
- #endif
- printf(testingFmt, "wc_ecc_shared_secret()");
- if (ret == 0) {
- ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_shared_secret(&key, NULL, out, &outlen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- wc_ecc_free(&pubKey);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END tests_wc_ecc_shared_secret */
- /*
- * testint wc_ecc_export_x963()
- */
- static int test_wc_ecc_export_x963 (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- byte out[ECC_ASN963_MAX_BUF_SZ];
- word32 outlen = sizeof(out);
- /* Initialize variables. */
- XMEMSET(out, 0, outlen);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY20, &key);
- }
- }
- printf(testingFmt, "wc_ecc_export_x963()");
- if (ret == 0) {
- ret = wc_ecc_export_x963(&key, out, &outlen);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_export_x963(NULL, out, &outlen);
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_export_x963(&key, NULL, &outlen);
- }
- if (ret == LENGTH_ONLY_E) {
- ret = wc_ecc_export_x963(&key, out, NULL);
- }
- if (ret == ECC_BAD_ARG_E) {
- key.idx = -4;
- ret = wc_ecc_export_x963(&key, out, &outlen);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END test_wc_ecc_export_x963 */
- /*
- * Testing wc_ecc_export_x963_ex()
- * compile with --enable-compkey will use compression.
- */
- static int test_wc_ecc_export_x963_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- byte out[ECC_ASN963_MAX_BUF_SZ];
- word32 outlen = sizeof(out);
- #ifdef HAVE_COMP_KEY
- word32 badOutLen = 5;
- #endif
- /* Init stack variables. */
- XMEMSET(out, 0, outlen);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY64, &key);
- }
- }
- printf(testingFmt, "wc_ecc_export_x963_ex()");
- #ifdef HAVE_COMP_KEY
- if (ret == 0) {
- ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
- }
- #else
- if (ret == 0) {
- ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
- }
- #endif
- /* Test bad args. */
- #ifdef HAVE_COMP_KEY
- if (ret == 0) {
- ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP);
- }
- if (ret == BUFFER_E) {
- key.idx = -4;
- ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #else
- if (ret == 0) {
- ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1);
- }
- if (ret == NOT_COMPILED_IN) {
- ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP);
- }
- if (ret == BAD_FUNC_ARG) {
- key.idx = -4;
- ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- #endif
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END test_wc_ecc_export_x963_ex */
- /*
- * testing wc_ecc_import_x963()
- */
- static int test_wc_ecc_import_x963 (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
- defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key pubKey, key;
- WC_RNG rng;
- byte x963[ECC_ASN963_MAX_BUF_SZ];
- word32 x963Len = (word32)sizeof(x963);
- /* Init stack variables. */
- XMEMSET(x963, 0, x963Len);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- XMEMSET(&pubKey, 0, sizeof(pubKey));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&pubKey);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- }
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY24, &key);
- }
- if (ret == 0) {
- ret = wc_ecc_export_x963(&key, x963, &x963Len);
- }
- }
- printf(testingFmt, "wc_ecc_import_x963()");
- if (ret == 0) {
- ret = wc_ecc_import_x963(x963, x963Len, &pubKey);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_import_x963(NULL, x963Len, &pubKey);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_x963(x963, x963Len, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- wc_ecc_free(&pubKey);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END wc_ecc_import_x963 */
- /*
- * testing wc_ecc_import_private_key()
- */
- static int ecc_import_private_key (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
- defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key, keyImp;
- WC_RNG rng;
- byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
- byte x963Key[ECC_ASN963_MAX_BUF_SZ];
- word32 privKeySz = (word32)sizeof(privKey);
- word32 x963KeySz = (word32)sizeof(x963Key);
- /* Init stack variables. */
- XMEMSET(privKey, 0, privKeySz);
- XMEMSET(x963Key, 0, x963KeySz);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- XMEMSET(&keyImp, 0, sizeof(keyImp));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_init(&keyImp);
- }
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY48, &key);
- }
- if (ret == 0) {
- ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz);
- }
- if (ret == 0) {
- ret = wc_ecc_export_private_only(&key, privKey, &privKeySz);
- }
- }
- printf(testingFmt, "wc_ecc_import_private_key()");
- if (ret == 0) {
- ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
- x963KeySz, &keyImp);
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
- x963KeySz, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key,
- x963KeySz, &keyImp);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- wc_ecc_free(&keyImp);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END wc_ecc_import_private_key */
- /*
- * Testing wc_ecc_export_private_only()
- */
- static int test_wc_ecc_export_private_only (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- byte out[ECC_PRIV_KEY_BUF];
- word32 outlen = sizeof(out);
- /* Init stack variables. */
- XMEMSET(out, 0, outlen);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY32, &key);
- }
- }
- printf(testingFmt, "wc_ecc_export_private_only()");
- if (ret == 0) {
- ret = wc_ecc_export_private_only(&key, out, &outlen);
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_ecc_export_private_only(NULL, out, &outlen);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_export_private_only(&key, NULL, &outlen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_export_private_only(&key, out, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END test_wc_ecc_export_private_only */
- /*
- * Testing wc_ecc_rs_to_sig()
- */
- static int test_wc_ecc_rs_to_sig (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(NO_ASN)
- /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
- const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
- const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
- byte sig[ECC_MAX_SIG_SIZE];
- word32 siglen = (word32)sizeof(sig);
- /*R and S max size is the order of curve. 2^192.*/
- int keySz = KEY24;
- byte r[KEY24];
- byte s[KEY24];
- word32 rlen = (word32)sizeof(r);
- word32 slen = (word32)sizeof(s);
- /* Init stack variables. */
- XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
- XMEMSET(r, 0, keySz);
- XMEMSET(s, 0, keySz);
- printf(testingFmt, "wc_ecc_rs_to_sig()");
- ret = wc_ecc_rs_to_sig(R, S, sig, &siglen);
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen);
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_rs_to_sig(R, S, sig, NULL);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_ecc_sig_to_rs()");
- if (ret == 0) {
- ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen);
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_ecc_rs_to_sig */
- static int test_wc_ecc_import_raw(void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(NO_ECC256)
- ecc_key key;
- const char* qx =
- "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
- const char* qy =
- "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
- const char* d =
- "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
- const char* curveName = "SECP256R1";
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- const char* kNullStr = "";
- #endif
- ret = wc_ecc_init(&key);
- printf(testingFmt, "wc_ecc_import_raw()");
- if (ret == 0) {
- ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_raw(&key, qx, qy, d, NULL);
- }
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- if (ret == BAD_FUNC_ARG) {
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
- wc_ecc_free(&key);
- #endif
- ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName);
- if (ret == ECC_INF_E)
- ret = BAD_FUNC_ARG; /* This is expected by other tests */
- }
- #endif
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- if (ret == BAD_FUNC_ARG) {
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
- wc_ecc_free(&key);
- #endif
- ret = wc_ecc_import_raw(&key, "0", qy, d, curveName);
- }
- if (ret == BAD_FUNC_ARG) {
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
- wc_ecc_free(&key);
- #endif
- ret = wc_ecc_import_raw(&key, qx, "0", d, curveName);
- }
- #endif
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ecc_free(&key);
- #endif
- return ret;
- } /* END test_wc_ecc_import_raw */
- static int test_wc_ecc_import_unsigned(void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
- ecc_key key;
- const byte qx[] = {
- 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
- 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
- 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
- 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
- };
- const byte qy[] = {
- 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
- 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
- 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
- 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
- };
- const byte d[] = {
- 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
- 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
- 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
- 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
- };
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- const byte nullBytes[32] = {0};
- #endif
- int curveId = ECC_SECP256R1;
- ret = wc_ecc_init(&key);
- printf(testingFmt, "wc_ecc_import_unsigned()");
- if (ret == 0) {
- ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
- curveId);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
- curveId);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
- curveId);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
- curveId);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
- ECC_CURVE_INVALID);
- }
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
- (byte*)nullBytes, (byte*)nullBytes, curveId);
- }
- #endif
- if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ecc_free(&key);
- #endif
- return ret;
- } /* END test_wc_ecc_import_unsigned */
- /*
- * Testing wc_ecc_sig_size()
- */
- static int test_wc_ecc_sig_size (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int keySz = KEY16;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &key);
- }
- }
- printf(testingFmt, "wc_ecc_sig_size()");
- if (ret == 0) {
- ret = wc_ecc_sig_size(&key);
- if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #endif
- return ret;
- } /* END test_wc_ecc_sig_size */
- /*
- * Testing wc_ecc_ctx_new()
- */
- static int test_wc_ecc_ctx_new (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecEncCtx* cli = NULL;
- ecEncCtx* srv = NULL;
- ret = wc_InitRng(&rng);
- printf(testingFmt, "wc_ecc_ctx_new()");
- if (ret == 0) {
- cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
- srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
- }
- if (ret == 0 && (cli == NULL || srv == NULL)) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_ctx_free(cli);
- wc_ecc_ctx_free(srv);
- /* Test bad args. */
- if (ret == 0) {
- /* wc_ecc_ctx_new_ex() will free if returned NULL. */
- cli = wc_ecc_ctx_new(0, &rng);
- if (cli != NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL);
- if (cli != NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_ctx_free(cli);
- #endif
- return ret;
- } /* END test_wc_ecc_ctx_new */
- /*
- * Tesing wc_ecc_reset()
- */
- static int test_wc_ecc_ctx_reset (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- ecEncCtx* ctx = NULL;
- WC_RNG rng;
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(testingFmt, "wc_ecc_ctx_reset()");
- if (ret == 0) {
- ret = wc_ecc_ctx_reset(ctx, &rng);
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_ecc_ctx_reset(NULL, &rng);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_ctx_reset(ctx, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_ctx_free(ctx);
- #endif
- return ret;
- } /* END test_wc_ecc_ctx_reset */
- /*
- * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
- */
- static int test_wc_ecc_ctx_set_peer_salt (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecEncCtx* cliCtx = NULL;
- ecEncCtx* servCtx = NULL;
- const byte* cliSalt = NULL;
- const byte* servSalt = NULL;
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) ||
- ( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(testingFmt, "wc_ecc_ctx_get_own_salt()");
- /* Test bad args. */
- if (ret == 0) {
- cliSalt = wc_ecc_ctx_get_own_salt(NULL);
- if (cliSalt != NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- cliSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- servSalt = wc_ecc_ctx_get_own_salt(servCtx);
- if (cliSalt == NULL || servSalt == NULL) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_ecc_ctx_set_peer_salt()");
- if (ret == 0) {
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_ctx_free(cliCtx);
- wc_ecc_ctx_free(servCtx);
- #endif
- return ret;
- } /* END test_wc_ecc_ctx_set_peer_salt */
- /*
- * Testing wc_ecc_ctx_set_info()
- */
- static int test_wc_ecc_ctx_set_info (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- ecEncCtx* ctx = NULL;
- WC_RNG rng;
- const char* optInfo = "Optional Test Info.";
- int optInfoSz = (int)XSTRLEN(optInfo);
- const char* badOptInfo = NULL;
- ret = wc_InitRng(&rng);
- if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(testingFmt, "wc_ecc_ctx_set_info()");
- if (ret == 0) {
- ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_ctx_free(ctx);
- #endif
- return ret;
- } /* END test_wc_ecc_ctx_set_info */
- /*
- * Testing wc_ecc_encrypt() and wc_ecc_decrypt()
- */
- static int test_wc_ecc_encryptDecrypt (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \
- && !defined(WC_NO_RNG)
- ecc_key srvKey, cliKey;
- WC_RNG rng;
- const char* msg = "EccBlock Size 16";
- word32 msgSz = (word32)XSTRLEN(msg);
- byte out[XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
- word32 outSz = (word32)sizeof(out);
- byte plain[XSTRLEN(msg) + 1];
- word32 plainSz = (word32)sizeof(plain);
- int keySz = KEY20;
- /* Init stack variables. */
- XMEMSET(out, 0, outSz);
- XMEMSET(plain, 0, plainSz);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&srvKey, 0, sizeof(srvKey));
- XMEMSET(&cliKey, 0, sizeof(cliKey));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&cliKey);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &cliKey);
- }
- if (ret == 0) {
- ret = wc_ecc_init(&srvKey);
- }
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &srvKey);
- }
- }
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- if (ret == 0) {
- ret = wc_ecc_set_rng(&srvKey, &rng);
- }
- if (ret == 0) {
- ret = wc_ecc_set_rng(&cliKey, &rng);
- }
- #endif
- printf(testingFmt, "wc_ecc_encrypt()");
- if (ret == 0) {
- ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
- &outSz, NULL);
- }
- if (ret == 0) {
- ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out,
- &outSz, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out,
- &outSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out,
- &outSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
- &outSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
- NULL, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_ecc_decrypt()");
- if (ret == 0) {
- ret = wc_ecc_decrypt(&srvKey, &cliKey, out, outSz, plain,
- &plainSz, NULL);
- }
- if (ret == 0) {
- ret = wc_ecc_decrypt(NULL, &cliKey, out, outSz, plain,
- &plainSz, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain,
- &plainSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_decrypt(&srvKey, &cliKey, NULL, outSz, plain,
- &plainSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_decrypt(&srvKey, &cliKey, out, outSz, NULL,
- &plainSz, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_decrypt(&srvKey, &cliKey, out, outSz,
- plain, NULL, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (XMEMCMP(msg, plain, msgSz) != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&cliKey);
- wc_ecc_free(&srvKey);
- #endif
- return ret;
- } /* END test_wc_ecc_encryptDecrypt */
- /*
- * Testing wc_ecc_del_point() and wc_ecc_new_point()
- */
- static int test_wc_ecc_del_point (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC)
- ecc_point* pt;
- printf(testingFmt, "wc_ecc_new_point()");
- pt = wc_ecc_new_point();
- if (!pt) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ecc_del_point(pt);
- #endif
- return ret;
- } /* END test_wc_ecc_del_point */
- /*
- * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
- * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
- * and wc_ecc_cmp_point()
- */
- static int test_wc_ecc_pointFns (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A)
- ecc_key key;
- WC_RNG rng;
- ecc_point* point = NULL;
- ecc_point* cpypt = NULL;
- int idx = 0;
- int keySz = KEY32;
- byte der[DER_SZ(KEY32)];
- word32 derlenChk = 0;
- word32 derSz = DER_SZ(KEY32);
- /* Init stack variables. */
- XMEMSET(der, 0, derSz);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &key);
- }
- }
- if (ret == 0) {
- point = wc_ecc_new_point();
- if (!point) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- cpypt = wc_ecc_new_point();
- if (!cpypt) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Export */
- printf(testingFmt, "wc_ecc_export_point_der()");
- if (ret == 0) {
- ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
- NULL, &derlenChk);
- /* Check length value. */
- if (derSz == derlenChk && ret == LENGTH_ONLY_E) {
- ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
- der, &derSz);
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz);
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
- der, NULL);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- /* Import */
- printf(testingFmt, "wc_ecc_import_point_der()");
- if (ret == 0) {
- ret = wc_ecc_import_point_der(der, derSz, idx, point);
- /* Condition double checks wc_ecc_cmp_point(). */
- if (ret == 0 && XMEMCMP(&key.pubkey, point, sizeof(key.pubkey))) {
- ret = wc_ecc_cmp_point(&key.pubkey, point);
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_import_point_der(NULL, derSz, idx, point);
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_import_point_der(der, derSz, idx, NULL);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_import_point_der(der, derSz, -1, point);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_import_point_der(der, derSz + 1, idx, point);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- /* Copy */
- printf(testingFmt, "wc_ecc_copy_point()");
- if (ret == 0) {
- ret = wc_ecc_copy_point(point, cpypt);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_copy_point(NULL, cpypt);
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_copy_point(point, NULL);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_ecc_cmp_point()");
- /* Compare point */
- if (ret == 0) {
- ret = wc_ecc_cmp_point(point, cpypt);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_cmp_point(NULL, cpypt);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_cmp_point(point, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wc_ecc_point_is_at_infinity()");
- /* At infinity if return == 1, otherwise return == 0. */
- if (ret == 0) {
- ret = wc_ecc_point_is_at_infinity(point);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_point_is_at_infinity(NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #ifdef USE_ECC_B_PARAM
- printf(testingFmt, "wc_ecc_point_is_on_curve()");
- /* On curve if ret == 0 */
- if (ret == 0) {
- ret = wc_ecc_point_is_on_curve(point, idx);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_point_is_on_curve(NULL, idx);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_point_is_on_curve(point, 1000);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* USE_ECC_B_PARAM */
- /* Free */
- wc_ecc_del_point(point);
- wc_ecc_del_point(cpypt);
- wc_ecc_free(&key);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- #endif
- return ret;
- } /* END test_wc_ecc_pointFns */
- /*
- * Testing wc_ecc_sahred_secret_ssh()
- */
- static int test_wc_ecc_shared_secret_ssh (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A)
- ecc_key key, key2;
- WC_RNG rng;
- int keySz = KEY32;
- int key2Sz = KEY24;
- byte secret[KEY32];
- word32 secretLen = keySz;
- /* Init stack variables. */
- XMEMSET(secret, 0, secretLen);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- XMEMSET(&key2, 0, sizeof(key2));
- /* Make keys */
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &key);
- }
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key2);
- }
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, key2Sz, &key2);
- }
- }
- printf(testingFmt, "ecc_shared_secret_ssh()");
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- if (ret == 0) {
- ret = wc_ecc_set_rng(&key, &rng);
- }
- #endif
- if (ret == 0) {
- ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
- }
- /* Pass in bad args. */
- if (ret == 0) {
- ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen);
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL);
- }
- if (ret == BAD_FUNC_ARG) {
- key.type = ECC_PUBLICKEY;
- ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- wc_ecc_free(&key2);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END test_wc_ecc_shared_secret_ssh */
- /*
- * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
- */
- static int test_wc_ecc_verify_hash_ex (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
- && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A)
- ecc_key key;
- WC_RNG rng;
- mp_int r;
- mp_int s;
- unsigned char hash[] = "Everyone gets Friday off.EccSig";
- unsigned char iHash[] = "Everyone gets Friday off.......";
- unsigned char shortHash[] = "Everyone gets Friday off.";
- word32 hashlen = sizeof(hash);
- word32 iHashLen = sizeof(iHash);
- word32 shortHashLen = sizeof(shortHash);
- int keySz = KEY32;
- int sig = WOLFSSL_FATAL_ERROR;
- int ver = WOLFSSL_FATAL_ERROR;
- int verify_ok = 0;
- /* Initialize r and s. */
- ret = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL);
- if (ret != MP_OKAY) {
- return MP_INIT_E;
- }
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, keySz, &key);
- }
- }
- if (ret == 0) {
- ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s);
- if (ret == 0) {
- /* verify_ok should be 1. */
- ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key);
- if (verify_ok != 1 && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- /* verify_ok should be 0 */
- ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen,
- &verify_ok, &key);
- if (verify_ok != 0 && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- if (ret == 0) {
- /* verify_ok should be 0. */
- ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
- &verify_ok, &key);
- if (verify_ok != 0 && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- }
- printf(testingFmt, "wc_ecc_sign_hash_ex()");
- /* Test bad args. */
- if (ret == 0) {
- if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s)
- == ECC_BAD_ARG_E) {
- sig = 0;
- }
- if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s)
- != ECC_BAD_ARG_E) {
- sig = WOLFSSL_FATAL_ERROR;
- }
- if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s)
- != ECC_BAD_ARG_E) {
- sig = WOLFSSL_FATAL_ERROR;
- }
- if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s)
- != ECC_BAD_ARG_E) {
- sig = WOLFSSL_FATAL_ERROR;
- }
- if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL)
- != ECC_BAD_ARG_E) {
- sig = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, sig == 0 ? passed : failed);
- printf(testingFmt, "wc_ecc_verify_hash_ex()");
- /* Test bad args. */
- if (ret == 0) {
- if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key)
- == ECC_BAD_ARG_E) {
- ver = 0;
- }
- if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
- &verify_ok, &key) != ECC_BAD_ARG_E) {
- ver = WOLFSSL_FATAL_ERROR;
- }
- if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
- &key) != ECC_BAD_ARG_E) {
- ver = WOLFSSL_FATAL_ERROR;
- }
- if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
- NULL, &key) != ECC_BAD_ARG_E) {
- ver = WOLFSSL_FATAL_ERROR;
- }
- if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
- &verify_ok, NULL) != ECC_BAD_ARG_E) {
- ver = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ver == 0 ? passed : failed);
- wc_ecc_free(&key);
- mp_free(&r);
- mp_free(&s);
- if (wc_FreeRng(&rng)) {
- return WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0 && (sig != 0 || ver != 0)) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- #endif
- return ret;
- } /* END test_wc_ecc_verify_hash_ex */
- /*
- * Testing wc_ecc_mulmod()
- */
- static int test_wc_ecc_mulmod (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
- !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
- defined(WOLFSSL_VALIDATE_ECC_IMPORT))
- ecc_key key1, key2, key3;
- WC_RNG rng;
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key1);
- if (ret == 0) {
- ret = wc_ecc_init(&key2);
- }
- if (ret == 0) {
- ret = wc_ecc_init(&key3);
- }
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY32, &key1);
- }
- wc_FreeRng(&rng);
- }
- if (ret == 0) {
- ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af,
- ECC_SECP256R1);
- if (ret == 0) {
- ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
- key1.dp->prime, ECC_SECP256R1);
- }
- }
- printf(testingFmt, "wc_ecc_mulmod()");
- if (ret == 0) {
- ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k,
- &key3.k, 1);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k,
- &key3.k, 1);
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k,
- &key3.k, 1);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k,
- &key3.k, 1);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey,
- &key2.k, NULL, 1);
- }
- if (ret == ECC_BAD_ARG_E) {
- ret = 0;
- } else if (ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_ecc_free(&key1);
- wc_ecc_free(&key2);
- wc_ecc_free(&key3);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
- return ret;
- } /* END test_wc_ecc_mulmod */
- /*
- * Testing wc_ecc_is_valid_idx()
- */
- static int test_wc_ecc_is_valid_idx (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int iVal = -2;
- int iVal2 = 3000;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, 32, &key);
- }
- }
- printf(testingFmt, "wc_ecc_is_valid_idx()");
- if (ret == 0) {
- ret = wc_ecc_is_valid_idx(key.idx);
- if (ret == 1) {
- ret = 0;
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */
- if (ret == 0) {
- ret = wc_ecc_is_valid_idx(iVal2);
- }
- if (ret != 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- if (wc_FreeRng(&rng) && ret == 0) {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return ret;
- } /* END test_wc_ecc_is_valid_idx */
- /*
- * Testing ToTraditional
- */
- static int test_ToTraditional (void)
- {
- int ret = 0;
- #if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- XFILE f;
- byte input[TWOK_BUF];
- word32 sz;
- printf(testingFmt, "ToTraditional()");
- f = XFOPEN("./certs/server-keyPkcs8.der", "rb");
- AssertTrue((f != XBADFILE));
- sz = (word32)XFREAD(input, 1, sizeof(input), f);
- XFCLOSE(f);
- /* Good case */
- ret = ToTraditional(input, sz);
- if (ret > 0) {
- ret = 0;
- }
- /* Bad cases */
- if (ret == 0) {
- ret = ToTraditional(NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = ToTraditional(NULL, sz);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = ToTraditional(input, 0);
- if (ret == ASN_PARSE_E) {
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_ToTraditional*/
- /*
- * Testing wc_EccPrivateKeyToDer
- */
- static int test_wc_EccPrivateKeyToDer (void)
- {
- int ret = 0;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- byte output[ONEK_BUF];
- ecc_key eccKey;
- WC_RNG rng;
- word32 inLen;
- printf(testingFmt, "wc_EccPrivateKeyToDer()");
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ecc_init(&eccKey);
- if (ret == 0) {
- ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
- }
- inLen = (word32)sizeof(output);
- /* Bad Cases */
- if (ret == 0) {
- ret = wc_EccPrivateKeyToDer(NULL, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_EccPrivateKeyToDer(NULL, output, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_EccPrivateKeyToDer(&eccKey, output, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- /*Good Case */
- if (ret == 0) {
- ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen);
- if (ret > 0) {
- ret = 0;
- }
- }
- wc_ecc_free(&eccKey);
- }
- wc_FreeRng(&rng);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_wc_EccPrivateKeyToDer*/
- /*
- * Testing wc_Ed25519KeyToDer
- */
- static int test_wc_Ed25519KeyToDer (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed25519_key ed25519Key;
- WC_RNG rng;
- word32 inLen;
-
- printf(testingFmt, "wc_Ed25519KeyToDer()");
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed25519_init(&ed25519Key);
- if (ret == 0) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
- }
- inLen = (word32)sizeof(output);
-
- /* Bad Cases */
- if (ret == 0) {
- ret = wc_Ed25519KeyToDer(NULL, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed25519KeyToDer(NULL, output, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- /* Good Case */
- if (ret == 0) {
- ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen);
- if (ret > 0) {
- ret = 0;
- }
- }
- wc_ed25519_free(&ed25519Key);
- }
- wc_FreeRng(&rng);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_wc_Ed25519KeyToDer*/
- /*
- * Testing wc_Ed25519PrivateKeyToDer
- */
- static int test_wc_Ed25519PrivateKeyToDer (void)
- {
- int ret = 0;
- #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed25519_key ed25519PrivKey;
- WC_RNG rng;
- word32 inLen;
-
- printf(testingFmt, "wc_Ed25519PrivateKeyToDer()");
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed25519_init(&ed25519PrivKey);
- if (ret == 0) {
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey);
- }
- inLen = (word32)sizeof(output);
-
- /* Bad Cases */
- if (ret == 0) {
- ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- /* Good Case */
- if (ret == 0) {
- ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen);
- if (ret > 0) {
- ret = 0;
- }
- }
- wc_ed25519_free(&ed25519PrivKey);
- }
- wc_FreeRng(&rng);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_wc_Ed25519PrivateKeyToDer*/
- /*
- * Testing wc_Ed448KeyToDer
- */
- static int test_wc_Ed448KeyToDer (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed448_key ed448Key;
- WC_RNG rng;
- word32 inLen;
- printf(testingFmt, "wc_Ed448KeyToDer()");
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed448_init(&ed448Key);
- if (ret == 0) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
- }
- inLen = sizeof(output);
-
- /* Bad Cases */
- if (ret == 0) {
- ret = wc_Ed448KeyToDer(NULL, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed448KeyToDer(NULL, output, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed448KeyToDer(&ed448Key, output, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- /* Good Case */
- if (ret == 0) {
- ret = wc_Ed448KeyToDer(&ed448Key, output, inLen);
- if (ret > 0) {
- ret = 0;
- }
- }
- wc_ed448_free(&ed448Key);
- }
- wc_FreeRng(&rng);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_wc_Ed448KeyToDer*/
- /*
- * Testing wc_Ed448PrivateKeyToDer
- */
- static int test_wc_Ed448PrivateKeyToDer (void)
- {
- int ret = 0;
- #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed448_key ed448PrivKey;
- WC_RNG rng;
- word32 inLen;
- printf(testingFmt, "wc_Ed448PrivateKeyToDer()");
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = wc_ed448_init(&ed448PrivKey);
- if (ret == 0) {
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey);
- }
- inLen = sizeof(output);
-
- /* Bad Cases */
- if (ret == 0) {
- ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- /* Good case */
- if (ret == 0) {
- ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen);
- if (ret > 0) {
- ret = 0;
- }
- }
- wc_ed448_free(&ed448PrivKey);
- }
- wc_FreeRng(&rng);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_wc_Ed448PrivateKeyToDer*/
- /*
- * Testing wc_SetSubjectBuffer
- */
- static int test_wc_SetSubjectBuffer (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_CERT_GEN)
- Cert cert;
- FILE* file;
- byte* der;
- word32 derSz;
-
- printf(testingFmt, "wc_SetSubjectBuffer()");
- derSz = FOURK_BUF;
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ret = -1;
- }
- if (ret == 0) {
- file = XFOPEN("./certs/ca-cert.der", "rb");
- if (file != NULL) {
- derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- }
- }
- if (ret == 0) {
- ret = wc_InitCert(&cert);
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(&cert, der, derSz);
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_wc_SetSubjectBuffer*/
- /*
- * Testing wc_SetSubjectKeyIdFromPublicKey_ex
- */
- static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WC_RNG rng;
- Cert cert;
- #if defined(HAVE_ED25519)
- ed25519_key ed25519Key;
- #endif
- #if !defined(NO_RSA) && defined(HAVE_RSA)
- RsaKey rsaKey;
- int bits = 2048;
- #endif
- ecc_key eccKey;
- #if defined(HAVE_ED448)
- ed448_key ed448Key;
- #endif
- printf(testingFmt, "wc_SetSubjectKeyIdFromPublicKey_ex()");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- wc_InitCert(&cert);
- #if defined(HAVE_ED25519)
- if (ret == 0) { /*ED25519*/
- ret = wc_ed25519_init(&ed25519Key);
- if (ret == 0) {
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
- }
- if (ret == 0) {
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
- &ed25519Key);
- }
- wc_ed25519_free(&ed25519Key);
- }
- #endif
- #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
- if (ret == 0) { /*RSA*/
- ret = wc_InitRsaKey(&rsaKey, NULL);
- if (ret == 0) {
- MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
- }
- if (ret == 0) {
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
- }
- wc_FreeRsaKey(&rsaKey);
- }
- #endif
- if (ret == 0) { /*ECC*/
- ret = wc_ecc_init(&eccKey);
- if (ret == 0) {
- wc_ecc_make_key(&rng, KEY14, &eccKey);
- }
- if (ret == 0) {
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
- }
- wc_ecc_free(&eccKey);
- }
- #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- if (ret == 0) { /*ED448*/
- ret = wc_ed448_init(&ed448Key);
- if (ret == 0) {
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
- }
- if (ret == 0) {
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
- &ed448Key);
- }
- wc_ed448_free(&ed448Key);
- }
- #endif
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeRng(&rng);
- #endif
- return ret;
- }/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/
- /*
- * Testing wc_SetAuthKeyIdFromPublicKey_ex
- */
- static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WC_RNG rng;
- Cert cert;
- #if defined(HAVE_ED25519)
- ed25519_key ed25519Key;
- #endif
- #if !defined(NO_RSA) && defined(HAVE_RSA)
- RsaKey rsaKey;
- int bits = 2048;
- #endif
- ecc_key eccKey;
- #if defined(HAVE_ED448)
- ed448_key ed448Key;
- #endif
- printf(testingFmt, "wc_SetAuthKeyIdFromPublicKey_ex()");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- wc_InitCert(&cert);
- #if defined(HAVE_ED25519)
- if (ret == 0) { /*ED25519*/
- ret = wc_ed25519_init(&ed25519Key);
- if (ret == 0) {
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
- }
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
- &ed25519Key);
- }
- wc_ed25519_free(&ed25519Key);
- }
- #endif
- #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
- if (ret == 0) { /*RSA*/
- ret = wc_InitRsaKey(&rsaKey, NULL);
- if (ret == 0) {
- MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
- }
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
- }
- wc_FreeRsaKey(&rsaKey);
- }
- #endif
- if (ret == 0) { /*ECC*/
- ret = wc_ecc_init(&eccKey);
- if (ret == 0) {
- wc_ecc_make_key(&rng, KEY14, &eccKey);
- }
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
- }
- wc_ecc_free(&eccKey);
- }
- #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KEY_GEN))
- if (ret == 0) { /*ED448*/
- ret = wc_ed448_init(&ed448Key);
- if (ret == 0) {
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
- }
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
- &ed448Key);
- }
- wc_ed448_free(&ed448Key);
- }
- #endif
- printf(resultFmt, ret == 0 ? passed : failed);
- wc_FreeRng(&rng);
- #endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/
- return ret;
- }/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
- /*
- * Testing wc_PKCS7_New()
- */
- static void test_wc_PKCS7_New (void)
- {
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- void* heap = NULL;
- printf(testingFmt, "wc_PKCS7_New()");
- pkcs7 = wc_PKCS7_New(heap, devId);
- AssertNotNull(pkcs7);
- printf(resultFmt, passed);
- wc_PKCS7_Free(pkcs7);
- #endif
- } /* END test-wc_PKCS7_New */
- /*
- * Testing wc_PKCS7_Init()
- */
- static void test_wc_PKCS7_Init (void)
- {
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- void* heap = NULL;
- printf(testingFmt, "wc_PKCS7_Init()");
- pkcs7 = wc_PKCS7_New(heap, devId);
- AssertNotNull(pkcs7);
- AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
- /* Pass in bad args. */
- AssertIntEQ(wc_PKCS7_Init(NULL, heap, devId), BAD_FUNC_ARG);
- printf(resultFmt, passed);
- wc_PKCS7_Free(pkcs7);
- #endif
- } /* END test-wc_PKCS7_Init */
- /*
- * Testing wc_PKCS7_InitWithCert()
- */
- static void test_wc_PKCS7_InitWithCert (void)
- {
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- unsigned char cert[sizeof_client_cert_der_2048];
- int certSz = (int)sizeof(cert);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(cert, client_cert_der_2048, sizeof_client_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- unsigned char cert[sizeof_client_cert_der_1024];
- int certSz = (int)sizeof(cert);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
- #else
- unsigned char cert[ONEK_BUF];
- XFILE fp;
- int certSz;
- fp = XFOPEN("./certs/1024/client-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof_cliecc_cert_der_256];
- int certSz = (int)sizeof(cert);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- XFILE fp;
- int certSz;
- fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
- XFCLOSE(fp);
- #endif
- #else
- #error PKCS7 requires ECC or RSA
- #endif
- printf(testingFmt, "wc_PKCS7_InitWithCert()");
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- /* If initialization is not successful, it's free'd in init func. */
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
- wc_PKCS7_Free(pkcs7);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- /* Valid initialization usage. */
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* Pass in bad args. No need free for null checks, free at end.*/
- AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
- BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
- BAD_FUNC_ARG);
- printf(resultFmt, passed);
- wc_PKCS7_Free(pkcs7);
- #endif
- } /* END test_wc_PKCS7_InitWithCert */
- /*
- * Testing wc_PKCS7_EncodeData()
- */
- static void test_wc_PKCS7_EncodeData (void)
- {
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- byte output[FOURK_BUF];
- byte data[] = "My encoded DER cert.";
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- unsigned char cert[sizeof_client_cert_der_2048];
- unsigned char key[sizeof_client_key_der_2048];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- #elif defined(USE_CERT_BUFFERS_1024)
- unsigned char cert[sizeof_client_cert_der_1024];
- unsigned char key[sizeof_client_key_der_1024];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz;
- int keySz;
- fp = XFOPEN("./certs/1024/client-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/1024/client-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof_cliecc_cert_der_256];
- unsigned char key[sizeof_ecc_clikey_der_256];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz, keySz;
- fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/client-ecc-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
- XFCLOSE(fp);
- #endif
- #endif
- XMEMSET(output, 0, sizeof(output));
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);
- printf(testingFmt, "wc_PKCS7_EncodeData()");
- pkcs7->content = data;
- pkcs7->contentSz = sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
- /* Test bad args. */
- AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
- BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
- BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
- printf(resultFmt, passed);
- wc_PKCS7_Free(pkcs7);
- #endif
- } /* END test_wc_PKCS7_EncodeData */
- #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
- !defined(NO_RSA) && !defined(NO_SHA256)
- /* RSA sign raw digest callback */
- static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
- byte* out, word32 outSz, byte* privateKey,
- word32 privateKeySz, int devid, int hashOID)
- {
- /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
- byte digInfoEncoding[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20
- };
- int ret;
- byte digestInfo[ONEK_BUF];
- byte sig[FOURK_BUF];
- word32 digestInfoSz = 0;
- word32 idx = 0;
- RsaKey rsa;
- /* SHA-256 required only for this example callback due to above
- * digInfoEncoding[] */
- if (pkcs7 == NULL || digest == NULL || out == NULL ||
- (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
- (hashOID != SHA256h)) {
- return -1;
- }
- /* build DigestInfo */
- XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
- digestInfoSz += sizeof(digInfoEncoding);
- XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
- digestInfoSz += digestSz;
- /* set up RSA key */
- ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
- if (ret != 0) {
- return ret;
- }
- ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
- /* sign DigestInfo */
- if (ret == 0) {
- ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
- &rsa, pkcs7->rng);
- if (ret > 0) {
- if (ret > (int)outSz) {
- /* output buffer too small */
- ret = -1;
- } else {
- /* success, ret holds sig size */
- XMEMCPY(out, sig, ret);
- }
- }
- }
- wc_FreeRsaKey(&rsa);
- return ret;
- }
- #endif
- /*
- * Testing wc_PKCS7_EncodeSignedData()
- */
- static void test_wc_PKCS7_EncodeSignedData(void)
- {
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- WC_RNG rng;
- byte output[FOURK_BUF];
- byte badOut[0];
- word32 outputSz = (word32)sizeof(output);
- word32 badOutSz = (word32)sizeof(badOut);
- byte data[] = "Test data to encode.";
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- byte key[sizeof_client_key_der_2048];
- byte cert[sizeof_client_cert_der_2048];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- byte key[sizeof_client_key_der_1024];
- byte cert[sizeof_client_cert_der_1024];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz;
- int keySz;
- fp = XFOPEN("./certs/1024/client-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/1024/client-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof_cliecc_cert_der_256];
- unsigned char key[sizeof_ecc_clikey_der_256];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz, keySz;
- fp = XOPEN("./certs/client-ecc-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/client-ecc-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
- XFCLOSE(fp);
- #endif
- #endif
- XMEMSET(output, 0, outputSz);
- AssertIntEQ(wc_InitRng(&rng), 0);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
- pkcs7->content = data;
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHAh;
- pkcs7->rng = &rng;
- AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- /* Pass in bad args. */
- AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
- badOutSz), BAD_FUNC_ARG);
- pkcs7->hashOID = 0; /* bad hashOID */
- AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG);
- #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
- !defined(NO_RSA) && !defined(NO_SHA256)
- /* test RSA sign raw digest callback, if using RSA and compiled in.
- * Example callback assumes SHA-256, so only run test if compiled in. */
- wc_PKCS7_Free(pkcs7);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- pkcs7->content = data;
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
- AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
- #endif
- printf(resultFmt, passed);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- #endif
- } /* END test_wc_PKCS7_EncodeSignedData */
- /*
- * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
- */
- static void test_wc_PKCS7_EncodeSignedData_ex(void)
- {
- #if defined(HAVE_PKCS7)
- int ret, i;
- PKCS7* pkcs7;
- WC_RNG rng;
- byte outputHead[FOURK_BUF/2];
- byte outputFoot[FOURK_BUF/2];
- word32 outputHeadSz = (word32)sizeof(outputHead);
- word32 outputFootSz = (word32)sizeof(outputFoot);
- byte data[FOURK_BUF];
- wc_HashAlg hash;
- enum wc_HashType hashType = WC_HASH_TYPE_SHA;
- byte hashBuf[WC_MAX_DIGEST_SIZE];
- word32 hashSz = wc_HashGetDigestSize(hashType);
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- byte key[sizeof_client_key_der_2048];
- byte cert[sizeof_client_cert_der_2048];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- byte key[sizeof_client_key_der_1024];
- byte cert[sizeof_client_cert_der_1024];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz;
- int keySz;
- fp = XFOPEN("./certs/1024/client-cert.der", "rb");
- AssertTrue((fp != XBADFILE));
- certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/1024/client-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof_cliecc_cert_der_256];
- unsigned char key[sizeof_ecc_clikey_der_256];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz, keySz;
- fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/client-ecc-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
- XFCLOSE(fp);
- #endif
- #endif
- /* initialize large data with sequence */
- for (i=0; i<(int)sizeof(data); i++)
- data[i] = i & 0xff;
- XMEMSET(outputHead, 0, outputHeadSz);
- XMEMSET(outputFoot, 0, outputFootSz);
- AssertIntEQ(wc_InitRng(&rng), 0);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
- pkcs7->content = NULL; /* not used for ex */
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHAh;
- pkcs7->rng = &rng;
- /* calculate hash for content */
- ret = wc_HashInit(&hash, hashType);
- if (ret == 0) {
- ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
- if (ret == 0) {
- ret = wc_HashFinal(&hash, hashType, hashBuf);
- }
- wc_HashFree(&hash, hashType);
- }
- AssertIntEQ(ret, 0);
- /* Perform PKCS7 sign using hash directly */
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
- AssertIntGT(outputHeadSz, 0);
- AssertIntGT(outputFootSz, 0);
- wc_PKCS7_Free(pkcs7);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* required parameter even on verify when using _ex */
- pkcs7->contentSz = (word32)sizeof(data);
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
- wc_PKCS7_Free(pkcs7);
- /* assembly complete PKCS7 sign and use normal verify */
- {
- byte* output = (byte*)XMALLOC(outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- word32 outputSz = 0;
- AssertNotNull(output);
- XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
- outputSz += outputHeadSz;
- XMEMCPY(&output[outputSz], data, sizeof(data));
- outputSz += sizeof(data);
- XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
- outputSz += outputFootSz;
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- /* Pass in bad args. */
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
- pkcs7->hashOID = 0; /* bad hashOID */
- AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
- outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
- outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
- outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
- #else
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
- outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
- #endif
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
- outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- /* can pass in 0 buffer length with streaming API */
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
- #else
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
- #else
- AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E);
- #endif
- printf(resultFmt, passed);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- #endif
- } /* END test_wc_PKCS7_EncodeSignedData_ex */
- #if defined(HAVE_PKCS7)
- static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
- byte* data, word32 dataSz,
- int withAttribs, int detachedSig)
- {
- PKCS7* pkcs7;
- WC_RNG rng;
- static byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static byte messageType[] = { 0x13, 2, '1', '9' };
- PKCS7Attrib attribs[] =
- {
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) }
- };
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- byte key[sizeof_client_key_der_2048];
- byte cert[sizeof_client_cert_der_2048];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- byte key[sizeof_client_key_der_1024];
- byte cert[sizeof_client_cert_der_1024];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- FILE* fp;
- int certSz;
- int keySz;
- fp = fopen("./certs/1024/client-cert.der", "rb");
- AssertNotNull(fp);
- certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
- fclose(fp);
- fp = fopen("./certs/1024/client-key.der", "rb");
- AssertNotNull(fp);
- keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
- fclose(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof_cliecc_cert_der_256];
- unsigned char key[sizeof_ecc_clikey_der_256];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- FILE* fp;
- int certSz, keySz;
- fp = fopen("./certs/client-ecc-cert.der", "rb");
- AssertNotNull(fp);
- certSz = fread(cert, 1, sizeof_cliecc_cert_der_256, fp);
- fclose(fp);
- fp = fopen("./certs/client-ecc-key.der", "rb");
- AssertNotNull(fp);
- keySz = fread(key, 1, sizeof_ecc_clikey_der_256, fp);
- fclose(fp);
- #endif
- #endif
- XMEMSET(output, 0, outputSz);
- AssertIntEQ(wc_InitRng(&rng), 0);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- printf(testingFmt, "wc_PKCS7_VerifySignedData()");
- pkcs7->content = data;
- pkcs7->contentSz = dataSz;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHAh;
- pkcs7->rng = &rng;
- if (withAttribs) {
- /* include a signed attribute */
- pkcs7->signedAttribs = attribs;
- pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
- }
- if (detachedSig) {
- AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
- }
- AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (detachedSig) {
- pkcs7->content = data;
- pkcs7->contentSz = dataSz;
- }
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- return outputSz;
- }
- #endif
- /*
- * Testing wc_PKCS_VerifySignedData()
- */
- static void test_wc_PKCS7_VerifySignedData(void)
- {
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- byte output[FOURK_BUF];
- word32 outputSz = sizeof(output);
- byte data[] = "Test data to encode.";
- byte badOut[0];
- word32 badOutSz = (word32)sizeof(badOut);
- byte badContent[] = "This is different content than was signed";
- AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data),
- 0, 0)), 0);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- /* Test bad args. */
- AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- /* can pass in 0 buffer length with streaming API */
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
- badOutSz), WC_PKCS7_WANT_READ_E);
- #else
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
- badOutSz), BAD_FUNC_ARG);
- #endif
- wc_PKCS7_Free(pkcs7);
- /* Invalid content should error, use detached signature so we can
- * easily change content */
- AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data),
- 1, 1)), 0);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- pkcs7->content = badContent;
- pkcs7->contentSz = sizeof(badContent);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E);
- wc_PKCS7_Free(pkcs7);
- /* Test success case with detached signature and valid content */
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- pkcs7->content = data;
- pkcs7->contentSz = sizeof(data);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- printf(resultFmt, passed);
- #endif
- } /* END test_wc_PKCS7_VerifySignedData() */
- #if defined(HAVE_PKCS7) && !defined(NO_AES) && !defined(NO_AES_256)
- static const byte defKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static byte aesHandle[32]; /* simulated hardware key handle */
- /* return 0 on success */
- static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
- byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
- byte* in, int inSz, byte* out, void* usrCtx)
- {
- int ret;
- Aes aes;
- if (usrCtx == NULL) {
- /* no simulated handle passed in */
- return -1;
- }
- switch (encryptOID) {
- case AES256CBCb:
- if (ivSz != AES_BLOCK_SIZE)
- return BAD_FUNC_ARG;
- break;
- default:
- WOLFSSL_MSG("Unsupported content cipher type for test");
- return ALGO_ID_E;
- };
- /* simulate using handle to get key */
- ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
- wc_AesFree(&aes);
- }
- (void)aad;
- (void)aadSz;
- (void)authTag;
- (void)authTagSz;
- (void)pkcs7;
- return ret;
- }
- /* returns key size on success */
- static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
- word32 keyIdSz, byte* orginKey, word32 orginKeySz,
- byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
- {
- int ret = -1;
- if (out == NULL)
- return BAD_FUNC_ARG;
- if (keyId[0] != 0x00) {
- return -1;
- }
- if (type != (int)PKCS7_KEKRI) {
- return -1;
- }
- switch (keyWrapAlgo) {
- case AES256_WRAP:
- /* simulate setting a handle for later decryption but use key
- * as handle in the test case here */
- ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
- aesHandle, sizeof(aesHandle), NULL);
- if (ret < 0)
- return ret;
- ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
- if (ret < 0)
- return ret;
- /* return key size on success */
- return sizeof(defKey);
- default:
- WOLFSSL_MSG("Unsupported key wrap algorithm in example");
- return BAD_KEYWRAP_ALG_E;
- };
- (void)cekSz;
- (void)cek;
- (void)outSz;
- (void)keyIdSz;
- (void)direction;
- (void)orginKey; /* used with KAKRI */
- (void)orginKeySz;
- return ret;
- }
- #endif /* HAVE_PKCS7 && !NO_AES && !NO_AES_256 */
- /*
- * Testing wc_PKCS7_EncodeEnvelopedData()
- */
- static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
- {
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- WC_RNG rng;
- word32 tempWrd32 = 0;
- byte* tmpBytePtr = NULL;
- const char input[] = "Test data to encode.";
- int i;
- int testSz = 0;
- #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz;
- word32 rsaPrivKeySz;
- #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
- !defined(USE_CERT_BUFFERS_2048) )
- static const char* rsaClientCert = "./certs/client-cert.der";
- static const char* rsaClientKey = "./certs/client-key.der";
- rsaCertSz = (word32)sizeof(rsaClientCert);
- rsaPrivKeySz = (word32)sizeof(rsaClientKey);
- #endif
- #endif
- #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz;
- word32 eccPrivKeySz;
- #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
- static const char* eccClientCert = "./certs/client-ecc-cert.der";
- static const char* eccClientKey = "./certs/ecc-client-key.der";
- #endif
- #endif
- /* Generic buffer size. */
- byte output[ONEK_BUF];
- byte decoded[sizeof(input)/sizeof(char)];
- int decodedSz = 0;
- #ifndef NO_FILESYSTEM
- XFILE certFile;
- XFILE keyFile;
- #endif
- #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- /* RSA certs and keys. */
- #if defined(USE_CERT_BUFFERS_1024)
- /* Allocate buffer space. */
- AssertNotNull(rsaCert =
- (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- /* Init buffer. */
- rsaCertSz = (word32)sizeof_client_cert_der_1024;
- XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
- AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
- XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
- #elif defined(USE_CERT_BUFFERS_2048)
- /* Allocate buffer */
- AssertNotNull(rsaCert =
- (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- /* Init buffer. */
- rsaCertSz = (word32)sizeof_client_cert_der_2048;
- XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
- AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
- XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
- #else
- /* File system. */
- certFile = XFOPEN(rsaClientCert, "rb");
- AssertTrue(certFile != XBADFILE);
- rsaCertSz = (word32)FOURK_BUF;
- AssertNotNull(rsaCert =
- (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile);
- XFCLOSE(certFile);
- keyFile = XFOPEN(rsaClientKey, "rb");
- AssertTrue(keyFile != XBADFILE);
- AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- rsaPrivKeySz = (word32)FOURK_BUF;
- rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile);
- XFCLOSE(keyFile);
- #endif /* USE_CERT_BUFFERS */
- #endif /* NO_RSA */
- /* ECC */
- #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- #ifdef USE_CERT_BUFFERS_256
- AssertNotNull(eccCert =
- (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- /* Init buffer. */
- eccCertSz = (word32)sizeof_cliecc_cert_der_256;
- XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
- AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
- XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
- #else /* File system. */
- certFile = XFOPEN(eccClientCert, "rb");
- AssertTrue(certFile != XBADFILE);
- eccCertSz = (word32)FOURK_BUF;
- AssertNotNull(eccCert =
- (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile);
- XFCLOSE(certFile);
- keyFile = XFOPEN(eccClientKey, "rb");
- AssertTrue(keyFile != XBADFILE);
- eccPrivKeySz = (word32)FOURK_BUF;
- AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile);
- XFCLOSE(keyFile);
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* END HAVE_ECC */
- /* Silence. */
- (void)keyFile;
- (void)certFile;
- const pkcs7EnvelopedVector testVectors[] = {
- /* DATA is a global variable defined in the makefile. */
- #if !defined(NO_RSA)
- #ifndef NO_DES3
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
- rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif /* NO_DES3 */
- #ifndef NO_AES
- #ifndef NO_AES_128
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
- 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif
- #ifndef NO_AES_192
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
- 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif
- #ifndef NO_AES_256
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
- 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif
- #endif /* NO_AES */
- #endif /* NO_RSA */
- #if defined(HAVE_ECC)
- #ifndef NO_AES
- #if !defined(NO_SHA) && !defined(NO_AES_128)
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
- AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
- eccCertSz, eccPrivKey, eccPrivKeySz},
- #endif
- #if !defined(NO_SHA256) && !defined(NO_AES_256)
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
- AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert,
- eccCertSz, eccPrivKey, eccPrivKeySz},
- #endif
- #if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
- AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
- eccCertSz, eccPrivKey, eccPrivKeySz},
- #endif
- #endif /* NO_AES */
- #endif /* END HAVE_ECC */
- }; /* END pkcs7EnvelopedVector */
- #ifdef ECC_TIMING_RESISTANT
- AssertIntEQ(wc_InitRng(&rng), 0);
- #endif
- printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()");
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
- testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
- for (i = 0; i < testSz; i++) {
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
- (word32)(testVectors + i)->certSz), 0);
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- pkcs7->content = (byte*)(testVectors + i)->content;
- pkcs7->contentSz = (testVectors + i)->contentSz;
- pkcs7->contentOID = (testVectors + i)->contentOID;
- pkcs7->encryptOID = (testVectors + i)->encryptOID;
- pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID;
- pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID;
- pkcs7->privateKey = (testVectors + i)->privateKey;
- pkcs7->privateKeySz = (testVectors + i)->privateKeySz;
- AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output)), 0);
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded));
- AssertIntGE(decodedSz, 0);
- /* Verify the size of each buffer. */
- AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
- /* Don't free the last time through the loop. */
- if (i < testSz - 1 ){
- wc_PKCS7_Free(pkcs7);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- }
- } /* END test loop. */
- /* Test bad args. */
- AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
- (word32)sizeof(output)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
- (word32)sizeof(output)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
- printf(resultFmt, passed);
- /* Decode. */
- printf(testingFmt, "wc_PKCS7_DecodeEnvelopedData()");
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
- (word32)sizeof(decoded)), BAD_FUNC_ARG);
- /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
- #if defined(HAVE_ECC) && !defined(NO_AES)
- /* only a failure for KARI test cases */
- tempWrd32 = pkcs7->singleCertSz;
- pkcs7->singleCertSz = 0;
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- pkcs7->singleCertSz = tempWrd32;
- tmpBytePtr = pkcs7->singleCert;
- pkcs7->singleCert = NULL;
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- pkcs7->singleCert = tmpBytePtr;
- #endif
- tempWrd32 = pkcs7->privateKeySz;
- pkcs7->privateKeySz = 0;
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- pkcs7->privateKeySz = tempWrd32;
- tmpBytePtr = pkcs7->privateKey;
- pkcs7->privateKey = NULL;
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- pkcs7->privateKey = tmpBytePtr;
- wc_PKCS7_Free(pkcs7);
- #if !defined(NO_AES) && !defined(NO_AES_256)
- /* test of decrypt callback with KEKRI enveloped data */
- {
- int envelopedSz;
- const byte keyId[] = { 0x00 };
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- pkcs7->content = (byte*)input;
- pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char));
- pkcs7->contentOID = DATA;
- pkcs7->encryptOID = AES256CBCb;
- AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
- (byte*)defKey, sizeof(defKey), (byte*)keyId,
- sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
- AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
- AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output))), 0);
- wc_PKCS7_Free(pkcs7);
- /* decode envelopedData */
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
- AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
- AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- envelopedSz, decoded, sizeof(decoded))), 0);
- wc_PKCS7_Free(pkcs7);
- }
- #endif /* !NO_AES && !NO_AES_256 */
- printf(resultFmt, passed);
- #ifndef NO_RSA
- if (rsaCert) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (rsaPrivKey) {
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /*NO_RSA */
- #ifdef HAVE_ECC
- if (eccCert) {
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (eccPrivKey) {
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* HAVE_ECC */
- #ifdef ECC_TIMING_RESISTANT
- wc_FreeRng(&rng);
- #endif
- #endif /* HAVE_PKCS7 */
- } /* END test_wc_PKCS7_EncodeEnvelopedData() */
- /*
- * Testing wc_PKCS7_EncodeEncryptedData()
- */
- static void test_wc_PKCS7_EncodeEncryptedData (void)
- {
- #if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
- PKCS7* pkcs7;
- byte* tmpBytePtr = NULL;
- byte encrypted[TWOK_BUF];
- byte decoded[TWOK_BUF];
- word32 tmpWrd32 = 0;
- int tmpInt = 0;
- int decodedSz;
- int encryptedSz;
- int testSz;
- int i;
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_DES3
- byte desKey[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- byte des3Key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- #endif
- #ifndef NO_AES
- #ifndef NO_AES_128
- byte aes128Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifndef NO_AES_192
- byte aes192Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifndef NO_AES_256
- byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #endif
- const pkcs7EncryptedVector testVectors[] =
- {
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
- {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
- #endif /* NO_DES3 */
- #ifndef NO_AES
- #ifndef NO_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
- sizeof(aes128Key)},
- #endif
- #ifndef NO_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
- sizeof(aes192Key)},
- #endif
- #ifndef NO_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key)},
- #endif
- #endif /* NO_AES */
- };
- testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
- for (i = 0; i < testSz; i++) {
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->encryptionKey = testVectors[i].encryptionKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
- pkcs7->heap = HEAP_HINT;
- /* encode encryptedData */
- encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted));
- AssertIntGT(encryptedSz, 0);
- /* Decode encryptedData */
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, sizeof(decoded));
- AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
- /* Keep values for last itr. */
- if (i < testSz - 1) {
- wc_PKCS7_Free(pkcs7);
- }
- }
- printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
- sizeof(encrypted)),BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
- sizeof(encrypted)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- 0), BAD_FUNC_ARG);
- /* Testing the struct. */
- tmpBytePtr = pkcs7->content;
- pkcs7->content = NULL;
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- pkcs7->content = tmpBytePtr;
- tmpWrd32 = pkcs7->contentSz;
- pkcs7->contentSz = 0;
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- pkcs7->contentSz = tmpWrd32;
- tmpInt = pkcs7->encryptOID;
- pkcs7->encryptOID = 0;
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- pkcs7->encryptOID = tmpInt;
- tmpBytePtr = pkcs7->encryptionKey;
- pkcs7->encryptionKey = NULL;
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- pkcs7->encryptionKey = tmpBytePtr;
- tmpWrd32 = pkcs7->encryptionKeySz;
- pkcs7->encryptionKeySz = 0;
- AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- pkcs7->encryptionKeySz = tmpWrd32;
- printf(resultFmt, passed);
- printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
- AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- NULL, sizeof(decoded)), BAD_FUNC_ARG);
- AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, 0), BAD_FUNC_ARG);
- /* Test struct fields */
- tmpBytePtr = pkcs7->encryptionKey;
- pkcs7->encryptionKey = NULL;
- AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- pkcs7->encryptionKey = tmpBytePtr;
- pkcs7->encryptionKeySz = 0;
- AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- printf(resultFmt, passed);
- wc_PKCS7_Free(pkcs7);
- #endif
- } /* END test_wc_PKCS7_EncodeEncryptedData() */
- /*
- * Testing wc_PKCS7_Degenerate()
- */
- static void test_wc_PKCS7_Degenerate(void)
- {
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
- PKCS7* pkcs7;
- char fName[] = "./certs/test-degenerate.p7b";
- XFILE f;
- byte der[4096];
- word32 derSz;
- int ret;
- printf(testingFmt, "wc_PKCS7_Degenerate()");
- AssertNotNull(f = XFOPEN(fName, "rb"));
- AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
- derSz = (word32)ret;
- XFCLOSE(f);
- /* test degenerate success */
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- #ifndef NO_RSA
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #else
- AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #endif
- wc_PKCS7_Free(pkcs7);
- /* test with turning off degenerate cases */
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E);
- wc_PKCS7_Free(pkcs7);
- printf(resultFmt, passed);
- #endif
- } /* END test_wc_PKCS7_Degenerate() */
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
- defined(ASN_BER_TO_DER) && !defined(NO_DES3)
- static byte berContent[] = {
- 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
- 0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
- 0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
- 0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
- 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
- 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
- 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
- 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
- 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
- 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
- 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
- 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
- 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
- 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
- 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
- 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
- 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
- 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
- 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
- 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
- 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
- 0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
- 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
- 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
- 0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
- 0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
- 0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
- 0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
- 0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
- 0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
- 0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
- 0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
- 0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
- 0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
- 0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
- 0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
- 0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
- 0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
- 0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
- 0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
- 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
- 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
- 0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
- 0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
- 0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
- 0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
- 0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
- 0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
- 0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
- 0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
- 0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
- 0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
- 0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
- 0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
- 0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
- 0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
- 0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
- 0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
- 0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
- 0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
- 0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
- 0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
- 0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
- 0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
- 0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
- 0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
- 0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
- 0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
- 0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
- 0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
- 0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
- 0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
- 0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
- 0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
- 0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
- 0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
- 0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
- 0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
- 0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
- 0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
- 0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
- 0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
- 0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
- 0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
- 0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
- 0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
- 0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
- 0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
- 0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
- 0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
- 0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
- 0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
- 0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
- 0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
- 0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
- 0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
- 0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
- 0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
- 0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
- 0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
- 0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
- 0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
- 0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
- 0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
- 0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
- 0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
- 0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
- 0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
- 0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
- 0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
- 0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
- 0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
- 0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
- 0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
- 0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
- 0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
- 0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
- 0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
- 0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
- 0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
- 0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
- 0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
- 0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
- 0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
- 0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
- 0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
- 0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
- 0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
- 0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
- 0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
- 0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
- 0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
- 0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
- 0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
- 0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
- 0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
- 0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
- 0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
- 0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
- 0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
- 0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
- 0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
- 0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
- 0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
- 0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
- 0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
- 0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
- 0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
- 0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
- 0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
- 0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
- 0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
- 0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
- 0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
- 0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
- 0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
- 0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
- 0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
- 0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
- 0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
- 0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
- 0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
- 0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
- 0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
- 0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
- 0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
- 0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
- 0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
- 0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
- 0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
- 0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
- 0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
- 0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
- 0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
- 0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
- 0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
- 0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
- 0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
- 0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
- 0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
- 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00
- };
- #endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */
- /*
- * Testing wc_PKCS7_BER()
- */
- static void test_wc_PKCS7_BER(void)
- {
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
- defined(ASN_BER_TO_DER)
- PKCS7* pkcs7;
- char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
- XFILE f;
- byte der[4096];
- #ifndef NO_DES3
- byte decoded[2048];
- #endif
- word32 derSz;
- int ret;
- printf(testingFmt, "wc_PKCS7_BER()");
- AssertNotNull(f = XFOPEN(fName, "rb"));
- AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
- derSz = (word32)ret;
- XFCLOSE(f);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- #ifndef NO_RSA
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #else
- AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #endif
- wc_PKCS7_Free(pkcs7);
- #ifndef NO_DES3
- /* decode BER content */
- AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb"));
- AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
- derSz = (word32)ret;
- XFCLOSE(f);
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- #ifndef NO_RSA
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
- #else
- AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
- #endif
- AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb"));
- AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
- derSz = (word32)ret;
- XFCLOSE(f);
- pkcs7->privateKey = der;
- pkcs7->privateKeySz = derSz;
- #ifndef NO_RSA
- AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
- sizeof(berContent), decoded, sizeof(decoded)), 0);
- #else
- AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
- sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
- #endif
- wc_PKCS7_Free(pkcs7);
- #endif /* !NO_DES3 */
- printf(resultFmt, passed);
- #endif
- } /* END test_wc_PKCS7_BER() */
- static void test_PKCS7_signed_enveloped(void)
- {
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
- && !defined(NO_AES)
- XFILE f;
- PKCS7* pkcs7;
- PKCS7* inner;
- void* pt;
- WC_RNG rng;
- unsigned char key[FOURK_BUF/2];
- unsigned char cert[FOURK_BUF/2];
- unsigned char env[FOURK_BUF];
- int envSz = FOURK_BUF;
- int keySz;
- int certSz;
- unsigned char sig[FOURK_BUF * 2];
- int sigSz = FOURK_BUF * 2;
- unsigned char decoded[FOURK_BUF];
- int decodedSz = FOURK_BUF;
- printf(testingFmt, "PKCS7_signed_enveloped");
- /* load cert */
- AssertNotNull(f = XFOPEN(cliCertDerFile, "rb"));
- AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
- XFCLOSE(f);
- /* load key */
- AssertNotNull(f = XFOPEN(cliKeyFile, "rb"));
- AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
- XFCLOSE(f);
- keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL);
- /* sign cert for envelope */
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_InitRng(&rng), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- pkcs7->content = cert;
- pkcs7->contentSz = certSz;
- pkcs7->contentOID = DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- /* create envelope */
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- pkcs7->content = sig;
- pkcs7->contentSz = sigSz;
- pkcs7->contentOID = DATA;
- pkcs7->encryptOID = AES256CBCb;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
- wc_PKCS7_Free(pkcs7);
- /* create bad signed enveloped data */
- sigSz = FOURK_BUF * 2;
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_InitRng(&rng), 0);
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- pkcs7->content = env;
- pkcs7->contentSz = envSz;
- pkcs7->contentOID = DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- /* Set no certs in bundle for this test. Hang on to the pointer though to
- * free it later. */
- pt = (void*)pkcs7->certList;
- pkcs7->certList = NULL; /* no certs in bundle */
- AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
- pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */
- wc_PKCS7_Free(pkcs7);
- /* check verify fails */
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
- PKCS7_SIGNEEDS_CHECK);
- /* try verifying the signature manually */
- {
- RsaKey rKey;
- word32 idx = 0;
- byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
- WC_MAX_DIGEST_SIZE];
- int digestSz;
- AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
- AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
- digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz,
- digest, sizeof(digest), &rKey);
- AssertIntGT(digestSz, 0);
- AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz);
- AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
- AssertIntEQ(wc_FreeRsaKey(&rKey), 0);
- /* verify was success */
- }
- wc_PKCS7_Free(pkcs7);
- /* initializing the PKCS7 struct with the signing certificate should pass */
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
- wc_PKCS7_Free(pkcs7);
- /* create valid degenerate bundle */
- sigSz = FOURK_BUF * 2;
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- pkcs7->content = env;
- pkcs7->contentSz = envSz;
- pkcs7->contentOID = DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
- AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- /* check verify */
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
- AssertNotNull(pkcs7->content);
- /* check decode */
- AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
- inner->privateKey = key;
- inner->privateKeySz = keySz;
- AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
- pkcs7->contentSz, decoded, decodedSz)), 0);
- wc_PKCS7_Free(inner);
- wc_PKCS7_Free(pkcs7);
- /* check cert set */
- AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
- AssertNotNull(pkcs7->singleCert);
- AssertIntNE(pkcs7->singleCertSz, 0);
- wc_PKCS7_Free(pkcs7);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wc_i2d_PKCS12(void)
- {
- #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
- && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
- && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
- WC_PKCS12* pkcs12 = NULL;
- unsigned char der[FOURK_BUF * 2];
- unsigned char* pt;
- int derSz;
- unsigned char out[FOURK_BUF * 2];
- int outSz = FOURK_BUF * 2;
- const char p12_f[] = "./certs/test-servercert.p12";
- XFILE f;
- printf(testingFmt, "wc_i2d_PKCS12");
- f = XFOPEN(p12_f, "rb");
- AssertNotNull(f);
- derSz = (int)XFREAD(der, 1, sizeof(der), f);
- AssertIntGT(derSz, 0);
- XFCLOSE(f);
- AssertNotNull(pkcs12 = wc_PKCS12_new());
- AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
- AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
- AssertIntEQ(outSz, derSz);
- outSz = derSz - 1;
- pt = out;
- AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
- outSz = derSz;
- AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
- AssertIntEQ((pt == out), 0);
- pt = NULL;
- AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
- XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
- wc_PKCS12_free(pkcs12);
- printf(resultFmt, passed);
- #endif
- }
- /* Testing wc_SignatureGetSize() for signature type ECC */
- static int test_wc_SignatureGetSize_ecc(void)
- {
- int ret = 0;
- #ifndef NO_SIG_WRAPPER
- #if defined(HAVE_ECC) && !defined(NO_ECC256)
- enum wc_SignatureType sig_type;
- word32 key_len;
- /* Initialize ECC Key */
- ecc_key ecc;
- const char* qx =
- "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
- const char* qy =
- "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
- const char* d =
- "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
- ret = wc_ecc_init(&ecc);
- if (ret == 0) {
- ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
- }
- printf(testingFmt, "wc_SigntureGetSize_ecc()");
- if (ret == 0) {
- /* Input for signature type ECC */
- sig_type = WC_SIGNATURE_TYPE_ECC;
- key_len = sizeof(ecc_key);
- ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
- /* Test bad args */
- if (ret > 0) {
- sig_type = (enum wc_SignatureType) 100;
- ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
- if (ret == BAD_FUNC_ARG) {
- sig_type = WC_SIGNATURE_TYPE_ECC;
- ret = wc_SignatureGetSize(sig_type, NULL, key_len);
- }
- if (ret >= 0) {
- key_len = (word32) 0;
- ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = SIG_TYPE_E;
- }
- }
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_ecc_free(&ecc);
- #else
- ret = SIG_TYPE_E;
- #endif
- if (ret == SIG_TYPE_E) {
- ret = 0;
- }
- else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* NO_SIG_WRAPPER */
- return ret;
- }/* END test_wc_SignatureGetSize_ecc() */
- /* Testing wc_SignatureGetSize() for signature type rsa */
- static int test_wc_SignatureGetSize_rsa(void)
- {
- int ret = 0;
- #ifndef NO_SIG_WRAPPER
- #ifndef NO_RSA
- enum wc_SignatureType sig_type;
- word32 key_len;
- word32 idx = 0;
- /* Initialize RSA Key */
- RsaKey rsa_key;
- byte* tmp = NULL;
- size_t bytes;
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_key_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp != NULL) {
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024,
- (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048,
- (size_t)sizeof_client_key_der_2048);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (file != XBADFILE) {
- bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- }
- else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- #else
- ret = WOLFSSL_FATAL_ERROR;
- #endif
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- if (ret == 0) {
- ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId);
- }
- if (ret == 0) {
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes);
- }
- printf(testingFmt, "wc_SigntureGetSize_rsa()");
- if (ret == 0) {
- /* Input for signature type RSA */
- sig_type = WC_SIGNATURE_TYPE_RSA;
- key_len = sizeof(RsaKey);
- ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
- /* Test bad args */
- if (ret > 0) {
- sig_type = (enum wc_SignatureType) 100;
- ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
- if (ret == BAD_FUNC_ARG) {
- sig_type = WC_SIGNATURE_TYPE_RSA;
- ret = wc_SignatureGetSize(sig_type, NULL, key_len);
- }
- #ifndef HAVE_USER_RSA
- if (ret == BAD_FUNC_ARG) {
- #else
- if (ret == 0) {
- #endif
- key_len = (word32)0;
- ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
- }
- if (ret == BAD_FUNC_ARG) {
- ret = SIG_TYPE_E;
- }
- }
- } else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- wc_FreeRsaKey(&rsa_key);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ret = SIG_TYPE_E;
- #endif
- if (ret == SIG_TYPE_E) {
- ret = 0;
- }else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif /* NO_SIG_WRAPPER */
- return ret;
- }/* END test_wc_SignatureGetSize_rsa(void) */
- /*----------------------------------------------------------------------------*
- | hash.h Tests
- *----------------------------------------------------------------------------*/
- static int test_wc_HashInit(void)
- {
- int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */
- wc_HashAlg hash;
- /* enum for holding supported algorithms, #ifndef's restrict if disabled */
- enum wc_HashType enumArray[] = {
- #ifndef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifndef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifndef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifndef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifndef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- };
- /* dynamically finds the length */
- int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
- /* For loop to test various arguments... */
- for (i = 0; i < enumlen; i++) {
- /* check for bad args */
- if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) {
- ret = 1;
- break;
- }
- wc_HashFree(&hash, enumArray[i]);
- /* check for null ptr */
- if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) {
- ret = 1;
- break;
- }
- } /* end of for loop */
- printf(testingFmt, "wc_HashInit()");
- if (ret==0) { /* all tests have passed */
- printf(resultFmt, passed);
- }
- else { /* a test has failed */
- printf(resultFmt, failed);
- }
- return ret;
- } /* end of test_wc_HashInit */
- /*
- * Unit test function for wc_HashSetFlags()
- */
- static int test_wc_HashSetFlags(void)
- {
- int ret = 0;
- #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
- wc_HashAlg hash;
- word32 flags = 0;
- int i, j;
- printf(testingFmt, "wc_HashSetFlags()");
- /* enum for holding supported algorithms, #ifndef's restrict if disabled */
- enum wc_HashType enumArray[] = {
- #ifndef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifndef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #ifdef WOLFSSL_SHA3
- WC_HASH_TYPE_SHA3_224,
- #endif
- };
- enum wc_HashType notSupported[] = {
- WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2,
- WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_BLAKE2S,
- WC_HASH_TYPE_NONE,
- };
- /* dynamically finds the length */
- int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
- /* For loop to test various arguments... */
- for (i = 0; i < enumlen; i++) {
- ret = wc_HashInit(&hash, enumArray[i]);
- if (ret == 0) {
- ret = wc_HashSetFlags(&hash, enumArray[i], flags);
- }
- if (ret == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_HashSetFlags(NULL, enumArray[i], flags);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- wc_HashFree(&hash, enumArray[i]);
-
- }
- /* For loop to test not supported cases */
- int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
- for (j = 0; j < notSupportedLen; j++){
- if (ret == 0) {
- ret = wc_HashInit(&hash, notSupported[j]);
- if (ret == BAD_FUNC_ARG){
- ret = 0;
- if (ret == 0){
- ret = wc_HashSetFlags(&hash, notSupported[j], flags);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- }
- }
- if (ret == 0) {
- ret = wc_HashFree(&hash, notSupported[j]);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_HashSetFlags */
- /*
- * Unit test function for wc_HashGetFlags()
- */
- static int test_wc_HashGetFlags(void)
- {
- int ret = 0;
- #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
- wc_HashAlg hash;
- word32 flags = 0;
- int i, j;
- printf(testingFmt, "wc_HashGetFlags()");
- /* enum for holding supported algorithms, #ifndef's restrict if disabled */
- enum wc_HashType enumArray[] = {
- #ifndef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifndef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #ifdef WOLFSSL_SHA3
- WC_HASH_TYPE_SHA3_224,
- #endif
- };
- enum wc_HashType notSupported[] = {
- WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2,
- WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_BLAKE2S,
- WC_HASH_TYPE_NONE,
- };
- int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
- /* For loop to test various arguments... */
- for (i = 0; i < enumlen; i++) {
- ret = wc_HashInit(&hash, enumArray[i]);
- if (ret == 0) {
- ret = wc_HashGetFlags(&hash, enumArray[i], &flags);
- }
- if (ret == 0) {
- if (flags & WC_HASH_FLAG_ISCOPY) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_HashGetFlags(NULL, enumArray[i], &flags);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- wc_HashFree(&hash, enumArray[i]);
- if (ret != 0) {
- break;
- }
- }
- /* For loop to test not supported cases */
- int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
- for (j = 0; j < notSupportedLen; j++){
- if (ret == 0) {
- ret = wc_HashInit(&hash, notSupported[j]);
- if (ret == BAD_FUNC_ARG){
- ret = 0;
- if (ret == 0){
- ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- }
- }
- if (ret == 0) {
- ret = wc_HashFree(&hash, notSupported[j]);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- } /* END test_wc_HashGetFlags */
- /*----------------------------------------------------------------------------*
- | Compatibility Tests
- *----------------------------------------------------------------------------*/
- static void test_wolfSSL_X509_NAME(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
- && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
- X509* x509;
- const unsigned char* c;
- unsigned char buf[4096];
- int bytes;
- XFILE f;
- const X509_NAME* a;
- const X509_NAME* b;
- X509_NAME* d2i_name;
- int sz;
- unsigned char* tmp;
- char file[] = "./certs/ca-cert.der";
- printf(testingFmt, "wolfSSL_X509_NAME()");
- /* test compile of deprecated function, returns 0 */
- AssertIntEQ(CRYPTO_thread_id(), 0);
- AssertNotNull(a = X509_NAME_new());
- X509_NAME_free((X509_NAME*)a);
- f = XFOPEN(file, "rb");
- AssertTrue(f != XBADFILE);
- bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- c = buf;
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(c, bytes,
- SSL_FILETYPE_ASN1));
- /* test cmp function */
- AssertNotNull(a = X509_get_issuer_name(x509));
- AssertNotNull(b = X509_get_subject_name(x509));
- AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
- tmp = buf;
- AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
- if (sz > 0 && tmp == buf) {
- printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \
- printf(" Expected pointer to be incremented\n");
- abort();
- }
- tmp = buf;
- AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
- /* retry but with the function creating a buffer */
- tmp = NULL;
- AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
- XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
- AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
- AssertIntEQ(X509_NAME_cmp(a, b), 0);
- X509_NAME_free((X509_NAME*)b);
- X509_NAME_free(d2i_name);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
- }
- static void test_wolfSSL_X509_INFO(void)
- {
- #if defined(OPENSSL_ALL)
- STACK_OF(X509_INFO) *info_stack;
- X509_INFO *info;
- BIO *cert;
- int i;
- printf(testingFmt, "wolfSSL_X509_INFO");
- AssertNotNull(cert = BIO_new_file(cliCertFileExt, "r"));
- AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
- for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
- AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
- AssertNotNull(info->x509);
- AssertNull(info->crl);
- }
- sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
- BIO_free(cert);
- AssertNotNull(cert = BIO_new_file(cliCertFileExt, "r"));
- AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
- sk_X509_INFO_free(info_stack);
- BIO_free(cert);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_subject_name_hash(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
- && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
- X509* x509;
- X509_NAME* subjectName = NULL;
- unsigned long ret = 0;
- printf(testingFmt, "wolfSSL_X509_subject_name_hash()");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
- ret = X509_subject_name_hash(x509);
- AssertIntNE(ret, 0);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_issuer_name_hash(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
- && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
- X509* x509;
- X509_NAME* issuertName = NULL;
- unsigned long ret = 0;
- printf(testingFmt, "wolfSSL_X509_issuer_name_hash()");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
- ret = X509_issuer_name_hash(x509);
- AssertIntNE(ret, 0);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_DES(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
- const_DES_cblock myDes;
- DES_cblock iv;
- DES_key_schedule key;
- word32 i;
- DES_LONG dl;
- unsigned char msg[] = "hello wolfssl";
- printf(testingFmt, "wolfSSL_DES()");
- DES_check_key(1);
- DES_set_key(&myDes, &key);
- /* check, check of odd parity */
- XMEMSET(myDes, 4, sizeof(const_DES_cblock)); myDes[0] = 6; /*set even parity*/
- XMEMSET(key, 5, sizeof(DES_key_schedule));
- AssertIntEQ(DES_set_key_checked(&myDes, &key), -1);
- AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
- /* set odd parity for success case */
- DES_set_odd_parity(&myDes);
- AssertIntEQ(DES_check_key_parity(&myDes), 1);
- printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]);
- AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
- for (i = 0; i < sizeof(DES_key_schedule); i++) {
- AssertIntEQ(key[i], myDes[i]);
- }
- AssertIntEQ(DES_is_weak_key(&myDes), 0);
- /* check weak key */
- XMEMSET(myDes, 1, sizeof(const_DES_cblock));
- XMEMSET(key, 5, sizeof(DES_key_schedule));
- AssertIntEQ(DES_set_key_checked(&myDes, &key), -2);
- AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
- /* now do unchecked copy of a weak key over */
- DES_set_key_unchecked(&myDes, &key);
- /* compare arrays, should be the same */
- for (i = 0; i < sizeof(DES_key_schedule); i++) {
- AssertIntEQ(key[i], myDes[i]);
- }
- AssertIntEQ(DES_is_weak_key(&myDes), 1);
- /* check DES_key_sched API */
- XMEMSET(key, 1, sizeof(DES_key_schedule));
- AssertIntEQ(DES_key_sched(&myDes, NULL), 0);
- AssertIntEQ(DES_key_sched(NULL, &key), 0);
- AssertIntEQ(DES_key_sched(&myDes, &key), 0);
- /* compare arrays, should be the same */
- for (i = 0; i < sizeof(DES_key_schedule); i++) {
- AssertIntEQ(key[i], myDes[i]);
- }
- /* DES_cbc_cksum should return the last 4 of the last 8 bytes after
- * DES_cbc_encrypt on the input */
- XMEMSET(iv, 0, sizeof(DES_cblock));
- XMEMSET(myDes, 5, sizeof(DES_key_schedule));
- AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
- AssertIntEQ(dl, 480052723);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
- }
- static void test_wc_PemToDer(void)
- {
- #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
- int ret;
- DerBuffer* pDer = NULL;
- const char* ca_cert = "./certs/server-cert.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- int eccKey = 0;
- EncryptedInfo info;
- printf(testingFmt, "wc_PemToDer()");
- XMEMSET(&info, 0, sizeof(info));
- ret = load_file(ca_cert, &cert_buf, &cert_sz);
- if (ret == 0) {
- ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE,
- &pDer, NULL, &info, &eccKey);
- AssertIntEQ(ret, 0);
- wc_FreeDer(&pDer);
- }
- if (cert_buf)
- free(cert_buf);
- #ifdef HAVE_ECC
- {
- const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
- byte key_buf[256] = {0};
- /* Test fail of loading a key with cert type */
- AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
- key_buf[0] = '\n';
- XMEMCPY(key_buf + 1, cert_buf, cert_sz);
- AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
- &pDer, NULL, &info, &eccKey)), 0);
- #ifdef OPENSSL_EXTRA
- AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
- &pDer, NULL, &info, &eccKey)), 0);
- #endif
- wc_FreeDer(&pDer);
- if (cert_buf)
- free(cert_buf);
- }
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wc_AllocDer(void)
- {
- #if !defined(NO_CERTS)
- int ret;
- DerBuffer* pDer = NULL;
- word32 testSize = 1024;
- printf(testingFmt, "wc_AllocDer()");
- ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT);
- AssertIntEQ(ret, 0);
- AssertNotNull(pDer);
- wc_FreeDer(&pDer);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wc_CertPemToDer(void)
- {
- #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
- int ret;
- const char* ca_cert = "./certs/ca-cert.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0, cert_dersz = 0;
- byte* cert_der = NULL;
- printf(testingFmt, "wc_CertPemToDer()");
- ret = load_file(ca_cert, &cert_buf, &cert_sz);
- if (ret == 0) {
- cert_dersz = cert_sz; /* DER will be smaller than PEM */
- cert_der = (byte*)malloc(cert_dersz);
- if (cert_der) {
- ret = wc_CertPemToDer(cert_buf, (int)cert_sz,
- cert_der, (int)cert_dersz, CERT_TYPE);
- AssertIntGE(ret, 0);
- }
- }
- if (cert_der)
- free(cert_der);
- if (cert_buf)
- free(cert_buf);
- #endif
- }
- static void test_wc_PubKeyPemToDer(void)
- {
- #ifdef WOLFSSL_PEM_TO_DER
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
- int ret;
- const char* key = "./certs/ecc-client-keyPub.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0, cert_dersz = 0;
- byte* cert_der = NULL;
- printf(testingFmt, "wc_PubKeyPemToDer()");
- ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
- cert_der, (int)cert_dersz);
- AssertIntGE(ret, BAD_FUNC_ARG);
- ret = load_file(key, &cert_buf, &cert_sz);
- if (ret == 0) {
- cert_dersz = cert_sz; /* DER will be smaller than PEM */
- cert_der = (byte*)malloc(cert_dersz);
- if (cert_der) {
- ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
- cert_der, (int)cert_dersz);
- AssertIntGE(ret, 0);
- }
- }
- if (cert_der)
- free(cert_der);
- if (cert_buf)
- free(cert_buf);
- #endif
- #endif
- }
- static void test_wc_PemPubKeyToDer(void)
- {
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
- int ret;
- const char* key = "./certs/ecc-client-keyPub.pem";
- size_t cert_dersz = 1024;
- byte* cert_der = (byte*)malloc(cert_dersz);
- printf(testingFmt, "wc_PemPubKeyToDer()");
- ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz);
- AssertIntGE(ret, BAD_FUNC_ARG);
- if (cert_der) {
- ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz);
- AssertIntGE(ret, 0);
- free(cert_der);
- }
- #endif
- }
- static void test_wolfSSL_certs(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA)
- X509* x509ext;
- #ifdef OPENSSL_ALL
- X509* x509;
- WOLFSSL_X509_EXTENSION* ext;
- #endif
- WOLFSSL* ssl;
- WOLFSSL_CTX* ctx;
- STACK_OF(ASN1_OBJECT)* sk;
- ASN1_STRING* asn1_str;
- AUTHORITY_KEYID* akey;
- BASIC_CONSTRAINTS* bc;
- int crit;
- printf(testingFmt, "wolfSSL_certs()");
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- #ifndef HAVE_USER_RSA
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
- #endif
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #ifdef HAVE_PK_CALLBACKS
- AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
- #endif /* HAVE_PK_CALLBACKS */
- /* create and use x509 */
- #ifdef OPENSSL_ALL
- x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- #endif
- x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509ext);
- AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
- #ifndef HAVE_USER_RSA
- /* with loading in a new cert the check on private key should now fail */
- AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- AssertIntEQ(SSL_use_certificate_ASN1(ssl,
- (unsigned char*)server_cert_der_2048,
- sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
- #endif
- #if !defined(NO_SHA) && !defined(NO_SHA256)
- /************* Get Digest of Certificate ******************/
- {
- byte digest[64]; /* max digest size */
- word32 digestSz;
- XMEMSET(digest, 0, sizeof(digest));
- AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
- WOLFSSL_FAILURE);
- }
- #endif /* !NO_SHA && !NO_SHA256*/
- /* test and checkout X509 extensions */
- bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
- &crit, NULL);
- AssertNotNull(bc);
- #ifdef OPENSSL_ALL
- ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
- AssertNotNull(ext);
- X509_EXTENSION_free(ext);
- #endif
- AssertIntEQ(crit, 0);
- BASIC_CONSTRAINTS_free(bc);
- asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
- AssertNotNull(asn1_str);
- AssertIntEQ(crit, 1);
- AssertIntEQ(asn1_str->type, NID_key_usage);
- #ifdef OPENSSL_ALL
- ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str);
- AssertNotNull(ext);
- X509_EXTENSION_free(ext);
- #endif
- ASN1_STRING_free(asn1_str);
- #ifdef OPENSSL_ALL
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
- &crit, NULL);
- AssertNotNull(sk);
- ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk);
- AssertNotNull(ext);
- X509_EXTENSION_free(ext);
- sk_ASN1_OBJECT_free(sk);
- #else
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
- &crit, NULL);
- AssertNull(sk);
- #endif
- akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
- NID_authority_key_identifier, &crit, NULL);
- AssertNotNull(akey);
- #ifdef OPENSSL_ALL
- ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey);
- AssertNotNull(ext);
- X509_EXTENSION_free(ext);
- #endif
- wolfSSL_AUTHORITY_KEYID_free(akey);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_private_key_usage_period, &crit, NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name,
- &crit, NULL);
- /* AssertNotNull(sk); no alt names set */
- sk_GENERAL_NAME_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name,
- &crit, NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit,
- NULL);
- /* AssertNotNull(sk); no auth info set */
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access,
- &crit, NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints,
- &crit, NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_certificate_policies, &crit, NULL);
- #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
- AssertNull(sk);
- #else
- /* AssertNotNull(sk); no cert policy set */
- #endif
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings,
- &crit, NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints,
- &crit, NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy,
- &crit, NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit,
- NULL);
- /* AssertNotNull(sk); NID not yet supported */
- AssertIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- /* test invalid cases */
- crit = 0;
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL);
- AssertNull(sk);
- AssertIntEQ(crit, -1);
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
- NULL, NULL);
- AssertNull(sk);
- AssertIntEQ(SSL_get_hit(ssl), 0);
- #ifdef OPENSSL_ALL
- X509_free(x509);
- #endif
- X509_free(x509ext);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !NO_CERTS */
- }
- static void test_wolfSSL_ASN1_TIME_print(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \
- && (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY)) && defined(USE_CERT_BUFFERS_2048)
- BIO* bio;
- X509* x509;
- const unsigned char* der = client_cert_der_2048;
- ASN1_TIME* t;
- unsigned char buf[25];
- printf(testingFmt, "wolfSSL_ASN1_TIME_print()");
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
- sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1);
- AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- AssertIntEQ(XMEMCMP(buf, "Jun 19 13:23:41 2020 GMT", sizeof(buf) - 1), 0);
- /* create a bad time and test results */
- AssertNotNull(t = X509_get_notAfter(x509));
- AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS);
- t->data[8] = 0;
- t->data[3] = 0;
- AssertIntNE(ASN1_TIME_print(bio, t), 1);
- AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
- AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
- AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_FAILURE);
- BIO_free(bio);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_UTCTIME_print(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- BIO* bio;
- ASN1_UTCTIME* utc = NULL;
- unsigned char buf[25];
- const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */
- const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */
- printf(testingFmt, "ASN1_UTCTIME_print()");
- /* NULL parameter check */
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
- BIO_free(bio);
- /* Valid date */
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
- DYNAMIC_TYPE_ASN1));
- utc->type = ASN_UTC_TIME;
- utc->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
- AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
- AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
- XMEMSET(buf, 0, sizeof(buf));
- BIO_free(bio);
- /* Invalid format */
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- utc->type = ASN_UTC_TIME;
- utc->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
- AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
- AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
- AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
- XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !NO_ASN_TIME */
- }
- static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
- {
- #if defined(OPENSSL_EXTRA)
- WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime;
- unsigned char nullstr[32];
- XMEMSET(nullstr, 0, 32);
- asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
- sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (asn1_gtime) {
- XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
- wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
- AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));
- XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_private_keys(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL* ssl;
- WOLFSSL_CTX* ctx;
- EVP_PKEY* pkey = NULL;
- printf(testingFmt, "wolfSSL_private_keys()");
- OpenSSL_add_all_digests();
- OpenSSL_add_all_algorithms();
- #ifndef NO_RSA
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- /* Have to load a cert before you can check the private key against that
- * certificates public key! */
- AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #ifdef USE_CERT_BUFFERS_2048
- {
- const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
- unsigned char buf[FOURK_BUF];
- word32 bufSz;
- AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
- (unsigned char*)client_key_der_2048,
- sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
- #ifndef HAVE_USER_RSA
- /* Should mismatch now that a different private key loaded */
- AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
- (unsigned char*)server_key,
- sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
- /* After loading back in DER format of original key, should match */
- AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- /* test loading private key to the WOLFSSL_CTX */
- AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
- (unsigned char*)client_key_der_2048,
- sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
- #ifndef NO_CHECK_PRIVATE_KEY
- #ifndef HAVE_USER_RSA
- /* Should mismatch now that a different private key loaded */
- AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
- (unsigned char*)server_key,
- sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
- /* After loading back in DER format of original key, should match */
- AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
- #endif /* !NO_CHECK_PRIVATE_KEY */
- /* pkey not set yet, expecting to fail */
- AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
- /* set PKEY and test again */
- AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
- /* reuse PKEY structure and test
- * this should be checked with a memory management sanity checker */
- AssertFalse(server_key == (const unsigned char*)server_key_der_2048);
- server_key = (const unsigned char*)server_key_der_2048;
- AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
- /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
- bufSz = FOURK_BUF;
- AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
- (byte*)server_key_der_2048, sizeof_server_key_der_2048,
- RSAk, NULL, 0)), 0);
- server_key = (const unsigned char*)buf;
- AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
- (long)bufSz));
- }
- #endif
- EVP_PKEY_free(pkey);
- SSL_free(ssl); /* frees x509 also since loaded into ssl */
- SSL_CTX_free(ctx);
- #endif /* end of RSA private key match tests */
- #ifdef HAVE_ECC
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- SSL_free(ssl);
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* end of ECC private key match tests */
- #ifdef HAVE_ED25519
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
- WOLFSSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- SSL_free(ssl);
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile,
- WOLFSSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* end of Ed25519 private key match tests */
- #ifdef HAVE_ED448
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
- WOLFSSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- SSL_free(ssl);
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile,
- WOLFSSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* end of Ed448 private key match tests */
- EVP_cleanup();
- /* test existence of no-op macros in wolfssl/openssl/ssl.h */
- CONF_modules_free();
- ENGINE_cleanup();
- CONF_modules_unload();
- (void)ssl;
- (void)ctx;
- (void)pkey;
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- }
- static void test_wolfSSL_PEM_PrivateKey(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
- BIO* bio = NULL;
- EVP_PKEY* pkey = NULL;
- const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
- /* test creating new EVP_PKEY with bad arg */
- AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
- /* test loading RSA key using BIO */
- #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- {
- XFILE file;
- const char* fname = "./certs/server-key.pem";
- size_t sz;
- byte* buf;
- file = XFOPEN(fname, "rb");
- AssertTrue((file != XBADFILE));
- AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- sz = XFTELL(file);
- XREWIND(file);
- AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf) {
- AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
- }
- XFCLOSE(file);
- /* Test using BIO new mem and loading PEM private key */
- bio = BIO_new_mem_buf(buf, (int)sz);
- AssertNotNull(bio);
- AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- /* test loading ECC key using BIO */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- XFILE file;
- const char* fname = "./certs/ecc-key.pem";
- size_t sz;
- byte* buf;
- file = XFOPEN(fname, "rb");
- AssertTrue((file != XBADFILE));
- AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- sz = XFTELL(file);
- XREWIND(file);
- AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf)
- AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
- XFCLOSE(file);
- /* Test using BIO new mem and loading PEM private key */
- AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- #if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
- {
- #define BIO_PEM_TEST_CHAR 'a'
- EVP_PKEY* pkey2 = NULL;
- unsigned char extra[10];
- int i;
- printf(testingFmt, "wolfSSL_PEM_PrivateKey()");
- XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
- AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- AssertNull(pkey);
- AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_SUCCESS);
- /* test creating new EVP_PKEY with good args */
- AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
- AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
- /* test of reuse of EVP_PKEY */
- AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
- AssertIntEQ(BIO_pending(bio), 0);
- AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
- SSL_SUCCESS);
- AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
- AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
- AssertNotNull(pkey);
- if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
- AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
- }
- AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
- AssertIntEQ(BIO_read(bio, extra, 10), 10);
- for (i = 0; i < 10; i++) {
- AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
- }
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- EVP_PKEY_free(pkey2);
- }
- #endif
- /* key is DES encrypted */
- #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
- !defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5)
- {
- XFILE f;
- pem_password_cb* passwd_cb;
- void* passwd_cb_userdata;
- SSL_CTX* ctx;
- char passwd[] = "bad password";
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
- #endif
- #else
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #endif
- AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
- SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx));
- AssertNull(passwd_cb_userdata =
- SSL_CTX_get_default_passwd_cb_userdata(ctx));
- /* fail case with password call back */
- AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
- (void*)passwd));
- BIO_free(bio);
- AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
- AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
- (void*)passwd));
- BIO_free(bio);
- f = XFOPEN("./certs/server-keyEnc.pem", "rb");
- AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE));
- /* use callback that works */
- AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
- (void*)"yassl123"));
- AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(bio);
- bio = NULL;
- SSL_CTX_free(ctx);
- }
- #endif /* !defined(NO_DES3) */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- unsigned char buf[2048];
- size_t bytes;
- XFILE f;
- SSL_CTX* ctx;
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
- #endif
- #else
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #endif
- f = XFOPEN("./certs/ecc-key.der", "rb");
- AssertTrue((f != XBADFILE));
- bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- server_key = buf;
- pkey = NULL;
- AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
- AssertNull(pkey);
- AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
- AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- SSL_CTX_free(ctx);
- }
- #endif
- printf(resultFmt, passed);
- (void)bio;
- (void)pkey;
- (void)server_key;
- #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */
- }
- static void test_wolfSSL_PEM_bio_RSAKey(void)
- {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
- !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- RSA* rsa = NULL;
- BIO* bio = NULL;
- printf(testingFmt, "wolfSSL_PEM_bio_RSAKey");
- /* PrivateKey */
- AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
- AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL)));
- AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
- AssertIntEQ(RSA_size(rsa), 256);
- AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
- NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \
- NULL), WOLFSSL_SUCCESS);
- BIO_free(bio);
- RSA_free(rsa);
- /* PUBKEY */
- AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb"));
- AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
- AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
- AssertIntEQ(RSA_size(rsa), 256);
- AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS);
- BIO_free(bio);
- RSA_free(rsa);
- #ifdef HAVE_ECC
- /* ensure that non-rsa keys do not work */
- AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
- AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
- AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- RSA_free(rsa);
- #endif /* HAVE_ECC */
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
- }
- static void test_wolfSSL_PEM_RSAPrivateKey(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- RSA* rsa = NULL;
- RSA* rsa_dup = NULL;
- BIO* bio = NULL;
- printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()");
- AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
- AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
- AssertIntEQ(RSA_size(rsa), 256);
- #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
- AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa));
- AssertPtrNE(rsa_dup, rsa);
- #endif
- /* test if valgrind complains about unreleased memory */
- RSA_up_ref(rsa);
- RSA_free(rsa);
- BIO_free(bio);
- RSA_free(rsa);
- RSA_free(rsa_dup);
- #ifdef HAVE_ECC
- AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
- AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- #endif /* HAVE_ECC */
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- }
- static void test_wolfSSL_PEM_bio_DSAKey(void)
- {
- #ifndef HAVE_SELFTEST
- #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \
- defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA)
- DSA* dsa = NULL;
- BIO* bio = NULL;
- printf(testingFmt, "wolfSSL_PEM_bio_DSAKey");
- /* PrivateKey */
- AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb"));
- AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL)));
- AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
- AssertIntEQ(BN_num_bytes(dsa->g), 128);
- AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_FAILURE);
- BIO_free(bio);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_SUCCESS);
- BIO_free(bio);
- DSA_free(dsa);
- /* PUBKEY */
- AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb"));
- AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
- AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
- AssertIntEQ(BN_num_bytes(dsa->g), 128);
- AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS);
- BIO_free(bio);
- DSA_free(dsa);
- #ifdef HAVE_ECC
- /* ensure that non-dsa keys do not work */
- AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
- AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
- AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- DSA_free(dsa);
- #endif /* HAVE_ECC */
- printf(resultFmt, passed);
- #endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \
- !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \
- !defined(NO_FILESYSTEM) && !defined(NO_DSA) */
- #endif /* HAVE_SELFTEST */
- }
- static void test_wolfSSL_PEM_bio_ECKey(void)
- {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
- EC_KEY* ec = NULL;
- BIO* bio = NULL;
- printf(testingFmt, "wolfSSL_PEM_bio_ECKey");
- /* PrivateKey */
- AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
- AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL)));
- AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
- AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
- AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
- NULL),WOLFSSL_FAILURE);
- BIO_free(bio);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \
- NULL), WOLFSSL_SUCCESS);
- BIO_free(bio);
- EC_KEY_free(ec);
- /* PUBKEY */
- AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
- AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL)));
- AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
- AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
- AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS);
- BIO_free(bio);
- EC_KEY_free(ec);
- #ifndef NO_RSA
- /* ensure that non-ec keys do not work */
- AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */
- AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
- AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- EC_KEY_free(ec);
- #endif /* HAVE_ECC */
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- }
- static void test_wolfSSL_PEM_PUBKEY(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- BIO* bio = NULL;
- EVP_PKEY* pkey = NULL;
- /* test creating new EVP_PKEY with bad arg */
- AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL)));
- /* test loading ECC key using BIO */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- XFILE file;
- const char* fname = "./certs/ecc-client-keyPub.pem";
- size_t sz;
- byte* buf;
- file = XFOPEN(fname, "rb");
- AssertTrue((file != XBADFILE));
- XFSEEK(file, 0, XSEEK_END);
- sz = XFTELL(file);
- XREWIND(file);
- AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf)
- AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
- XFCLOSE(file);
- /* Test using BIO new mem and loading PEM private key */
- AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- (void)bio;
- (void)pkey;
- #endif
- }
- static void test_DSA_do_sign_verify(void)
- {
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_DSA)
- unsigned char digest[WC_SHA_DIGEST_SIZE];
- DSA_SIG* sig;
- DSA* dsa;
- word32 bytes;
- byte sigBin[DSA_SIG_SIZE];
- int dsacheck;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
- if (fp == XBADFILE) {
- return WOLFSSL_BAD_FILE;
- }
- bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- printf(testingFmt, "DSA_do_sign_verify()");
- XMEMSET(digest, 202, sizeof(digest));
- AssertNotNull(dsa = DSA_new());
- AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
- AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
- AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
- AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
- AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
- DSA_SIG_free(sig);
- DSA_free(dsa);
- #endif
- #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
- }
- static void test_wolfSSL_tmp_dh(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH)
- byte buffer[6000];
- char file[] = "./certs/dsaparams.pem";
- XFILE f;
- int bytes;
- DSA* dsa;
- DH* dh;
- BIO* bio;
- SSL* ssl;
- SSL_CTX* ctx;
- printf(testingFmt, "wolfSSL_tmp_dh()");
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- f = XFOPEN(file, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
- XFCLOSE(f);
- bio = BIO_new_mem_buf((void*)buffer, bytes);
- AssertNotNull(bio);
- dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
- AssertNotNull(dsa);
- dh = wolfSSL_DSA_dup_DH(dsa);
- AssertNotNull(dh);
- AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
- #else
- AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
- #endif
- BIO_free(bio);
- DSA_free(dsa);
- DH_free(dh);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ctrl(void)
- {
- #if defined (OPENSSL_EXTRA)
- byte buff[6000];
- BIO* bio;
- int bytes;
- BUF_MEM* ptr = NULL;
- printf(testingFmt, "wolfSSL_crtl()");
- bytes = sizeof(buff);
- bio = BIO_new_mem_buf((void*)buff, bytes);
- AssertNotNull(bio);
- AssertNotNull(BIO_s_socket());
- AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS);
- /* needs tested after stubs filled out @TODO
- SSL_ctrl
- SSL_CTX_ctrl
- */
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) */
- }
- static void test_wolfSSL_EVP_PKEY_new_mac_key(void)
- {
- #ifdef OPENSSL_EXTRA
- static const unsigned char pw[] = "password";
- static const int pwSz = sizeof(pw) - 1;
- size_t checkPwSz = 0;
- const unsigned char* checkPw = NULL;
- WOLFSSL_EVP_PKEY* key = NULL;
- printf(testingFmt, "wolfSSL_EVP_PKEY_new_mac_key()");
- AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz));
- AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz));
- AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz));
- if (key) {
- AssertIntEQ(key->type, EVP_PKEY_HMAC);
- AssertIntEQ(key->save_type, EVP_PKEY_HMAC);
- AssertIntEQ(key->pkey_sz, pwSz);
- AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0);
- }
- AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz));
- AssertIntEQ((int)checkPwSz, pwSz);
- if (checkPw) {
- AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0);
- }
- wolfSSL_EVP_PKEY_free(key);
- AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0));
- if (key) {
- AssertIntEQ(key->pkey_sz, 0);
- }
- checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
- (void)checkPw;
- AssertIntEQ((int)checkPwSz, 0);
- wolfSSL_EVP_PKEY_free(key);
- AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0));
- if (key) {
- AssertIntEQ(key->pkey_sz, 0);
- }
- checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
- (void)checkPw;
- AssertIntEQ((int)checkPwSz, 0);
- wolfSSL_EVP_PKEY_free(key);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_EVP_Digest(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
- const char* in = "abc";
- int inLen = (int)XSTRLEN(in);
- byte out[WC_SHA256_DIGEST_SIZE];
- unsigned int outLen;
- const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- printf(testingFmt, "wolfSSL_EVP_Digest()");
- AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1);
- AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE);
- AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0);
- printf(resultFmt, passed);
- #endif /* OPEN_EXTRA && ! NO_SHA256 */
- }
- static void test_wolfSSL_EVP_MD_size(void)
- {
- #ifdef OPENSSL_EXTRA
- WOLFSSL_EVP_MD_CTX mdCtx;
- printf(testingFmt, "wolfSSL_EVP_MD_size()");
- #ifndef NO_SHA256
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1);
- AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifndef NO_MD5
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifdef WOLFSSL_SHA224
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifdef WOLFSSL_SHA384
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifdef WOLFSSL_SHA512
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifndef NO_SHA
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- /* error case */
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 0);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_EVP_MD_hmac_signing(void)
- {
- #ifdef OPENSSL_EXTRA
- const unsigned char testKey[] =
- {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
- };
- const char testData[] = "Hi There";
- const unsigned char testResult[] =
- {
- 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
- 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
- 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
- 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
- };
- unsigned char check[sizeof(testResult)];
- size_t checkSz = -1;
- WOLFSSL_EVP_PKEY* key;
- WOLFSSL_EVP_MD_CTX mdCtx;
- printf(testingFmt, "wolfSSL_EVP_MD_hmac_signing()");
- AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- testKey, (int)sizeof(testKey)));
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, key), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- AssertIntEQ((int)checkSz, sizeof(testResult));
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ((int)checkSz,(int)sizeof(testResult));
- AssertIntEQ(XMEMCMP(testResult, check, sizeof(testResult)), 0);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, key), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)),
- 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, key), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- AssertIntEQ((int)checkSz, sizeof(testResult));
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ((int)checkSz,(int)sizeof(testResult));
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ((int)checkSz,(int)sizeof(testResult));
- AssertIntEQ(XMEMCMP(testResult, check, sizeof(testResult)), 0);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, key), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4),
- 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_PKEY_free(key);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_EVP_MD_rsa_signing(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
- defined(USE_CERT_BUFFERS_2048)
- WOLFSSL_EVP_PKEY* privKey;
- WOLFSSL_EVP_PKEY* pubKey;
- const char testData[] = "Hi There";
- WOLFSSL_EVP_MD_CTX mdCtx;
- size_t checkSz = -1;
- int sz = 2048 / 8;
- const unsigned char* cp;
- const unsigned char* p;
- unsigned char check[2048/8];
- printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()");
- cp = client_key_der_2048;
- AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp,
- sizeof_client_key_der_2048)));
- p = client_keypub_der_2048;
- AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
- sizeof_client_keypub_der_2048)));
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- AssertIntEQ((int)checkSz, sz);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ((int)checkSz,sz);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)),
- 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- AssertIntEQ((int)checkSz, sz);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ((int)checkSz, sz);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ((int)checkSz, sz);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4),
- 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_PKEY_free(pubKey);
- wolfSSL_EVP_PKEY_free(privKey);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_EVP_MD_ecc_signing(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- WOLFSSL_EVP_PKEY* privKey;
- WOLFSSL_EVP_PKEY* pubKey;
- const char testData[] = "Hi There";
- WOLFSSL_EVP_MD_CTX mdCtx;
- size_t checkSz = -1;
- const unsigned char* cp;
- const unsigned char* p;
- unsigned char check[2048/8];
- printf(testingFmt, "wolfSSL_EVP_MD_ecc_signing()");
- cp = ecc_clikey_der_256;
- privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
- sizeof_ecc_clikey_der_256);
- AssertNotNull(privKey);
- p = ecc_clikeypub_der_256;
- AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
- sizeof_ecc_clikeypub_der_256)));
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)),
- 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4),
- 1);
- AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_PKEY_free(pubKey);
- wolfSSL_EVP_PKEY_free(privKey);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_CTX_add_extra_chain_cert(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- char caFile[] = "./certs/client-ca.pem";
- char clientFile[] = "./certs/client-cert.pem";
- SSL_CTX* ctx;
- X509* x509;
- printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()");
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
- x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
- /* additional test of getting EVP_PKEY key size from X509
- * Do not run with user RSA because wolfSSL_RSA_size is not currently
- * allowed with user RSA */
- {
- EVP_PKEY* pkey;
- #if defined(HAVE_ECC)
- X509* ecX509;
- #endif /* HAVE_ECC */
- AssertNotNull(pkey = X509_get_pubkey(x509));
- /* current RSA key is 2048 bit (256 bytes) */
- AssertIntEQ(EVP_PKEY_size(pkey), 256);
- EVP_PKEY_free(pkey);
- #if defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
- cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
- SSL_FILETYPE_ASN1));
- #else
- AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile,
- SSL_FILETYPE_PEM));
- #endif
- pkey = X509_get_pubkey(ecX509);
- AssertNotNull(pkey);
- /* current ECC key is 256 bit (32 bytes) */
- AssertIntEQ(EVP_PKEY_size(pkey), 32);
- X509_free(ecX509);
- EVP_PKEY_free(pkey);
- #endif /* HAVE_ECC */
- }
- #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
- AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
- AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
- #endif
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- static void test_wolfSSL_ERR_peek_last_error_line(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
- !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- #ifndef SINGLE_THREADED
- THREAD_TYPE serverThread;
- #endif
- callback_functions client_cb;
- callback_functions server_cb;
- int line = 0;
- int flag = ERR_TXT_STRING;
- const char* file = NULL;
- const char* data = NULL;
- printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()");
- /* create a failed connection and inspect the error */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- InitTcpReady(&ready);
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- client_cb.method = wolfTLSv1_1_client_method;
- server_cb.method = wolfTLSv1_2_server_method;
- server_args.signal = &ready;
- server_args.callbacks = &server_cb;
- client_args.signal = &ready;
- client_args.callbacks = &client_cb;
- #ifndef SINGLE_THREADED
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- #endif
- FreeTcpReady(&ready);
- AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0);
- AssertNotNull(data);
- /* check clearing error state */
- ERR_remove_state(0);
- AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0);
- ERR_peek_last_error_line(NULL, &line);
- AssertIntEQ(line, 0);
- ERR_peek_last_error_line(&file, NULL);
- AssertNull(file);
- /* retry connection to fill error queue */
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- InitTcpReady(&ready);
- client_cb.method = wolfTLSv1_1_client_method;
- server_cb.method = wolfTLSv1_2_server_method;
- server_args.signal = &ready;
- server_args.callbacks = &server_cb;
- client_args.signal = &ready;
- client_args.callbacks = &client_cb;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- /* check that error code was stored */
- AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0);
- ERR_peek_last_error_line(NULL, &line);
- AssertIntNE(line, 0);
- ERR_peek_last_error_line(&file, NULL);
- AssertNotNull(file);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- printf(resultFmt, passed);
- printf("\nTesting error print out\n");
- ERR_print_errors_fp(stdout);
- printf("Done testing print out\n\n");
- fflush(stdout);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
- }
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- static int verify_cb(int ok, X509_STORE_CTX *ctx)
- {
- (void) ok;
- (void) ctx;
- printf("ENTER verify_cb\n");
- return SSL_SUCCESS;
- }
- #endif
- static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- #ifdef WOLFSSL_SIGNER_DER_CERT
- int cmp;
- #endif
- X509_STORE_CTX* ctx;
- X509_STORE* str;
- X509* x509Ca;
- X509* x509Svr;
- X509* issuer;
- X509_NAME* caName;
- X509_NAME* issuerName;
- printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_current_issuer()");
- AssertNotNull(ctx = X509_STORE_CTX_new());
- AssertNotNull((str = wolfSSL_X509_STORE_new()));
- AssertNotNull((x509Ca =
- wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
- AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
- AssertNotNull((x509Svr =
- wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
- AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
- AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
- issuer = X509_STORE_CTX_get0_current_issuer(ctx);
- AssertNotNull(issuer);
- caName = X509_get_subject_name(x509Ca);
- AssertNotNull(caName);
- issuerName = X509_get_subject_name(issuer);
- #ifdef WOLFSSL_SIGNER_DER_CERT
- AssertNotNull(issuerName);
- cmp = X509_NAME_cmp(caName, issuerName);
- AssertIntEQ(cmp, 0);
- #else
- /* X509_STORE_CTX_get0_current_issuer() returns empty issuer */
- AssertNull(issuerName);
- #endif
- X509_free(issuer);
- X509_STORE_CTX_free(ctx);
- X509_free(x509Svr);
- X509_STORE_free(str);
- X509_free(x509Ca);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_STORE_CTX(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509_STORE_CTX* ctx;
- X509_STORE* str;
- X509* x509;
- #ifdef OPENSSL_ALL
- X509* x5092;
- STACK_OF(X509) *sk, *sk2, *sk3;
- #endif
- printf(testingFmt, "wolfSSL_X509_STORE_CTX()");
- AssertNotNull(ctx = X509_STORE_CTX_new());
- AssertNotNull((str = wolfSSL_X509_STORE_new()));
- AssertNotNull((x509 =
- wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
- AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
- #ifdef OPENSSL_ALL
- /* sk_X509_new only in OPENSSL_ALL */
- sk = sk_X509_new();
- AssertNotNull(sk);
- AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
- #else
- AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
- #endif
- AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
- X509_STORE_CTX_set_error(ctx, -5);
- X509_STORE_CTX_set_error(NULL, -5);
- X509_STORE_CTX_free(ctx);
- X509_STORE_free(str);
- X509_free(x509);
- AssertNotNull(ctx = X509_STORE_CTX_new());
- X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
- X509_STORE_CTX_free(ctx);
- #ifdef OPENSSL_ALL
- /* test X509_STORE_CTX_get(1)_chain */
- AssertNotNull((x509 = X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM)));
- AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM)));
- AssertNotNull((sk = sk_X509_new()));
- AssertIntEQ(sk_X509_push(sk, x509), 1);
- AssertNotNull((str = X509_STORE_new()));
- AssertNotNull((ctx = X509_STORE_CTX_new()));
- AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
- AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
- AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
- AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
- AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
- AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
- AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
- X509_STORE_CTX_free(ctx);
- X509_STORE_free(str);
- /* CTX certs not freed yet */
- X509_free(x5092);
- /* sk2 freed as part of X509_STORE_CTX_free(), sk3 is dup so free here */
- sk_X509_free(sk3);
- #endif
- /* test X509_STORE_CTX_get/set_ex_data */
- {
- int i = 0, tmpData = 5;
- void* tmpDataRet;
- AssertNotNull(ctx = X509_STORE_CTX_new());
- #if defined(HAVE_EX_DATA) || defined(FORTRESS)
- for (i = 0; i < MAX_EX_DATA; i++) {
- AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
- WOLFSSL_SUCCESS);
- tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
- AssertNotNull(tmpDataRet);
- AssertIntEQ(tmpData, *(int*)tmpDataRet);
- }
- #else
- AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
- WOLFSSL_FAILURE);
- tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
- AssertNull(tmpDataRet);
- #endif
- X509_STORE_CTX_free(ctx);
- }
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- static void test_wolfSSL_X509_STORE_set_flags(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509_STORE* store;
- X509* x509;
- printf(testingFmt, "wolfSSL_X509_STORE_set_flags()");
- AssertNotNull((store = wolfSSL_X509_STORE_new()));
- AssertNotNull((x509 =
- wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)));
- AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);
- #ifdef HAVE_CRL
- AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS);
- #else
- AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
- NOT_COMPILED_IN);
- #endif
- wolfSSL_X509_free(x509);
- wolfSSL_X509_STORE_free(store);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- static void test_wolfSSL_X509_LOOKUP_load_file(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- WOLFSSL_X509_STORE* store;
- WOLFSSL_X509_LOOKUP* lookup;
- printf(testingFmt, "wolfSSL_X509_LOOKUP_load_file()");
- AssertNotNull(store = wolfSSL_X509_STORE_new());
- AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
- AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem",
- X509_FILETYPE_PEM), 1);
- AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
- X509_FILETYPE_PEM), 1);
- if (store) {
- AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
- WOLFSSL_FILETYPE_PEM), 1);
- AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
- WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
- }
- AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
- X509_FILETYPE_PEM), 1);
- if (store) {
- AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
- WOLFSSL_FILETYPE_PEM), 1);
- }
- wolfSSL_X509_STORE_free(store);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- static void test_wolfSSL_X509_STORE_CTX_set_time(void)
- {
- #if defined(OPENSSL_EXTRA)
- WOLFSSL_X509_STORE_CTX* ctx;
- time_t c_time;
- printf(testingFmt, "wolfSSL_X509_set_time()");
- AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
- c_time = 365*24*60*60;
- wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
- AssertTrue(
- (ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME);
- AssertTrue(ctx->param->check_time == c_time);
- wolfSSL_X509_STORE_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_get0_param(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- SSL_CTX* ctx;
- SSL* ssl;
- WOLFSSL_X509_VERIFY_PARAM* pParam;
- printf(testingFmt, "wolfSSL_get0_param()");
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- pParam = SSL_get0_param(ssl);
- (void)pParam;
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
- }
- static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
- {
- #if defined(OPENSSL_EXTRA)
- const char host[] = "www.example.com";
- WOLFSSL_X509_VERIFY_PARAM* pParam;
- printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()");
- AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
- sizeof(WOLFSSL_X509_VERIFY_PARAM),
- HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
- XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
- X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
- AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
- XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
- AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
- XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
- {
- #if defined(OPENSSL_EXTRA)
- X509_STORE* store;
- X509_STORE_CTX* ctx;
- X509_STORE_CTX* ctx_no_init;
- printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_store()");
- AssertNotNull((store = X509_STORE_new()));
- AssertNotNull(ctx = X509_STORE_CTX_new());
- AssertNotNull(ctx_no_init = X509_STORE_CTX_new());
- AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);
- AssertNull(X509_STORE_CTX_get0_store(NULL));
- /* should return NULL if ctx has not bee initialized */
- AssertNull(X509_STORE_CTX_get0_store(ctx_no_init));
- AssertNotNull(X509_STORE_CTX_get0_store(ctx));
- wolfSSL_X509_STORE_CTX_free(ctx);
- wolfSSL_X509_STORE_CTX_free(ctx_no_init);
- X509_STORE_free(store);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_CTX_set_client_CA_list(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx;
- X509_NAME* name = NULL;
- STACK_OF(X509_NAME)* names = NULL;
- STACK_OF(X509_NAME)* ca_list = NULL;
- int i, names_len;
- printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- names = SSL_load_client_CA_file(cliCertFile);
- AssertNotNull(names);
- SSL_CTX_set_client_CA_list(ctx,names);
- AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
- AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
- for (i=0; i<names_len; i++) {
- AssertNotNull(name = sk_X509_NAME_value(names, i));
- AssertIntEQ(sk_X509_NAME_find(names, name), i);
- }
- wolfSSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
- }
- static void test_wolfSSL_CTX_add_client_CA(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx;
- WOLFSSL_X509* x509;
- WOLFSSL_X509* x509_a;
- STACK_OF(X509_NAME)* ca_list;
- int ret = 0;
- printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- /* Add client cert */
- x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
- AssertNotNull(x509);
- ret = SSL_CTX_add_client_CA(ctx, x509);
- AssertIntEQ(ret, SSL_SUCCESS);
- AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
- /* Add another client cert */
- AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);
- X509_free(x509);
- X509_free(x509_a);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
- }
- static void test_wolfSSL_X509_NID(void)
- {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
- int sigType;
- int nameSz;
- X509* cert;
- EVP_PKEY* pubKeyTmp;
- X509_NAME* name;
- char commonName[80];
- char countryName[80];
- char localityName[80];
- char stateName[80];
- char orgName[80];
- char orgUnit[80];
- printf(testingFmt, "wolfSSL_X509_NID()");
- /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
- /* convert cert from DER to internal WOLFSSL_X509 struct */
- AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
- sizeof_client_cert_der_2048));
- /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
- /* extract PUBLIC KEY from cert */
- AssertNotNull(pubKeyTmp = X509_get_pubkey(cert));
- /* extract signatureType */
- AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
- /* extract subjectName info */
- AssertNotNull(name = X509_get_subject_name(cert));
- AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
- NULL, 0)), 0);
- AssertIntEQ(nameSz, 15);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
- commonName, sizeof(commonName))), 0);
- AssertIntEQ(nameSz, 15);
- AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
- commonName, 9)), 0);
- AssertIntEQ(nameSz, 8);
- AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
- countryName, sizeof(countryName))), 0);
- AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
- localityName, sizeof(localityName))), 0);
- AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
- stateName, sizeof(stateName))), 0);
- AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
- orgName, sizeof(orgName))), 0);
- AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
- AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
- orgUnit, sizeof(orgUnit))), 0);
- AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
- EVP_PKEY_free(pubKeyTmp);
- X509_free(cert);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_CTX_set_srp_username(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
- && !defined(NO_SHA256) && !defined(WC_NO_RNG)
- WOLFSSL_CTX* ctx;
- const char *username = "TESTUSER";
- const char *password = "TESTPASSWORD";
- int r;
- printf(testingFmt, "wolfSSL_CTX_set_srp_username()");
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
- AssertIntEQ(r,SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
- AssertIntEQ(r,SSL_SUCCESS);
- r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
- AssertIntEQ(r,SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
- /* && !NO_SHA256 && !WC_NO_RNG */
- }
- static void test_wolfSSL_CTX_set_srp_password(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
- && !defined(NO_SHA256) && !defined(WC_NO_RNG)
- WOLFSSL_CTX* ctx;
- const char *username = "TESTUSER";
- const char *password = "TESTPASSWORD";
- int r;
- printf(testingFmt, "wolfSSL_CTX_set_srp_password()");
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
- AssertIntEQ(r,SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
- AssertIntEQ(r,SSL_SUCCESS);
- r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
- AssertIntEQ(r,SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
- /* && !NO_SHA256 && !WC_NO_RNG */
- }
- static void test_wolfSSL_X509_STORE(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- X509_STORE *store;
- #ifdef HAVE_CRL
- X509_STORE_CTX *storeCtx;
- X509_CRL *crl;
- X509 *ca, *cert;
- const char crlPem[] = "./certs/crl/crl.revoked";
- const char srvCert[] = "./certs/server-revoked-cert.pem";
- const char caCert[] = "./certs/ca-cert.pem";
- XFILE fp;
- printf(testingFmt, "test_wolfSSL_X509_STORE");
- AssertNotNull(store = (X509_STORE *)X509_STORE_new());
- AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
- SSL_FILETYPE_PEM)));
- AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
- AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
- SSL_FILETYPE_PEM)));
- AssertNotNull((storeCtx = X509_STORE_CTX_new()));
- AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
- AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
- X509_STORE_free(store);
- X509_STORE_CTX_free(storeCtx);
- X509_free(cert);
- X509_free(ca);
- /* should fail to verify now after adding in CRL */
- AssertNotNull(store = (X509_STORE *)X509_STORE_new());
- AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
- SSL_FILETYPE_PEM)));
- AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
- fp = XFOPEN(crlPem, "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- XFCLOSE(fp);
- AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
- AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
- AssertNotNull((storeCtx = X509_STORE_CTX_new()));
- AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
- SSL_FILETYPE_PEM)));
- AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
- AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
- AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
- X509_CRL_free(crl);
- X509_STORE_free(store);
- X509_STORE_CTX_free(storeCtx);
- X509_free(cert);
- X509_free(ca);
- #endif /* HAVE_CRL */
- #ifndef WOLFCRYPT_ONLY
- {
- SSL_CTX* ctx;
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertNotNull(store = (X509_STORE *)X509_STORE_new());
- SSL_CTX_set_cert_store(ctx, store);
- AssertNotNull(store = (X509_STORE *)X509_STORE_new());
- SSL_CTX_set_cert_store(ctx, store);
- SSL_CTX_free(ctx);
- }
- #endif
- printf(resultFmt, passed);
- #endif
- return;
- }
- static void test_wolfSSL_X509_STORE_load_locations(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM)
- SSL_CTX *ctx;
- X509_STORE *store;
- const char ca_file[] = "./certs/ca-cert.pem";
- const char client_pem_file[] = "./certs/client-cert.pem";
- const char client_der_file[] = "./certs/client-cert.der";
- const char ecc_file[] = "./certs/ecc-key.pem";
- const char certs_path[] = "./certs/";
- const char bad_path[] = "./bad-path/";
- #ifdef HAVE_CRL
- const char crl_path[] = "./certs/crl/";
- const char crl_file[] = "./certs/crl/crl.pem";
- #endif
- printf(testingFmt, "wolfSSL_X509_STORE_load_locations");
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
- #endif
- AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
- AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS);
- /* Test bad arguments */
- AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE);
- #ifdef HAVE_CRL
- /* Test with CRL */
- AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS);
- AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS);
- #endif
- /* Test with CA */
- AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS);
- /* Test with client_cert and certs path */
- AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS);
- AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BN(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- BIGNUM* a;
- BIGNUM* b;
- BIGNUM* c;
- BIGNUM* d;
- ASN1_INTEGER* ai;
- unsigned char value[1];
- printf(testingFmt, "wolfSSL_BN()");
- AssertNotNull(b = BN_new());
- AssertNotNull(c = BN_new());
- AssertNotNull(d = BN_new());
- value[0] = 0x03;
- ai = ASN1_INTEGER_new();
- AssertNotNull(ai);
- /* at the moment hard setting since no set function */
- ai->data[0] = 0x02; /* tag for ASN_INTEGER */
- ai->data[1] = 0x01; /* length of integer */
- ai->data[2] = value[0];
- AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL));
- ASN1_INTEGER_free(ai);
- value[0] = 0x02;
- AssertNotNull(BN_bin2bn(value, sizeof(value), b));
- value[0] = 0x05;
- AssertNotNull(BN_bin2bn(value, sizeof(value), c));
- /* a^b mod c = */
- AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS);
- /* check result 3^2 mod 5 */
- value[0] = 0;
- AssertIntEQ(BN_bn2bin(d, value), sizeof(value));
- AssertIntEQ((int)(value[0]), 4);
- /* a*b mod c = */
- AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
- AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);
- /* check result 3*2 mod 5 */
- value[0] = 0;
- AssertIntEQ(BN_bn2bin(d, value), sizeof(value));
- AssertIntEQ((int)(value[0]), 1);
- /* BN_mod_inverse test */
- value[0] = 0;
- BIGNUM *r = BN_new();
- BIGNUM *val = BN_mod_inverse(r,b,c,NULL);
- AssertIntEQ(BN_bn2bin(r, value), 1);
- AssertIntEQ((int)(value[0] & 0x03), 3);
- BN_free(val);
- AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
- AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
- AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
- AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE);
- AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- {
- char* ret;
- AssertNotNull(ret = BN_bn2dec(c));
- AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
- XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- #endif
- AssertIntEQ(BN_get_word(c), 4);
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_clear_free(d);
- /* check that converting NULL and the null string returns an error */
- a = NULL;
- AssertIntLE(BN_hex2bn(&a, NULL), 0);
- AssertIntLE(BN_hex2bn(&a, ""), 0);
- AssertNull(a);
- /* check that getting a string and a bin of the same number are equal,
- * and that the comparison works EQ, LT and GT */
- AssertIntGT(BN_hex2bn(&a, "03"), 0);
- value[0] = 0x03;
- AssertNotNull(b = BN_new());
- AssertNotNull(BN_bin2bn(value, sizeof(value), b));
- value[0] = 0x04;
- AssertNotNull(c = BN_new());
- AssertNotNull(BN_bin2bn(value, sizeof(value), c));
- AssertIntEQ(BN_cmp(a, b), 0);
- AssertIntLT(BN_cmp(a, c), 0);
- AssertIntGT(BN_cmp(c, b), 0);
- AssertIntEQ(BN_set_word(a, 0), 1);
- AssertIntEQ(BN_is_zero(a), 1);
- AssertIntEQ(BN_set_bit(a, 0x45), 1);
- AssertIntEQ(BN_is_zero(a), 0);
- AssertIntEQ(BN_is_bit_set(a, 0x45), 1);
- AssertIntEQ(BN_clear_bit(a, 0x45), 1);
- AssertIntEQ(BN_is_bit_set(a, 0x45), 0);
- AssertIntEQ(BN_is_zero(a), 1);
- BN_free(a);
- BN_free(b);
- BN_free(c);
- #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
- {
- BIGNUM *ap;
- BIGNUM bv;
- BIGNUM cv;
- BIGNUM dv;
- AssertNotNull(ap = BN_new());
- BN_init(&bv);
- BN_init(&cv);
- BN_init(&dv);
- value[0] = 0x3;
- AssertNotNull(BN_bin2bn(value, sizeof(value), ap));
- value[0] = 0x02;
- AssertNotNull(BN_bin2bn(value, sizeof(value), &bv));
- value[0] = 0x05;
- AssertNotNull(BN_bin2bn(value, sizeof(value), &cv));
- /* a^b mod c = */
- AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
- /* check result 3^2 mod 5 */
- value[0] = 0;
- AssertIntEQ(BN_bn2bin(&dv, value), sizeof(value));
- AssertIntEQ((int)(value[0]), 4);
- /* a*b mod c = */
- AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
- AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
- /* check result 3*2 mod 5 */
- value[0] = 0;
- AssertIntEQ(BN_bn2bin(&dv, value), sizeof(value));
- AssertIntEQ((int)(value[0]), 1);
- BN_free(ap);
- }
- #endif
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- #define TEST_ARG 0x1234
- static void msg_cb(int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg)
- {
- (void)write_p;
- (void)version;
- (void)content_type;
- (void)buf;
- (void)len;
- (void)ssl;
- AssertTrue(arg == (void*)TEST_ARG);
- }
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
- !defined(NO_WOLFSSL_SERVER)
- #ifndef SINGLE_THREADED
- #if defined(SESSION_CERTS)
- #include "wolfssl/internal.h"
- #endif
- static int msgCb(SSL_CTX *ctx, SSL *ssl)
- {
- (void) ctx;
- (void) ssl;
- #ifdef WOLFSSL_QT
- STACK_OF(X509)* sk;
- X509* x509;
- int i, num;
- BIO* bio;
- #endif
- printf("\n===== msgcb called ====\n");
- #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
- AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
- AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 1);
- #endif
- #ifdef WOLFSSL_QT
- bio = BIO_new(BIO_s_file());
- BIO_set_fp(bio, stdout, BIO_NOCLOSE);
- sk = SSL_get_peer_cert_chain(ssl);
- AssertNotNull(sk);
- if (!sk) {
- BIO_free(bio);
- return SSL_FAILURE;
- }
- num = sk_X509_num(sk);
- AssertTrue(num > 0);
- for (i = 0; i < num; i++) {
- x509 = sk_X509_value(sk,i);
- AssertNotNull(x509);
- if (!x509)
- break;
- printf("Certificate at index [%d] = :\n",i);
- X509_print(bio,x509);
- printf("\n\n");
- }
- BIO_free(bio);
- #endif
- return SSL_SUCCESS;
- }
- #endif
- #endif
- static void test_wolfSSL_msgCb(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
- !defined(NO_WOLFSSL_SERVER)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- #ifndef SINGLE_THREADED
- THREAD_TYPE serverThread;
- #endif
- callback_functions client_cb;
- callback_functions server_cb;
- printf(testingFmt, "test_wolfSSL_msgCb");
- /* create a failed connection and inspect the error */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- InitTcpReady(&ready);
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- #ifndef WOLFSSL_NO_TLS12
- client_cb.method = wolfTLSv1_2_client_method;
- server_cb.method = wolfTLSv1_2_server_method;
- #else
- client_cb.method = wolfTLSv1_3_client_method;
- server_cb.method = wolfTLSv1_3_server_method;
- #endif
- server_args.signal = &ready;
- server_args.callbacks = &server_cb;
- client_args.signal = &ready;
- client_args.callbacks = &client_cb;
- client_args.return_code = TEST_FAIL;
- #ifndef SINGLE_THREADED
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, (void *)msgCb);
- join_thread(serverThread);
- #endif
- FreeTcpReady(&ready);
- #ifndef SINGLE_THREADED
- AssertTrue(client_args.return_code);
- AssertTrue(server_args.return_code);
- #endif
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_either_side(void)
- {
- #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
- !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- #ifndef SINGLE_THREADED
- THREAD_TYPE serverThread;
- #endif
- callback_functions client_cb;
- callback_functions server_cb;
- printf(testingFmt, "test_wolfSSL_either_side");
- /* create a failed connection and inspect the error */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- InitTcpReady(&ready);
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- /* Use same CTX for both client and server */
- client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
- AssertNotNull(client_cb.ctx);
- server_cb.ctx = client_cb.ctx;
- /* we are responsible for free'ing WOLFSSL_CTX */
- server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
- server_args.signal = &ready;
- server_args.callbacks = &server_cb;
- client_args.signal = &ready;
- client_args.callbacks = &client_cb;
- client_args.return_code = TEST_FAIL;
- #ifndef SINGLE_THREADED
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- #endif
- wolfSSL_CTX_free(client_cb.ctx);
- FreeTcpReady(&ready);
- #ifndef SINGLE_THREADED
- AssertTrue(client_args.return_code);
- AssertTrue(server_args.return_code);
- #endif
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_DTLS_either_side(void)
- {
- #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
- !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- defined(WOLFSSL_DTLS)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- #ifndef SINGLE_THREADED
- THREAD_TYPE serverThread;
- #endif
- callback_functions client_cb;
- callback_functions server_cb;
- printf(testingFmt, "test_wolfSSL_DTLS_either_side");
- /* create a failed connection and inspect the error */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- InitTcpReady(&ready);
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- /* Use same CTX for both client and server */
- client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
- AssertNotNull(client_cb.ctx);
- server_cb.ctx = client_cb.ctx;
- /* we are responsible for free'ing WOLFSSL_CTX */
- server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
- server_args.signal = &ready;
- server_args.callbacks = &server_cb;
- client_args.signal = &ready;
- client_args.callbacks = &client_cb;
- client_args.return_code = TEST_FAIL;
- #ifndef SINGLE_THREADED
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- #endif
- wolfSSL_CTX_free(client_cb.ctx);
- FreeTcpReady(&ready);
- #ifndef SINGLE_THREADED
- AssertTrue(client_args.return_code);
- AssertTrue(server_args.return_code);
- #endif
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_generate_cookie(void)
- {
- #if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA)
- SSL_CTX* ctx;
- SSL* ssl;
- byte buf[FOURK_BUF] = {0};
- printf(testingFmt, "test_generate_cookie");
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method()));
- AssertNotNull(ssl = SSL_new(ctx));
- /* Test unconnected */
- AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
- wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
- wolfSSL_SetCookieCtx(ssl, ctx);
- AssertNotNull(wolfSSL_GetCookieCtx(ssl));
- AssertNull(wolfSSL_GetCookieCtx(NULL));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_set_options(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- SSL* ssl;
- SSL_CTX* ctx;
- char appData[] = "extra msg";
- unsigned char protos[] = {
- 7, 't', 'l', 's', '/', '1', '.', '2',
- 8, 'h', 't', 't', 'p', '/', '1', '.', '1'
- };
- unsigned int len = sizeof(protos);
- void *arg = (void *)TEST_ARG;
- printf(testingFmt, "wolfSSL_set_options()");
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
- AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
- AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE |
- SSL_OP_NO_SSLv2)), 0);
- AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) &
- SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
- AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) &
- SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
- AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) &
- SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
- AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) &
- SSL_OP_NO_COMPRESSION));
- SSL_CTX_free(ctx);
- #ifndef NO_WOLFSSL_SERVER
- ctx = SSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #else
- ctx = SSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- #if defined(HAVE_EX_DATA) || defined(FORTRESS)
- AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_SUCCESS);
- AssertNotNull(SSL_get_app_data((const WOLFSSL*)ssl));
- if (ssl) {
- AssertIntEQ(XMEMCMP(SSL_get_app_data((const WOLFSSL*)ssl),
- appData, sizeof(appData)), 0);
- }
- #else
- AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_FAILURE);
- AssertNull(SSL_get_app_data((const WOLFSSL*)ssl));
- #endif
- AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
- AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1);
- AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE |
- WOLFSSL_OP_NO_SSLv2)), 0);
- AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) &
- SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
- AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) &
- SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
- AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
- SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
- AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
- SSL_OP_NO_COMPRESSION));
- AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS);
- SSL_set_msg_callback_arg(ssl, arg);
- AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- static void test_wolfSSL_sk_SSL_CIPHER(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- SSL* ssl;
- SSL_CTX* ctx;
- STACK_OF(SSL_CIPHER) *sk, *dup;
- printf(testingFmt, "wolfSSL_sk_SSL_CIPHER_*()");
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertNotNull(sk = SSL_get_ciphers(ssl));
- AssertNotNull(dup = sk_SSL_CIPHER_dup(sk));
- AssertIntGT(sk_SSL_CIPHER_num(sk), 0);
- AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dup));
- /* error case because connection has not been established yet */
- AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1);
- sk_SSL_CIPHER_free(dup);
- /* sk is pointer to internal struct that should be free'd in SSL_free */
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- /* Testing wolfSSL_set_tlsext_status_type function.
- * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
- */
- static void test_wolfSSL_set_tlsext_status_type(void){
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
- !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
- SSL* ssl;
- SSL_CTX* ctx;
- printf(testingFmt, "wolfSSL_set_tlsext_status_type()");
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertTrue(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp)
- == SSL_SUCCESS);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
- }
- static void test_wolfSSL_PEM_read_bio(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- byte buff[6000];
- XFILE f;
- int bytes;
- X509* x509;
- BIO* bio = NULL;
- BUF_MEM* buf;
- printf(testingFmt, "wolfSSL_PEM_read_bio()");
- f = XFOPEN(cliCertFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
- XFCLOSE(f);
- AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
- AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
- AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
- AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1);
- AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1);
- AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1);
- AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf));
- BIO_free(bio);
- BUF_MEM_free(buf);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- #if defined(OPENSSL_EXTRA)
- static long bioCallback(BIO *bio, int cmd, const char* argp, int argi,
- long argl, long ret)
- {
- (void)bio;
- (void)cmd;
- (void)argp;
- (void)argi;
- (void)argl;
- return ret;
- }
- #endif
- static void test_wolfSSL_BIO(void)
- {
- #if defined(OPENSSL_EXTRA)
- const unsigned char* p;
- byte buff[20];
- BIO* bio1;
- BIO* bio2;
- BIO* bio3;
- char* bufPt;
- int i;
- printf(testingFmt, "wolfSSL_BIO()");
- for (i = 0; i < 20; i++) {
- buff[i] = i;
- }
- /* Creating and testing type BIO_s_bio */
- AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
- AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
- AssertNotNull(bio3 = BIO_new(BIO_s_bio()));
- /* read/write before set up */
- AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET);
- AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);
- AssertIntEQ(BIO_set_nbio(bio1, 1), 1);
- AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
- AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS);
- AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
- XMEMCPY(bufPt, buff, 10);
- AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10);
- /* write buffer full */
- AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
- AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
- AssertIntEQ((int)BIO_ctrl_pending(bio1), 0);
- /* write the other direction with pair */
- AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
- XMEMCPY(bufPt, buff, 8);
- AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);
- /* try read */
- AssertIntEQ((int)BIO_ctrl_pending(bio1), 8);
- AssertIntEQ((int)BIO_ctrl_pending(bio2), 20);
- /* try read using ctrl function */
- AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
- AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
- AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
- AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);
- AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
- for (i = 0; i < 20; i++) {
- AssertIntEQ((int)bufPt[i], i);
- }
- AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
- AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
- for (i = 0; i < 8; i++) {
- AssertIntEQ((int)bufPt[i], i);
- }
- AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
- AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
- /* new pair */
- AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
- BIO_free(bio2); /* free bio2 and automatically remove from pair */
- AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
- AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
- AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);
- /* test wrap around... */
- AssertIntEQ(BIO_reset(bio1), 0);
- AssertIntEQ(BIO_reset(bio3), 0);
- /* fill write buffer, read only small amount then write again */
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
- XMEMCPY(bufPt, buff, 20);
- AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
- for (i = 0; i < 4; i++) {
- AssertIntEQ(bufPt[i], i);
- }
- /* try writing over read index */
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4);
- XMEMSET(bufPt, 0, 4);
- AssertIntEQ((int)BIO_ctrl_pending(bio3), 20);
- /* read and write 0 bytes */
- AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0);
- /* should read only to end of write buffer then need to read again */
- AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
- for (i = 0; i < 16; i++) {
- AssertIntEQ(bufPt[i], buff[4 + i]);
- }
- AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
- AssertIntEQ(BIO_nread0(bio3, &bufPt), 4);
- for (i = 0; i < 4; i++) {
- AssertIntEQ(bufPt[i], 0);
- }
- /* read index should not have advanced with nread0 */
- AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4);
- for (i = 0; i < 4; i++) {
- AssertIntEQ(bufPt[i], 0);
- }
- /* write and fill up buffer checking reset of index state */
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
- XMEMCPY(bufPt, buff, 20);
- /* test reset on data in bio1 write buffer */
- AssertIntEQ(BIO_reset(bio1), 0);
- AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
- AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
- AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
- AssertNotNull(p);
- XMEMCPY(bufPt, buff, 20);
- AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
- for (i = 0; i < 6; i++) {
- AssertIntEQ(bufPt[i], i);
- }
- /* test case of writing twice with offset read index */
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3);
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
- AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
- AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1);
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1);
- AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
- BIO_free(bio1);
- BIO_free(bio3);
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
- {
- BIO* bioA = NULL;
- BIO* bioB = NULL;
- AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
- AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
- BIO_free(bioA);
- bioA = NULL;
- BIO_free(bioB);
- bioB = NULL;
- }
- #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
- /* BIOs with file pointers */
- #if !defined(NO_FILESYSTEM)
- {
- XFILE f1;
- XFILE f2;
- BIO* f_bio1;
- BIO* f_bio2;
- unsigned char cert[300];
- char testFile[] = "tests/bio_write_test.txt";
- char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n";
- AssertNotNull(f_bio1 = BIO_new(BIO_s_file()));
- AssertNotNull(f_bio2 = BIO_new(BIO_s_file()));
- AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
- AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0);
- f1 = XFOPEN(svrCertFile, "rwb");
- AssertTrue((f1 != XBADFILE));
- AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
- AssertIntEQ(BIO_write_filename(f_bio2, testFile),
- WOLFSSL_SUCCESS);
- AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
- AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg));
- AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert));
- AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
- AssertIntEQ(BIO_reset(f_bio2), 0);
- AssertIntEQ(BIO_seek(f_bio2, 4), 0);
- BIO_free(f_bio1);
- BIO_free(f_bio2);
- AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
- AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
- AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
- BIO_free(f_bio1);
- }
- #endif /* !defined(NO_FILESYSTEM) */
- /* BIO info callback */
- {
- const char* testArg = "test";
- BIO* cb_bio;
- AssertNotNull(cb_bio = BIO_new(BIO_s_mem()));
- BIO_set_callback(cb_bio, bioCallback);
- AssertNotNull(BIO_get_callback(cb_bio));
- BIO_set_callback(cb_bio, NULL);
- AssertNull(BIO_get_callback(cb_bio));
- BIO_set_callback_arg(cb_bio, (char*)testArg);
- AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg);
- AssertNull(BIO_get_callback_arg(NULL));
- BIO_free(cb_bio);
- }
- /* BIO_vfree */
- AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
- BIO_vfree(NULL);
- BIO_vfree(bio1);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_STRING(void)
- {
- #if defined(OPENSSL_EXTRA)
- ASN1_STRING* str = NULL;
- const char data[] = "hello wolfSSL";
- printf(testingFmt, "wolfSSL_ASN1_STRING()");
- AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
- AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
- AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
- AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
- ASN1_STRING_free(str);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_BIT_STRING(void)
- {
- #ifdef OPENSSL_ALL
- ASN1_BIT_STRING* str;
- printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()");
- AssertNotNull(str = ASN1_BIT_STRING_new());
- AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
- AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
- AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
- AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
- AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
- AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
- ASN1_BIT_STRING_free(str);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_DES_ecb_encrypt(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
- WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
- WOLFSSL_DES_key_schedule key;
- printf(testingFmt, "wolfSSL_DES_ecb_encrypt()");
- XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
- XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
- XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
- XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
- XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
- XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
- XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
- /* Encrypt messages */
- wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);
- /* Decrypt messages */
- int ret1 = 0;
- int ret2 = 0;
- wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
- ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
- AssertIntEQ(ret1,0);
- wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
- ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
- AssertIntEQ(ret2,0);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_TIME_adj(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
- && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
- const int year = 365*24*60*60;
- const int day = 24*60*60;
- const int hour = 60*60;
- const int mini = 60;
- const byte asn_utc_time = ASN_UTC_TIME;
- #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
- const byte asn_gen_time = ASN_GENERALIZED_TIME;
- #endif
- WOLFSSL_ASN1_TIME *asn_time, *s;
- int offset_day;
- long offset_sec;
- char date_str[CTC_DATE_SIZE + 1];
- time_t t;
- printf(testingFmt, "wolfSSL_ASN1_TIME_adj()");
- s = wolfSSL_ASN1_TIME_new();
- /* UTC notation test */
- /* 2000/2/15 20:30:00 */
- t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
- offset_day = 7;
- offset_sec = 45 * mini;
- /* offset_sec = -45 * min;*/
- asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
- AssertTrue(asn_time->type == asn_utc_time);
- XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
- date_str[CTC_DATE_SIZE] = '\0';
- AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
- /* negative offset */
- offset_sec = -45 * mini;
- asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
- AssertTrue(asn_time->type == asn_utc_time);
- XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
- date_str[CTC_DATE_SIZE] = '\0';
- AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
- XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
- XMEMSET(date_str, 0, sizeof(date_str));
- /* Generalized time will overflow time_t if not long */
- #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
- s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
- DYNAMIC_TYPE_OPENSSL);
- /* GeneralizedTime notation test */
- /* 2055/03/01 09:00:00 */
- t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
- offset_day = 12;
- offset_sec = 10 * mini;
- asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
- AssertTrue(asn_time->type == asn_gen_time);
- XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
- date_str[CTC_DATE_SIZE] = '\0';
- AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
- XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
- XMEMSET(date_str, 0, sizeof(date_str));
- #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
- /* if WOLFSSL_ASN1_TIME struct is not allocated */
- s = NULL;
- t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
- offset_day = 7;
- offset_sec = 45 * mini;
- asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
- AssertTrue(asn_time->type == asn_utc_time);
- XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
- date_str[CTC_DATE_SIZE] = '\0';
- AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
- XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
- asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
- AssertTrue(asn_time->type == asn_utc_time);
- XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
- date_str[CTC_DATE_SIZE] = '\0';
- AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
- XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_cmp_time(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
- && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
- WOLFSSL_ASN1_TIME asn_time;
- time_t t;
- printf(testingFmt, "wolfSSL_X509_cmp_time()");
- AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
- XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
- AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
- asn_time.type = ASN_UTC_TIME;
- asn_time.length = ASN_UTC_TIME_SIZE;
- XMEMCPY(&asn_time.data, "000222211515Z", 13);
- AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_time_adj(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
- !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
- defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
- !defined(NO_ASN_TIME)
- X509* x509;
- time_t t, not_before, not_after;
- printf(testingFmt, "wolfSSL_X509_time_adj()");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
- client_cert_der_2048, sizeof_client_cert_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- t = 0;
- not_before = XTIME(0);
- not_after = XTIME(0) + (60 * 24 * 30); /* 30 days after */
- AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
- AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\
- && !defined(NO_RSA)
- X509* x509;
- BIO* bio;
- X509_STORE_CTX* ctx;
- X509_STORE* store;
- char der[] = "certs/ca-cert.der";
- XFILE fp;
- printf(testingFmt, "wolfSSL_X509()");
- AssertNotNull(x509 = X509_new());
- X509_free(x509);
- x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
- AssertNotNull(ctx = X509_STORE_CTX_new());
- AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
- AssertNotNull(store = X509_STORE_new());
- AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
- AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
- AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
- X509_STORE_CTX_free(ctx);
- X509_STORE_free(store);
- X509_free(x509);
- BIO_free(bio);
- /** d2i_X509_fp test **/
- fp = XFOPEN(der, "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
- AssertNotNull(x509);
- X509_free(x509);
- XFCLOSE(fp);
- fp = XFOPEN(der, "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
- AssertNotNull(x509);
- X509_free(x509);
- XFCLOSE(fp);
- /* X509_up_ref test */
- AssertIntEQ(X509_up_ref(NULL), 0);
- AssertNotNull(x509 = X509_new()); /* refCount = 1 */
- AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */
- AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */
- X509_free(x509); /* refCount = 2 */
- X509_free(x509); /* refCount = 1 */
- X509_free(x509); /* refCount = 0, free */
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_get_ext_count(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
- int ret = 0;
- WOLFSSL_X509* x509;
- const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
- FILE* f;
- printf(testingFmt, "wolfSSL_X509_get_ext_count()");
- /* NULL parameter check */
- AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM));
- AssertIntEQ(X509_get_ext_count(x509), 5);
- wolfSSL_X509_free(x509);
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile,
- SSL_FILETYPE_PEM));
- AssertIntEQ(X509_get_ext_count(x509), 5);
- wolfSSL_X509_free(x509);
- AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- fclose(f);
- printf(testingFmt, "wolfSSL_X509_get_ext_count() valid input");
- AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
- printf(resultFmt, ret == 4 ? passed : failed);
- printf(testingFmt, "wolfSSL_X509_get_ext_count() NULL argument");
- AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
- printf(resultFmt, ret == WOLFSSL_FAILURE ? passed : failed);
- wolfSSL_X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_sign(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- int ret;
- X509_NAME *name;
- X509 *x509;
- EVP_PKEY *pub;
- EVP_PKEY *priv;
- #if defined(USE_CERT_BUFFERS_1024)
- const unsigned char* rsaPriv = client_key_der_1024;
- const unsigned char* rsaPub = client_keypub_der_1024;
- long clientKeySz = (long)sizeof_client_key_der_1024;
- long clientPubKeySz = (long)sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- const unsigned char* rsaPriv = client_key_der_2048;
- const unsigned char* rsaPub = client_keypub_der_2048;
- long clientKeySz = (long)sizeof_client_key_der_2048;
- long clientPubKeySz = (long)sizeof_client_keypub_der_2048;
- #endif
- byte sn[16];
- int snSz = sizeof(sn);
- printf(testingFmt, "wolfSSL_X509_sign\n");
- /* Set X509_NAME fields */
- AssertNotNull(name = X509_NAME_new());
- AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS);
- /* Get private and public keys */
- AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
- clientKeySz));
- AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
- AssertNotNull(x509 = X509_new());
- /* Set version 3 */
- AssertIntNE(X509_set_version(x509, 2L), 0);
- /* Set subject name, add pubkey, and sign certificate */
- AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
- AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
- #ifdef WOLFSSL_ALT_NAMES
- /* Add some subject alt names */
- AssertIntNE(wolfSSL_X509_add_altname(NULL,
- "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
- AssertIntEQ(wolfSSL_X509_add_altname(x509,
- NULL, ASN_DNS_TYPE), SSL_SUCCESS);
- AssertIntEQ(wolfSSL_X509_add_altname(x509,
- "sphygmomanometer",
- ASN_DNS_TYPE), SSL_SUCCESS);
- AssertIntEQ(wolfSSL_X509_add_altname(x509,
- "supercalifragilisticexpialidocious",
- ASN_DNS_TYPE), SSL_SUCCESS);
- AssertIntEQ(wolfSSL_X509_add_altname(x509,
- "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
- ASN_DNS_TYPE), SSL_SUCCESS);
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- {
- unsigned char ip_type[] = {127,0,0,1};
- AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip_type,
- sizeof(ip_type), ASN_IP_TYPE), SSL_SUCCESS);
- }
- #endif
- #endif /* WOLFSSL_ALT_NAMES */
- /* test valid sign case */
- ret = X509_sign(x509, priv, EVP_sha256());
- #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
- AssertIntEQ(X509_get_ext_count(x509), 1);
- #endif
- #if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
- AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
- #endif
- AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz),
- WOLFSSL_SUCCESS);
- #if 0
- /* example for writing to file */
- XFILE tmpFile = XFOPEN("./signed.der", "wb");
- if (tmpFile) {
- int derSz = 0;
- const byte* der = wolfSSL_X509_get_der(x509, &derSz);
- XFWRITE(der, 1, derSz, tmpFile);
- }
- XFCLOSE(tmpFile);
- #endif
-
- /* Variation in size depends on ASN.1 encoding when MSB is set */
- #ifndef WOLFSSL_ALT_NAMES
- /* Valid case - size should be 798-797 with 16 byte serial number */
- AssertTrue((ret == 781 + snSz) || (ret == 782 + snSz));
- #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- /* Valid case - size should be 935-936 with 16 byte serial number */
- AssertTrue((ret == 919 + snSz) || (ret == 920 + snSz));
- #else
- /* Valid case - size should be 926-927 with 16 byte serial number */
- AssertTrue((ret == 910 + snSz) || (ret == 911 + snSz));
- #endif
- /* Test invalid parameters */
- AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
- AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
- AssertIntEQ(X509_sign(x509, priv, NULL), 0);
- /* test invalid version number */
- #if defined(OPENSSL_ALL)
- AssertIntNE(X509_set_version(x509, 6L), 0);
- AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
- /* uses ParseCert which fails on bad version number */
- AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
- #endif
- X509_NAME_free(name);
- EVP_PKEY_free(priv);
- EVP_PKEY_free(pub);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_get0_tbs_sigalg(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
- X509* x509 = NULL;
- const X509_ALGOR* alg;
- printf(testingFmt, "wolfSSL_X509_get0_tbs_sigalg");
- AssertNotNull(x509 = X509_new());
- AssertNull(alg = X509_get0_tbs_sigalg(NULL));
- AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_ALGOR_get0(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256)
- X509* x509 = NULL;
- const ASN1_OBJECT* obj = NULL;
- const X509_ALGOR* alg;
- int pptype = 0;
- const void *ppval = NULL;
- printf(testingFmt, "wolfSSL_X509_ALGOR_get0");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
- /* Invalid case */
- X509_ALGOR_get0(&obj, NULL, NULL, NULL);
- AssertNull(obj);
- /* Valid case */
- X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
- AssertNotNull(obj);
- AssertNotNull(ppval);
- AssertIntNE(pptype, 0);
- /* Make sure NID of X509_ALGOR is Sha256 with RSA */
- AssertIntEQ(OBJ_obj2nid(obj), CTC_SHA256wRSA);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_VERIFY_PARAM(void)
- {
- #if defined(OPENSSL_EXTRA)
- WOLFSSL_X509_VERIFY_PARAM *param;
- int ret;
- char testIPv4[] = "127.0.0.1";
- char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
- printf(testingFmt, "wolfSSL_X509()");
- /* Initializer function is not ported */
- /* param = wolfSSL_X509_VERIFY_PARAM_new(); */
- param = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
- sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL);
- AssertNotNull(param);
- XMEMSET(param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM ));
- wolfSSL_X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);
- wolfSSL_X509_VERIFY_PARAM_set_hostflags(param, 0x01);
- AssertIntEQ(0x01, param->hostFlags);
- ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4);
- AssertIntEQ(0, ret);
- ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, testIPv4);
- AssertIntEQ(1, ret);
- AssertIntEQ(0, XSTRNCMP(param->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
- ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, NULL);
- AssertIntEQ(1, ret);
- ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, testIPv6);
- AssertIntEQ(1, ret);
- AssertIntEQ(0, XSTRNCMP(param->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
- XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_get_X509_PUBKEY(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
- X509* x509 = NULL;
- X509_PUBKEY* pubKey;
- printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");
- AssertNotNull(x509 = X509_new());
- AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL));
- AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509));
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_PUBKEY(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256)
- X509* x509 = NULL;
- ASN1_OBJECT* obj = NULL;
- X509_PUBKEY* pubKey;
- X509_PUBKEY* pubKey2;
- EVP_PKEY* evpKey;
- const unsigned char *pk;
- int ppklen;
- WOLFSSL_X509_ALGOR *pa;
- printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");
- AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
- AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
- AssertNotNull(pk);
- AssertNotNull(pa);
- AssertNotNull(pubKey);
- AssertIntGT(ppklen, 0);
- AssertIntEQ(OBJ_obj2nid(obj), RSAk);
- AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
- AssertNotNull(pubKey2 = X509_PUBKEY_new());
- AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
- X509_PUBKEY_free(pubKey2);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_RAND(void)
- {
- #if defined(OPENSSL_EXTRA)
- byte seed[16];
- printf(testingFmt, "wolfSSL_RAND()");
- RAND_seed(seed, sizeof(seed));
- AssertIntEQ(RAND_poll(), 1);
- RAND_cleanup();
- AssertIntEQ(RAND_egd(NULL), -1);
- #ifndef NO_FILESYSTEM
- {
- char fname[100];
- AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1)));
- AssertIntEQ(RAND_write_file(NULL), 0);
- }
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BUF(void)
- {
- #if defined(OPENSSL_EXTRA)
- BUF_MEM* buf;
- AssertNotNull(buf = BUF_MEM_new());
- AssertIntEQ(BUF_MEM_grow(buf, 10), 10);
- AssertIntEQ(BUF_MEM_grow(buf, -1), 0);
- BUF_MEM_free(buf);
- #endif /* OPENSSL_EXTRA */
- }
- static void test_wolfSSL_pseudo_rand(void)
- {
- #if defined(OPENSSL_EXTRA)
- BIGNUM* bn;
- unsigned char bin[8];
- int i;
- printf(testingFmt, "wolfSSL_pseudo_rand()");
- /* BN_pseudo_rand returns 1 on success 0 on failure
- * int BN_pseudo_rand(BIGNUM* bn, int bits, int top, int bottom) */
- for (i = 0; i < 10; i++) {
- AssertNotNull(bn = BN_new());
- AssertIntEQ(BN_pseudo_rand(bn, 8, 0, 0), SSL_SUCCESS);
- AssertIntGT(BN_bn2bin(bn, bin),0);
- AssertIntEQ((bin[0] & 0x80), 0x80); /* top bit should be set */
- BN_free(bn);
- }
- for (i = 0; i < 10; i++) {
- AssertNotNull(bn = BN_new());
- AssertIntEQ(BN_pseudo_rand(bn, 8, 1, 1), SSL_SUCCESS);
- AssertIntGT(BN_bn2bin(bn, bin),0);
- AssertIntEQ((bin[0] & 0xc1), 0xc1); /* top bit should be set */
- BN_free(bn);
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_PKCS8_Compat(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
- PKCS8_PRIV_KEY_INFO* pt;
- BIO* bio;
- XFILE f;
- int bytes;
- char pkcs8_buffer[512];
- printf(testingFmt, "wolfSSL_pkcs8()");
- /* file from wolfssl/certs/ directory */
- f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb");
- AssertTrue(f != XBADFILE);
- AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0);
- XFCLOSE(f);
- AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
- AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
- BIO_free(bio);
- PKCS8_PRIV_KEY_INFO_free(pt);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_PKCS8_d2i(void)
- {
- #ifndef HAVE_FIPS
- /* This test ends up using HMAC as a part of PBKDF2, and HMAC
- * requires a 12 byte password in FIPS mode. This test ends up
- * trying to use an 8 byte password. */
- #ifdef OPENSSL_ALL
- WOLFSSL_EVP_PKEY* pkey = NULL;
- #ifndef NO_FILESYSTEM
- unsigned char pkcs8_buffer[2048];
- const unsigned char* p;
- int bytes;
- XFILE file;
- BIO* bio;
- WOLFSSL_EVP_PKEY* evpPkey = NULL;
- #endif
- #ifndef NO_RSA
- #ifndef NO_FILESYSTEM
- const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
- const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
- #ifndef NO_DES3
- const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
- #endif
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* rsa = (unsigned char*)server_key_der_1024;
- int rsaSz = sizeof_server_key_der_1024;
- #else
- const unsigned char* rsa = (unsigned char*)server_key_der_2048;
- int rsaSz = sizeof_server_key_der_2048;
- #endif
- #endif
- #ifdef HAVE_ECC
- const unsigned char* ec = (unsigned char*)ecc_key_der_256;
- int ecSz = sizeof_ecc_key_der_256;
- #ifndef NO_FILESYSTEM
- const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
- const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
- #ifndef NO_DES3
- const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
- #endif
- #endif
- #endif
- #ifndef NO_FILESYSTEM
- (void)pkcs8_buffer;
- (void)p;
- (void)bytes;
- (void)file;
- (void)bio;
- #endif
- #ifndef NO_RSA
- /* Try to auto-detect normal RSA private key */
- AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
- wolfSSL_EVP_PKEY_free(pkey);
- #endif
- #ifdef HAVE_ECC
- /* Try to auto-detect normal EC private key */
- AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
- wolfSSL_EVP_PKEY_free(pkey);
- #endif
- #ifndef NO_FILESYSTEM
- #ifndef NO_RSA
- /* Get DER encoded RSA PKCS#8 data. */
- file = XFOPEN(rsaDerPkcs8File, "rb");
- AssertTrue(file != XBADFILE);
- AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- XFCLOSE(file);
- p = pkcs8_buffer;
- /* Try to decode - auto-detect key type. */
- AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
- /* Get PEM encoded RSA PKCS#8 data. */
- file = XFOPEN(rsaPemPkcs8File, "rb");
- AssertTrue(file != XBADFILE);
- AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- XFCLOSE(file);
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write PKCS#8 PEM to BIO. */
- AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
- NULL), bytes);
- /* Compare file and written data */
- AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes);
- AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
- BIO_free(bio);
- #ifndef NO_DES3
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write Encrypted PKCS#8 PEM to BIO. */
- bytes = 1834;
- AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
- NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
- AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- wolfSSL_EVP_PKEY_free(evpPkey);
- BIO_free(bio);
- #endif
- wolfSSL_EVP_PKEY_free(pkey);
- /* PKCS#8 encrypted RSA key */
- #ifndef NO_DES3
- file = XFOPEN(rsaDerPkcs8EncFile, "rb");
- AssertTrue(file != XBADFILE);
- AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- XFCLOSE(file);
- AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
- AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- wolfSSL_EVP_PKEY_free(pkey);
- BIO_free(bio);
- #endif
- #endif
- #ifdef HAVE_ECC
- /* PKCS#8 encode EC key */
- file = XFOPEN(ecDerPkcs8File, "rb");
- AssertTrue(file != XBADFILE);
- AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- XFCLOSE(file);
- p = pkcs8_buffer;
- /* Try to decode - auto-detect key type. */
- AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
- /* Get PEM encoded RSA PKCS#8 data. */
- file = XFOPEN(ecPemPkcs8File, "rb");
- AssertTrue(file != XBADFILE);
- AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- XFCLOSE(file);
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write PKCS#8 PEM to BIO. */
- AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
- NULL), bytes);
- /* Compare file and written data */
- AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes);
- AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
- BIO_free(bio);
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write Encrypted PKCS#8 PEM to BIO. */
- bytes = 379;
- AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
- NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
- AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- wolfSSL_EVP_PKEY_free(evpPkey);
- BIO_free(bio);
- wolfSSL_EVP_PKEY_free(pkey);
- /* PKCS#8 encrypted EC key */
- #ifndef NO_DES3
- file = XFOPEN(ecDerPkcs8EncFile, "rb");
- AssertTrue(file != XBADFILE);
- AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- XFCLOSE(file);
- AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
- AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- wolfSSL_EVP_PKEY_free(pkey);
- BIO_free(bio);
- #endif
- #endif
- #endif
- printf(resultFmt, passed);
- #endif
- #endif /* HAVE_FIPS */
- }
- static void test_wolfSSL_ERR_put_error(void)
- {
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL)
- const char* file;
- int line;
- printf(testingFmt, "wolfSSL_ERR_put_error()");
- ERR_clear_error(); /* clear out any error nodes */
- ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
- AssertIntEQ(ERR_get_error_line(&file, &line), 0);
- ERR_put_error(0,SYS_F_BIND, 1, "this file", 1);
- AssertIntEQ(ERR_get_error_line(&file, &line), 1);
- ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2);
- AssertIntEQ(ERR_get_error_line(&file, &line), 2);
- ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3);
- AssertIntEQ(ERR_get_error_line(&file, &line), 3);
- ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4);
- AssertIntEQ(ERR_get_error_line(&file, &line), 4);
- ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5);
- AssertIntEQ(ERR_get_error_line(&file, &line), 5);
- ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6);
- AssertIntEQ(ERR_get_error_line(&file, &line), 6);
- ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7);
- AssertIntEQ(ERR_get_error_line(&file, &line), 7);
- ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8);
- AssertIntEQ(ERR_get_error_line(&file, &line), 8);
- ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9);
- AssertIntEQ(ERR_get_error_line(&file, &line), 9);
- ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10);
- AssertIntEQ(ERR_get_error_line(&file, &line), 10);
- ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11);
- AssertIntEQ(ERR_get_error_line(&file, &line), 11);
- ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12);
- AssertIntEQ(ERR_get_error_line(&file, &line), 12);
- ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13);
- AssertIntEQ(ERR_get_error_line(&file, &line), 13);
- ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14);
- AssertIntEQ(ERR_get_error_line(&file, &line), 14);
- ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15);
- AssertIntEQ(ERR_get_error_line(&file, &line), 15);
- /* try reading past end of error queue */
- file = NULL;
- AssertIntEQ(ERR_get_error_line(&file, &line), 0);
- AssertNull(file);
- AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
- PEMerr(4,4);
- AssertIntEQ(ERR_get_error(), 4);
- /* Empty and free up all error nodes */
- ERR_clear_error();
- /* Verify all nodes are cleared */
- ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
- ERR_clear_error();
- AssertIntEQ(ERR_get_error_line(&file, &line), 0);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ERR_print_errors(void)
- {
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL)
- BIO* bio;
- char buf[1024];
- printf(testingFmt, "wolfSSL_ERR_print_errors()");
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- ERR_clear_error(); /* clear out any error nodes */
- ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
- /* Choosing -295 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */
- ERR_put_error(0,SYS_F_BIND, -295, "asn.c", 100);
- ERR_print_errors(bio);
- AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
- AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
- buf, 55), 0);
- AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
- AssertIntEQ(XSTRNCMP("error:295:wolfSSL library:unknown error number:asn.c:100",
- buf, 56), 0);
- AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
- AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL)
- static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
- {
- wolfSSL_BIO_write((BIO*)u, str, (int)len);
- return 0;
- }
- #endif
- static void test_wolfSSL_ERR_print_errors_cb(void)
- {
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL)
- BIO* bio;
- char buf[1024];
- printf(testingFmt, "wolfSSL_ERR_print_errors_cb()");
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- ERR_clear_error(); /* clear out any error nodes */
- ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
- ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
- ERR_print_errors_cb(test_wolfSSL_error_cb, bio);
- AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108);
- AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c",
- buf, 53), 0);
- AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c",
- buf + 53, 55), 0);
- AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- /*
- * Testing WOLFSSL_ERROR_MSG
- */
- static int test_WOLFSSL_ERROR_MSG (void)
- {
- int ret = 0;
- #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
- defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
- const char* msg = "Everyone gets Friday off.";
- printf(testingFmt, "WOLFSSL_ERROR_MSG()");
- WOLFSSL_ERROR_MSG(msg);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/*End test_WOLFSSL_ERROR_MSG*/
- /*
- * Testing wc_ERR_remove_state
- */
- static int test_wc_ERR_remove_state (void)
- {
- int ret = 0;
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- printf(testingFmt, "wc_ERR_remove_state()");
- wc_ERR_remove_state();
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/*End test_wc_ERR_remove_state*/
- /*
- * Testing wc_ERR_print_errors_fp
- */
- static int test_wc_ERR_print_errors_fp (void)
- {
- int ret = 0;
- #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \
- (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM))
- long sz;
- printf(testingFmt, "wc_ERR_print_errors_fp()");
- WOLFSSL_ERROR(BAD_FUNC_ARG);
- XFILE fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar");
- wc_ERR_print_errors_fp(fp);
- #if defined(DEBUG_WOLFSSL)
- AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0);
- sz = XFTELL(fp);
- if (sz == 0) {
- ret = BAD_FUNC_ARG;
- }
- #endif
- printf(resultFmt, ret == 0 ? passed : failed);
- XFCLOSE(fp);
- (void)sz;
- #endif
- return ret;
- }/*End test_wc_ERR_print_errors_fp*/
- #ifdef DEBUG_WOLFSSL
- static void Logging_cb(const int logLevel, const char *const logMessage)
- {
- (void)logLevel;
- (void)logMessage;
- }
- #endif
- /*
- * Testing wolfSSL_GetLoggingCb
- */
- static int test_wolfSSL_GetLoggingCb (void)
- {
- int ret = 0;
- #ifdef DEBUG_WOLFSSL
- printf(testingFmt, "wolfSSL_GetLoggingCb()");
- /* Testing without wolfSSL_SetLoggingCb() */
- if (ret == 0) {
- if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */
- ret = 0;
- }
- if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */
- ret = -1;
- }
- }
- /* Testing with wolfSSL_SetLoggingCb() */
- if (ret == 0) {
- ret = wolfSSL_SetLoggingCb(Logging_cb);
- if (ret == 0){
- if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */
- ret = -1;
- }
- if (ret == 0) {
- if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */
- ret = 0;
- }
- }
- /* reset logging callback */
- wolfSSL_SetLoggingCb(NULL);
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/*End test_wolfSSL_GetLoggingCb*/
- static void test_wolfSSL_HMAC(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
- HMAC_CTX* hmac;
- ENGINE* e = NULL;
- const unsigned char key[] = "simple test key";
- unsigned char hash[WC_MAX_DIGEST_SIZE];
- unsigned int len;
- printf(testingFmt, "wolfSSL_HMAC()");
- AssertNotNull(hmac = HMAC_CTX_new());
- HMAC_CTX_init(hmac);
- AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key),
- EVP_sha256(), e), SSL_SUCCESS);
- /* re-using test key as data to hash */
- AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
- AssertIntEQ(len, (int)WC_SHA256_DIGEST_SIZE);
- AssertIntEQ(HMAC_size(hmac), WC_SHA256_DIGEST_SIZE);
- HMAC_cleanup(hmac);
- HMAC_CTX_free(hmac);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
- len = 0;
- AssertNotNull(HMAC(EVP_sha256(), key, (int)sizeof(key), NULL, 0, hash, &len));
- AssertIntEQ(len, (int)WC_SHA256_DIGEST_SIZE);
- #endif
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224)
- len = 0;
- AssertNotNull(HMAC(EVP_sha224(), key, (int)sizeof(key), NULL, 0, hash, &len));
- AssertIntEQ(len, (int)WC_SHA224_DIGEST_SIZE);
- #endif
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA384)
- len = 0;
- AssertNotNull(HMAC(EVP_sha384(), key, (int)sizeof(key), NULL, 0, hash, &len));
- AssertIntEQ(len, (int)WC_SHA384_DIGEST_SIZE);
- #endif
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
- len = 0;
- AssertNotNull(HMAC(EVP_sha512(), key, (int)sizeof(key), NULL, 0, hash, &len));
- AssertIntEQ(len, (int)WC_SHA512_DIGEST_SIZE);
- #endif
- printf(resultFmt, passed);
- }
- static void test_wolfSSL_OBJ(void)
- {
- /* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
- * mode
- */
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
- !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
- defined(WOLFSSL_CERT_GEN)
- ASN1_OBJECT *obj = NULL;
- char buf[50];
- XFILE fp;
- X509 *x509 = NULL;
- X509_NAME *x509Name;
- X509_NAME_ENTRY *x509NameEntry;
- ASN1_OBJECT *asn1Name = NULL;
- int numNames;
- BIO *bio = NULL;
- int nid;
- int i, j;
- const char *f[] = {
- #ifndef NO_RSA
- "./certs/ca-cert.der",
- #endif
- #ifdef HAVE_ECC
- "./certs/ca-ecc-cert.der",
- "./certs/ca-ecc384-cert.der",
- #endif
- NULL};
- ASN1_OBJECT *field_name_obj = NULL;
- int lastpos = -1;
- int tmp = -1;
- ASN1_STRING *asn1 = NULL;
- unsigned char *buf_dyn = NULL;
- PKCS12 *p12;
- int boolRet;
- EVP_PKEY *pkey = NULL;
- const char *p12_f[] = {
- #if !defined(NO_DES3) && !defined(NO_RSA)
- "./certs/test-servercert.p12",
- #endif
- NULL};
- printf(testingFmt, "wolfSSL_OBJ()");
- AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
- AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
- AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy);
- AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
- AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
- ASN1_OBJECT_free(obj);
- AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
- AssertIntEQ(OBJ_obj2nid(obj), NID_sha256);
- AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22);
- #ifdef WOLFSSL_CERT_EXT
- AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
- #endif
- AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
- ASN1_OBJECT_free(obj);
- for (i = 0; f[i] != NULL; i++)
- {
- AssertTrue((fp = XFOPEN(f[i], "r")) != XBADFILE);
- AssertNotNull(x509 = d2i_X509_fp(fp, NULL));
- XFCLOSE(fp);
- AssertNotNull(x509Name = X509_get_issuer_name(x509));
- AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
- /* Get the Common Name by using OBJ_txt2obj */
- AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
- do
- {
- lastpos = tmp;
- tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
- } while (tmp > -1);
- AssertIntNE(lastpos, -1);
- ASN1_OBJECT_free(field_name_obj);
- AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
- AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
- AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
- /*
- * All Common Names should be www.wolfssl.com
- * This makes testing easier as we can test for the expected value.
- */
- AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
- OPENSSL_free(buf_dyn);
- bio = BIO_new(BIO_s_mem());
- AssertTrue(bio != NULL);
- for (j = 0; j < numNames; j++)
- {
- AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
- AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
- AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
- }
- BIO_free(bio);
- ASN1_OBJECT_free(asn1Name);
- X509_free(x509);
- }
- for (i = 0; p12_f[i] != NULL; i++)
- {
- AssertTrue((fp = XFOPEN(p12_f[i], "r")) != XBADFILE);
- AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
- XFCLOSE(fp);
- AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0);
- wc_PKCS12_free(p12);
- EVP_PKEY_free(pkey);
- x509Name = X509_get_issuer_name(x509);
- AssertNotNull(x509Name);
- AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
- AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
- for (j = 0; j < numNames; j++)
- {
- AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
- AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
- AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
- }
- BIO_free(bio);
- ASN1_OBJECT_free(asn1Name);
- X509_free(x509);
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_i2a_ASN1_OBJECT(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_OBJECT *obj = NULL;
- BIO *bio = NULL;
- AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
- AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
- AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
- AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
- AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
- BIO_free(bio);
- ASN1_OBJECT_free(obj);
- #endif
- }
- static void test_wolfSSL_OBJ_cmp(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
- ASN1_OBJECT *obj = NULL;
- ASN1_OBJECT *obj2 = NULL;
- printf(testingFmt, "wolfSSL_OBJ_cmp()");
- AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
- AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256));
- AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(OBJ_cmp(obj, obj), 0);
- AssertIntEQ(OBJ_cmp(obj2, obj2), 0);
- ASN1_OBJECT_free(obj);
- ASN1_OBJECT_free(obj2);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_OBJ_txt2nid(void)
- {
- #if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD)
- int i;
- static const struct {
- const char* sn;
- const char* ln;
- const char* oid;
- int nid;
- } testVals[] = {
- { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature },
- { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7",
- NID_id_on_dnsSRV },
- { "msUPN", "Microsoft User Principal Name",
- "1.3.6.1.4.1.311.20.2.3", NID_ms_upn },
- { NULL, NULL, NULL, NID_undef }
- };
- printf(testingFmt, "wolfSSL_OBJ_txt2nid()");
- /* Invalid cases */
- AssertIntEQ(OBJ_txt2nid(NULL), NID_undef);
- AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef);
- /* Valid cases */
- for (i = 0; testVals[i].sn != NULL; i++) {
- AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid);
- AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid);
- AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid);
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_OBJ_txt2obj(void)
- {
- #if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
- int i;
- char buf[50];
- ASN1_OBJECT* obj;
- static const struct {
- const char* oidStr;
- const char* sn;
- const char* ln;
- } objs_list[] = {
- #if defined(WOLFSSL_APACHE_HTTPD)
- { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" },
- { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" },
- #endif
- { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"},
- { NULL, NULL, NULL }
- };
- printf(testingFmt, "wolfSSL_OBJ_txt2obj()");
- AssertNull(obj = OBJ_txt2obj("Bad name", 0));
- AssertNull(obj = OBJ_txt2obj(NULL, 0));
- for (i = 0; objs_list[i].oidStr != NULL; i++) {
- /* Test numerical value of oid (oidStr) */
- AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1));
- /* Convert object back to text to confirm oid is correct */
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
- AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
- ASN1_OBJECT_free(obj);
- XMEMSET(buf, 0, sizeof(buf));
- /* Test short name (sn) */
- AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1));
- AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0));
- /* Convert object back to text to confirm oid is correct */
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
- AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
- ASN1_OBJECT_free(obj);
- XMEMSET(buf, 0, sizeof(buf));
- /* Test long name (ln) - should fail when no_name = 1 */
- AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1));
- AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0));
- /* Convert object back to text to confirm oid is correct */
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
- AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
- ASN1_OBJECT_free(obj);
- XMEMSET(buf, 0, sizeof(buf));
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_NAME_ENTRY(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
- X509* x509;
- BIO* bio;
- X509_NAME* nm;
- X509_NAME_ENTRY* entry;
- unsigned char cn[] = "another name to add";
- printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()");
- AssertNotNull(x509 =
- wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
- #ifdef WOLFSSL_CERT_REQ
- {
- X509_REQ* req;
- BIO* bReq;
- AssertNotNull(req =
- wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
- AssertNotNull(bReq = BIO_new(BIO_s_mem()));
- AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
- BIO_free(bReq);
- X509_free(req);
- }
- #endif
- AssertNotNull(nm = X509_get_subject_name(x509));
- /* Test add entry */
- AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName,
- 0x0c, cn, (int)sizeof(cn)));
- AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
- #ifdef WOLFSSL_CERT_EXT
- AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1,
- 1), WOLFSSL_SUCCESS);
- #endif
- X509_NAME_ENTRY_free(entry);
- /* Test add entry by text */
- AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
- 0x0c, cn, (int)sizeof(cn)));
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
- || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
- AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
- V_ASN1_UTF8STRING, cn, (int)sizeof(cn)));
- #endif
- AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
- X509_NAME_ENTRY_free(entry);
- /* Test add entry by NID */
- AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
- cn, -1, -1, 0), WOLFSSL_SUCCESS);
- BIO_free(bio);
- X509_free(x509); /* free's nm */
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_set_name(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- X509* x509;
- X509_NAME* name;
- printf(testingFmt, "wolfSSL_X509_set_name()");
- AssertNotNull(name = X509_NAME_new());
- AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, 0, 1),
- WOLFSSL_SUCCESS);
- AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1,
- 1), WOLFSSL_SUCCESS);
- AssertNotNull(x509 = X509_new());
- AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
- AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
- AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- X509_free(x509);
- X509_NAME_free(name);
- printf(resultFmt, passed);
- #endif /* OPENSSL_ALL && !NO_CERTS */
- }
- static void test_wolfSSL_X509_set_notAfter(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
- && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
- !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
- !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
- /* Generalized time will overflow time_t if not long */
- X509* x;
- BIO* bio;
- ASN1_TIME *asn_time, *time_check;
- const int year = 365*24*60*60;
- const int day = 24*60*60;
- const int hour = 60*60;
- const int mini = 60;
- int offset_day;
- unsigned char buf[25];
- time_t t;
- printf(testingFmt, "wolfSSL_X509_set_notAfter()");
- /*
- * Setup asn_time. APACHE HTTPD uses time(NULL)
- */
- t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
- offset_day = 7;
- /*
- * Free these.
- */
- asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
- AssertNotNull(asn_time);
- AssertNotNull(x = X509_new());
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- /*
- * Tests
- */
- AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time));
- /* time_check is simply (ANS1_TIME*)x->notAfter */
- AssertNotNull(time_check = X509_get_notAfter(x));
- /* ANS1_TIME_check validates by checking if argument can be parsed */
- AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
- /* Convert to human readable format and compare to intended date */
- AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
- AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
- /*
- * Cleanup
- */
- XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
- X509_free(x);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_set_notBefore(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
- && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
- !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- X509* x;
- BIO* bio;
- ASN1_TIME *asn_time, *time_check;
- const int year = 365*24*60*60;
- const int day = 24*60*60;
- const int hour = 60*60;
- const int mini = 60;
- int offset_day;
- unsigned char buf[25];
- time_t t;
- printf(testingFmt, "wolfSSL_X509_set_notBefore()");
- /*
- * Setup asn_time. APACHE HTTPD uses time(NULL)
- */
- t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
- offset_day = 7;
- /*
- * Free these.
- */
- asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
- AssertNotNull(asn_time);
- AssertNotNull(x = X509_new());
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);
- /*
- * Main Tests
- */
- AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time));
- /* time_check == (ANS1_TIME*)x->notBefore */
- AssertNotNull(time_check = X509_get_notBefore(x));
- /* ANS1_TIME_check validates by checking if argument can be parsed */
- AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
- /* Convert to human readable format and compare to intended date */
- AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
- AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
- /*
- * Cleanup
- */
- XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
- X509_free(x);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_set_version(void)
- {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
- !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- X509* x509;
- long v = 2L;
- long max = INT_MAX;
- AssertNotNull(x509 = X509_new());
- /* These should pass. */
- AssertTrue(wolfSSL_X509_set_version(x509, v));
- AssertIntEQ(v, wolfSSL_X509_get_version(x509));
- /* Fail Case: When v(long) is greater than x509->version(int). */
- v = max+1;
- AssertFalse(wolfSSL_X509_set_version(x509, v));
- /* Cleanup */
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BIO_gets(void)
- {
- #if defined(OPENSSL_EXTRA)
- BIO* bio;
- BIO* bio2;
- char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
- char emp[] = "";
- char bio_buffer[20];
- int bufferSz = 20;
- printf(testingFmt, "wolfSSL_BIO_gets()");
- /* try with bad args */
- AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
- /* try with real msg */
- AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
- XMEMSET(bio_buffer, 0, bufferSz);
- AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
- AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
- AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
- AssertFalse(bio2 != BIO_next(bio));
- /* make buffer filled with no terminating characters */
- XMEMSET(bio_buffer, 1, bufferSz);
- /* BIO_gets reads a line of data */
- AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
- AssertStrEQ(bio_buffer, "hello wolfSSL\n");
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
- AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
- /* check not null terminated string */
- BIO_free(bio);
- msg[0] = 0x33;
- msg[1] = 0x33;
- msg[2] = 0x33;
- AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
- AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
- AssertIntEQ(bio_buffer[0], msg[0]);
- AssertIntEQ(bio_buffer[1], msg[1]);
- AssertIntNE(bio_buffer[2], msg[2]);
- BIO_free(bio);
- msg[3] = 0x33;
- bio_buffer[3] = 0x33;
- AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
- AssertIntEQ(bio_buffer[0], msg[0]);
- AssertIntEQ(bio_buffer[1], msg[1]);
- AssertIntEQ(bio_buffer[2], msg[2]);
- AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
- /* check reading an empty string */
- BIO_free(bio);
- AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
- AssertStrEQ(emp, bio_buffer);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
- /* check error cases */
- BIO_free(bio);
- AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
- #if !defined(NO_FILESYSTEM)
- {
- BIO* f_bio;
- XFILE f;
- AssertNotNull(f_bio = BIO_new(BIO_s_file()));
- AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
- f = XFOPEN(svrCertFile, "rb");
- AssertTrue((f != XBADFILE));
- AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
- AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
- BIO_free(f_bio);
- }
- #endif /* NO_FILESYSTEM */
- BIO_free(bio);
- BIO_free(bio2);
- /* try with type BIO */
- XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
- sizeof(msg));
- AssertNotNull(bio = BIO_new(BIO_s_bio()));
- AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
- AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
- AssertIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS);
- AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
- AssertIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS);
- AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
- AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
- AssertStrEQ(bio_buffer, "hello wolfSSL\n");
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
- AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
- BIO_free(bio);
- BIO_free(bio2);
- /* check reading an empty string */
- AssertNotNull(bio = BIO_new(BIO_s_bio()));
- AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
- AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
- AssertStrEQ(emp, bio_buffer);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BIO_puts(void)
- {
- #if defined(OPENSSL_EXTRA)
- BIO* bio;
- char input[] = "hello\0world\n.....ok\n\0";
- char output[128];
- printf(testingFmt, "wolfSSL_BIO_puts()");
- XMEMSET(output, 0, sizeof(output));
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(BIO_puts(bio, input), 5);
- AssertIntEQ(BIO_pending(bio), 5);
- AssertIntEQ(BIO_puts(bio, input + 6), 14);
- AssertIntEQ(BIO_pending(bio), 19);
- AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
- AssertStrEQ(output, "helloworld\n");
- AssertIntEQ(BIO_pending(bio), 8);
- AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
- AssertStrEQ(output, ".....ok\n");
- AssertIntEQ(BIO_pending(bio), 0);
- AssertIntEQ(BIO_puts(bio, ""), -1);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
- {
- (void)ssl;
- (void)buf;
- (void)sz;
- (void)ctx;
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- #endif
- static void test_wolfSSL_BIO_should_retry(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- tcp_ready ready;
- func_args server_args;
- THREAD_TYPE serverThread;
- SOCKET_T sockfd = 0;
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int msgSz = (int)XSTRLEN(msg);
- int ret;
- BIO* bio;
- printf(testingFmt, "wolfSSL_BIO_should_retry()");
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
- /* force retry */
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- wolfSSL_SSLSetIORecv(ssl, forceWantRead);
- AssertNotNull(bio = BIO_new(BIO_f_ssl()));
- BIO_set_ssl(bio, ssl, BIO_CLOSE);
- AssertIntLE(BIO_write(bio, msg, msgSz), 0);
- AssertIntNE(BIO_should_retry(bio), 0);
- /* now perform successful connection */
- wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
- AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz);
- BIO_read(bio, reply, sizeof(reply));
- ret = wolfSSL_get_error(ssl, -1);
- if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
- AssertIntNE(BIO_should_retry(bio), 0);
- }
- else {
- AssertIntEQ(BIO_should_retry(bio), 0);
- }
- AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
- XSTRLEN("I hear you fa shizzle!")), 0);
- BIO_free(bio);
- wolfSSL_CTX_free(ctx);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BIO_write(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
- BIO* bio;
- BIO* bio64;
- BIO* ptr;
- int sz;
- char msg[] = "conversion test";
- char out[40];
- char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
- BUF_MEM* buf = NULL;
- printf(testingFmt, "wolfSSL_BIO_write()");
- AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
- AssertNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem())));
- /* now should convert to base64 then write to memory */
- AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
- BIO_flush(bio);
- /* test BIO chain */
- AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
- AssertNotNull(buf);
- AssertIntEQ(buf->length, 25);
- AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25);
- AssertIntEQ(XMEMCMP(out, expected, sz), 0);
- /* write then read should return the same message */
- AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- AssertIntEQ(BIO_read(bio, out, sz), 16);
- AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
- /* now try encoding with no line ending */
- BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
- #ifdef HAVE_EX_DATA
- BIO_set_ex_data(bio64, 0, (void*) "data");
- AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
- #endif
- AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
- BIO_flush(bio);
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24);
- AssertIntEQ(XMEMCMP(out, expected, sz), 0);
- BIO_free_all(bio); /* frees bio64 also */
- /* test with more than one bio64 in list */
- AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
- AssertNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64));
- AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem())));
- /* now should convert to base64 when stored and then decode with read */
- AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
- BIO_flush(bio);
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- AssertIntEQ((sz = BIO_read(bio, out, sz)), 16);
- AssertIntEQ(XMEMCMP(out, msg, sz), 0);
- BIO_clear_flags(bio64, ~0);
- BIO_set_retry_read(bio);
- BIO_free_all(bio); /* frees bio64s also */
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BIO_printf(void)
- {
- #if defined(OPENSSL_ALL)
- BIO* bio;
- int sz = 7;
- char msg[] = "TLS 1.3 for the world";
- char out[60];
- char expected[] = "TLS 1.3 for the world : sz = 7";
- printf(testingFmt, "wolfSSL_BIO_printf()");
- XMEMSET(out, 0, sizeof(out));
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
- AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30);
- AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BIO_f_md(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_SHA256)
- BIO *bio, *mem;
- char msg[] = "message to hash";
- char out[60];
- EVP_MD_CTX* ctx;
- const unsigned char testKey[] =
- {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
- };
- const char testData[] = "Hi There";
- const unsigned char testResult[] =
- {
- 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
- 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
- 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
- 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
- };
- const unsigned char expectedHash[] =
- {
- 0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
- 0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
- 0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
- 0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
- };
- const unsigned char emptyHash[] =
- {
- 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
- 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
- 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
- 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
- };
- unsigned char check[sizeof(testResult) + 1];
- size_t checkSz = -1;
- EVP_PKEY* key;
- printf(testingFmt, "wolfSSL_BIO_f_md()");
- XMEMSET(out, 0, sizeof(out));
- AssertNotNull(bio = BIO_new(BIO_f_md()));
- AssertNotNull(mem = BIO_new(BIO_s_mem()));
- AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
- AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
- /* should not be able to write/read yet since just digest wrapper and no
- * data is passing through the bio */
- AssertIntEQ(BIO_write(bio, msg, 0), 0);
- AssertIntEQ(BIO_pending(bio), 0);
- AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0);
- AssertIntEQ(BIO_gets(bio, out, 3), 0);
- AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
- AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0);
- BIO_reset(bio);
- /* append BIO mem to bio in order to read/write */
- AssertNotNull(bio = BIO_push(bio, mem));
- XMEMSET(out, 0, sizeof(out));
- AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
- AssertIntEQ(BIO_pending(bio), 16);
- /* this just reads the message and does not hash it (gets calls final) */
- AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16);
- AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
- /* create a message digest using BIO */
- XMEMSET(out, 0, sizeof(out));
- AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
- AssertIntEQ(BIO_pending(mem), 16);
- AssertIntEQ(BIO_pending(bio), 16);
- AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
- AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0);
- BIO_free(bio);
- BIO_free(mem);
- /* test with HMAC */
- XMEMSET(out, 0, sizeof(out));
- AssertNotNull(bio = BIO_new(BIO_f_md()));
- AssertNotNull(mem = BIO_new(BIO_s_mem()));
- BIO_get_md_ctx(bio, &ctx);
- AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- testKey, (int)sizeof(testKey)));
- EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
- AssertNotNull(bio = BIO_push(bio, mem));
- BIO_write(bio, testData, (int)strlen(testData));
- EVP_DigestSignFinal(ctx, NULL, &checkSz);
- EVP_DigestSignFinal(ctx, check, &checkSz);
- AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
- EVP_PKEY_free(key);
- BIO_free(bio);
- BIO_free(mem);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_SESSION(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
- WOLFSSL* ssl;
- WOLFSSL_CTX* ctx;
- WOLFSSL_SESSION* sess;
- WOLFSSL_SESSION* sess_copy;
- unsigned char* sessDer = NULL;
- unsigned char* ptr = NULL;
- #ifdef OPENSSL_EXTRA
- const unsigned char context[] = "user app context";
- unsigned int contextSz = (unsigned int)sizeof(context);
- #endif
- int ret, err, sockfd, sz;
- tcp_ready ready;
- func_args server_args;
- THREAD_TYPE serverThread;
- char msg[80];
- printf(testingFmt, "wolfSSL_SESSION()");
- /* TLS v1.3 requires session tickets */
- /* CHACHA and POLY1305 required for myTicketEncCb */
- #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
- !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
- defined(HAVE_POLY1305)))
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- /* client connection */
- ssl = wolfSSL_new(ctx);
- tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
- AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), SSL_SUCCESS);
- err = 0; /* Reset error */
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_connect(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != SSL_SUCCESS && err == WC_PENDING_E);
- AssertIntEQ(ret, SSL_SUCCESS);
- AssertIntEQ(wolfSSL_write(ssl, "GET", 3), 3);
- AssertIntEQ(wolfSSL_read(ssl, msg, sizeof(msg)), 23);
- sess = wolfSSL_get_session(ssl);
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
- {
- X509 *x509;
- char buf[30];
- int bufSz;
- AssertNotNull(x509 = SSL_SESSION_get0_peer(sess));
- AssertIntGT((bufSz = X509_NAME_get_text_by_NID(
- X509_get_subject_name(x509), NID_organizationalUnitName,
- buf, sizeof(buf))), 0);
- AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/
- if (bufSz == 7) {
- AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0);
- }
- if (bufSz == 16) {
- AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0);
- }
- }
- #endif
- AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
- wolfSSL_SESSION_free(sess_copy);
- /* get session from DER and update the timeout */
- AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
- AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
- wolfSSL_SESSION_free(sess);
- ptr = sessDer;
- AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz));
- AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL,
- (const unsigned char**)&ptr, sz));
- XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL);
- AssertIntGT(wolfSSL_SESSION_get_time(sess), 0);
- AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
- /* successful set session test */
- AssertNotNull(ssl = wolfSSL_new(ctx));
- AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_SUCCESS);
- #ifdef HAVE_SESSION_TICKET
- /* Test set/get session ticket */
- {
- const char* ticket = "This is a session ticket";
- char buf[64] = {0};
- word32 bufSz = (word32)sizeof(buf);
- AssertIntEQ(SSL_SUCCESS,
- wolfSSL_set_SessionTicket(ssl, (byte *)ticket, (word32)XSTRLEN(ticket)));
- AssertIntEQ(SSL_SUCCESS,
- wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
- AssertStrEQ(ticket, buf);
- }
- #endif
- #ifdef OPENSSL_EXTRA
- /* fail case with miss match session context IDs (use compatibility API) */
- AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
- SSL_SUCCESS);
- AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
- wolfSSL_free(ssl);
- AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
- SSL_FAILURE);
- AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
- SSL_SUCCESS);
- AssertNotNull(ssl = wolfSSL_new(ctx));
- AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
- #endif
- wolfSSL_free(ssl);
- SSL_SESSION_free(sess);
- wolfSSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_d2i_PUBKEY(void)
- {
- #if defined(OPENSSL_EXTRA)
- BIO* bio;
- EVP_PKEY* pkey;
- printf(testingFmt, "wolfSSL_d2i_PUBKEY()");
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertNull(d2i_PUBKEY_bio(NULL, NULL));
- #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
- /* RSA PUBKEY test */
- AssertIntGT(BIO_write(bio, client_keypub_der_2048,
- sizeof_client_keypub_der_2048), 0);
- AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
- EVP_PKEY_free(pkey);
- #endif
- #if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC)
- /* ECC PUBKEY test */
- AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256,
- sizeof_ecc_clikeypub_der_256), 0);
- AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
- EVP_PKEY_free(pkey);
- #endif
- BIO_free(bio);
- (void)pkey;
- printf(resultFmt, passed);
- #endif
- }
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
- static void test_wolfSSL_d2i_PrivateKeys_bio(void)
- {
- BIO* bio = NULL;
- EVP_PKEY* pkey = NULL;
- #ifndef NO_RSA
- #endif
- WOLFSSL_CTX* ctx;
- #if defined(WOLFSSL_KEY_GEN)
- unsigned char buff[4096];
- unsigned char* bufPtr = buff;
- #endif
- printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()");
- /* test creating new EVP_PKEY with bad arg */
- AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));
- /* test loading RSA key using BIO */
- #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- {
- XFILE file;
- const char* fname = "./certs/server-key.der";
- size_t sz;
- byte* buf;
- file = XFOPEN(fname, "rb");
- AssertTrue((file != XBADFILE));
- AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- sz = XFTELL(file);
- XREWIND(file);
- AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
- AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
- XFCLOSE(file);
- /* Test using BIO new mem and loading DER private key */
- AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
- XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- /* test loading ECC key using BIO */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- XFILE file;
- const char* fname = "./certs/ecc-key.der";
- size_t sz;
- byte* buf;
- file = XFOPEN(fname, "rb");
- AssertTrue((file != XBADFILE));
- AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- sz = XFTELL(file);
- XREWIND(file);
- AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
- AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
- XFCLOSE(file);
- /* Test using BIO new mem and loading DER private key */
- AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
- XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- #ifndef NO_WOLFSSL_SERVER
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(NO_RSA) && !defined(HAVE_USER_RSA)
- {
- RSA* rsa = NULL;
- /* Tests bad parameters */
- AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
- /* RSA not set yet, expecting to fail*/
- AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
- #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
- /* set RSA using bio*/
- AssertIntGT(BIO_write(bio, client_key_der_2048,
- sizeof_client_key_der_2048), 0);
- AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));
- AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
- /*i2d RSAprivate key tests */
- AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
- AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
- sizeof_client_key_der_2048);
- bufPtr = NULL;
- AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
- sizeof_client_key_der_2048);
- AssertNotNull(bufPtr);
- XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
- RSA_free(rsa);
- }
- #endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
- SSL_CTX_free(ctx);
- ctx = NULL;
- BIO_free(bio);
- bio = NULL;
- printf(resultFmt, passed);
- }
- #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
- static void test_wolfSSL_sk_GENERAL_NAME(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA)
- X509* x509;
- GENERAL_NAME* gn;
- unsigned char buf[4096];
- const unsigned char* bufPt;
- int bytes, i;
- XFILE f;
- STACK_OF(GENERAL_NAME)* sk;
- printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");
- f = XFOPEN(cliCertDerFileExt, "rb");
- AssertTrue((f != XBADFILE));
- AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
- XFCLOSE(f);
- bufPt = buf;
- AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
- AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
- NID_subject_alt_name, NULL, NULL));
- AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
- for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
- AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));
- switch (gn->type) {
- case GEN_DNS:
- printf("found type GEN_DNS\n");
- break;
- case GEN_EMAIL:
- printf("found type GEN_EMAIL\n");
- break;
- case GEN_URI:
- printf("found type GEN_URI\n");
- break;
- }
- }
- X509_free(x509);
- sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_MD4(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
- MD4_CTX md4;
- unsigned char out[16]; /* MD4_DIGEST_SIZE */
- const char* msg = "12345678901234567890123456789012345678901234567890123456"
- "789012345678901234567890";
- const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
- "\xcc\x05\x36";
- int msgSz = (int)XSTRLEN(msg);
- printf(testingFmt, "wolfSSL_MD4()");
- XMEMSET(out, 0, sizeof(out));
- MD4_Init(&md4);
- MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
- MD4_Final(out, &md4);
- AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_RSA(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
- defined(WOLFSSL_KEY_GEN)
- RSA* rsa;
- const BIGNUM *n;
- const BIGNUM *e;
- const BIGNUM *d;
- printf(testingFmt, "wolfSSL_RSA()");
- AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- AssertIntEQ(RSA_size(rsa), 256);
- RSA_get0_key(rsa, &n, &e, &d);
- AssertPtrEq(rsa->n, n);
- AssertPtrEq(rsa->e, e);
- AssertPtrEq(rsa->d, d);
- AssertNotNull(n = BN_new());
- AssertNotNull(e = BN_new());
- AssertNotNull(d = BN_new());
- AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
- AssertPtrEq(rsa->n, n);
- AssertPtrEq(rsa->e, e);
- AssertPtrEq(rsa->d, d);
- RSA_free(rsa);
- #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
- AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
- AssertIntEQ(RSA_size(rsa), 384);
- RSA_free(rsa);
- #endif
- /* remove for now with odd key size until adjusting rsa key size check with
- wc_MakeRsaKey()
- AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
- RSA_free(rsa);
- */
- AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
- AssertNull(RSA_generate_key(511, 3, NULL, NULL)); /* RSA_MIN_SIZE - 1 */
- AssertNull(RSA_generate_key(4097, 3, NULL, NULL)); /* RSA_MAX_SIZE + 1 */
- AssertNull(RSA_generate_key(2048, 0, NULL, NULL));
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
- {
- byte buff[FOURK_BUF];
- byte der[FOURK_BUF];
- const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
- XFILE f;
- int bytes;
- /* test loading encrypted RSA private pem w/o password */
- f = XFOPEN(PrivKeyPemFile, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
- XFCLOSE(f);
- XMEMSET(der, 0, sizeof(der));
- /* test that error value is returned with no password */
- AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
- }
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_RSA_DER(void)
- {
- #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
- RSA *rsa;
- int i;
- const unsigned char *buff = NULL;
- struct tbl_s
- {
- const unsigned char *der;
- int sz;
- } tbl[] = {
- #ifdef USE_CERT_BUFFERS_1024
- {client_key_der_1024, sizeof_client_key_der_1024},
- {server_key_der_1024, sizeof_server_key_der_1024},
- #endif
- #ifdef USE_CERT_BUFFERS_2048
- {client_key_der_2048, sizeof_client_key_der_2048},
- {server_key_der_2048, sizeof_server_key_der_2048},
- #endif
- {NULL, 0}
- };
- /* Public Key DER */
- struct tbl_s pub[] = {
- #ifdef USE_CERT_BUFFERS_1024
- {client_keypub_der_1024, sizeof_client_keypub_der_1024},
- #endif
- #ifdef USE_CERT_BUFFERS_2048
- {client_keypub_der_2048, sizeof_client_keypub_der_2048},
- #endif
- {NULL, 0}
- };
- printf(testingFmt, "test_wolfSSL_RSA_DER()");
- for (i = 0; tbl[i].der != NULL; i++)
- {
- AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz));
- AssertNotNull(rsa);
- RSA_free(rsa);
- }
- for (i = 0; tbl[i].der != NULL; i++)
- {
- AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz));
- AssertNotNull(rsa);
- RSA_free(rsa);
- }
- for (i = 0; pub[i].der != NULL; i++)
- {
- AssertNotNull(d2i_RSAPublicKey(&rsa, &pub[i].der, pub[i].sz));
- AssertNotNull(rsa);
- AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
- buff = NULL;
- AssertIntEQ(i2d_RSAPublicKey(rsa, &buff), pub[i].sz);
- AssertNotNull(buff);
- AssertIntEQ(0, memcmp((void *)buff, (void *)pub[i].der, pub[i].sz));
- XFREE((void *)buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- RSA_free(rsa);
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_RSA_get0_key(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
- RSA *rsa = NULL;
- const BIGNUM* n = NULL;
- const BIGNUM* e = NULL;
- const BIGNUM* d = NULL;
- const unsigned char* der;
- int derSz;
- #ifdef USE_CERT_BUFFERS_1024
- der = client_key_der_1024;
- derSz = sizeof_client_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- der = client_key_der_2048;
- derSz = sizeof_client_key_der_2048;
- #else
- der = NULL;
- derSz = 0;
- #endif
- printf(testingFmt, "test_wolfSSL_RSA_get0_key()");
- if (der != NULL) {
- RSA_get0_key(NULL, NULL, NULL, NULL);
- RSA_get0_key(rsa, NULL, NULL, NULL);
- RSA_get0_key(NULL, &n, &e, &d);
- AssertNull(n);
- AssertNull(e);
- AssertNull(d);
- AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
- AssertNotNull(rsa);
- RSA_get0_key(rsa, NULL, NULL, NULL);
- RSA_get0_key(rsa, &n, NULL, NULL);
- AssertNotNull(n);
- RSA_get0_key(rsa, NULL, &e, NULL);
- AssertNotNull(e);
- RSA_get0_key(rsa, NULL, NULL, &d);
- AssertNotNull(d);
- RSA_get0_key(rsa, &n, &e, &d);
- AssertNotNull(n);
- AssertNotNull(e);
- AssertNotNull(d);
- RSA_free(rsa);
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_RSA_meth(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
- RSA *rsa;
- RSA_METHOD *rsa_meth;
- printf(testingFmt, "test_wolfSSL_RSA_meth");
- #ifdef WOLFSSL_KEY_GEN
- AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- RSA_free(rsa);
- #else
- AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- #endif
- AssertNotNull(rsa_meth =
- RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));
- #ifndef NO_WOLFSSL_STUB
- AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
- AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
- AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
- AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
- AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
- AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
- AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
- #endif
- AssertNotNull(rsa = RSA_new());
- AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
- AssertPtrEq(RSA_get_method(rsa), rsa_meth);
- AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
- RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
- AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
- /* rsa_meth is freed here */
- RSA_free(rsa);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_verify_depth(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL* ssl;
- WOLFSSL_CTX* ctx;
- long depth;
- printf(testingFmt, "test_wolfSSL_verify_depth()");
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
- AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx));
- SSL_free(ssl);
- SSL_CTX_set_verify_depth(ctx, -1);
- AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx));
- SSL_CTX_set_verify_depth(ctx, 2);
- AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx));
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(2, SSL_get_verify_depth(ssl));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
- /* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
- * buffer of 64 bytes.
- *
- * returns the size of the digest buffer on success and a negative value on
- * failure.
- */
- static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest)
- {
- HMAC_CTX ctx1;
- HMAC_CTX ctx2;
- unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- unsigned char long_key[] =
- "0123456789012345678901234567890123456789"
- "0123456789012345678901234567890123456789"
- "0123456789012345678901234567890123456789"
- "0123456789012345678901234567890123456789";
- unsigned char msg[] = "message to hash";
- unsigned int digestSz = 64;
- int keySz = sizeof(key);
- int long_keySz = sizeof(long_key);
- int msgSz = sizeof(msg);
- unsigned char digest2[64];
- unsigned int digestSz2 = 64;
- HMAC_CTX_init(&ctx1);
- AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx1);
- AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx2);
- AssertIntEQ(digestSz, digestSz2);
- AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- /* test HMAC_Init with NULL key */
- /* init after copy */
- printf("test HMAC_Init with NULL key (0)\n");
- HMAC_CTX_init(&ctx1);
- AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx2);
- AssertIntEQ(digestSz, digestSz2);
- AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- /* long key */
- printf("test HMAC_Init with NULL key (1)\n");
- HMAC_CTX_init(&ctx1);
- AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx2);
- AssertIntEQ(digestSz, digestSz2);
- AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- /* init before copy */
- printf("test HMAC_Init with NULL key (2)\n");
- HMAC_CTX_init(&ctx1);
- AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
- AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx1);
- HMAC_CTX_cleanup(&ctx2);
- AssertIntEQ(digestSz, digestSz2);
- AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- return digestSz;
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
- static void test_wolfSSL_HMAC_CTX(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
- unsigned char digest[64];
- int digestSz;
- printf(testingFmt, "wolfSSL_HMAC_CTX()");
- #ifndef NO_SHA
- AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20);
- AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
- "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
- #endif /* !NO_SHA */
- #ifdef WOLFSSL_SHA224
- AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28);
- AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
- "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
- "\x02\x0E", digest, digestSz), 0);
- #endif /* WOLFSSL_SHA224 */
- #ifndef NO_SHA256
- AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32);
- AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
- "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
- "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
- #endif /* !NO_SHA256 */
- #ifdef WOLFSSL_SHA384
- AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48);
- AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
- "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
- "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
- "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
- digest, digestSz), 0);
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA512
- AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64);
- AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
- "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
- "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
- "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
- "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
- digest, digestSz), 0);
- #endif /* WOLFSSL_SHA512 */
- #ifndef NO_MD5
- AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16);
- AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
- "\xE4\x98\xDD", digest, digestSz), 0);
- #endif /* !NO_MD5 */
- printf(resultFmt, passed);
- #endif
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
- static void sslMsgCb(int w, int version, int type, const void* buf,
- size_t sz, SSL* ssl, void* arg)
- {
- int i;
- unsigned char* pt = (unsigned char*)buf;
- printf("%s %d bytes of version %d , type %d : ", (w)?"Writing":"Reading",
- (int)sz, version, type);
- for (i = 0; i < (int)sz; i++) printf("%02X", pt[i]);
- printf("\n");
- (void)ssl;
- (void)arg;
- }
- #endif /* OPENSSL_EXTRA */
- static void test_wolfSSL_msg_callback(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL* ssl;
- WOLFSSL_CTX* ctx;
- printf(testingFmt, "wolfSSL_msg_callback()");
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- SSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- SSL_FILETYPE_PEM));
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
- SSL_SUCCESS);
- AssertNotNull(ssl = SSL_new(ctx));
- AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
- AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
- AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_SHA(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
- printf(testingFmt, "wolfSSL_SHA()");
- #if !defined(NO_SHA)
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
- "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
- unsigned char out[WC_SHA_DIGEST_SIZE];
- XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
- AssertNotNull(SHA1(in, XSTRLEN((char*)in), out));
- AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
- }
- #endif
- #if !defined(NO_SHA256)
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- unsigned char out[WC_SHA256_DIGEST_SIZE];
- XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
- #else
- AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
- #endif
- AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
- }
- #endif
- #if defined(WOLFSSL_SHA384)
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- unsigned char out[WC_SHA384_DIGEST_SIZE];
- XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
- #else
- AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
- #endif
- AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
- }
- #endif
- #if defined(WOLFSSL_SHA512)
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
- "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
- "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
- "\xa5\x4c\xa4\x9f";
- unsigned char out[WC_SHA512_DIGEST_SIZE];
- XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
- #else
- AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
- #endif
- AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
- }
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_DH_1536_prime(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
- BIGNUM* bn;
- unsigned char bits[200];
- int sz = 192; /* known binary size */
- const byte expected[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
- 0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
- 0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
- 0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
- 0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
- 0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
- 0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- printf(testingFmt, "wolfSSL_DH_1536_prime()");
- bn = get_rfc3526_prime_1536(NULL);
- AssertNotNull(bn);
- AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
- AssertIntEQ(0, XMEMCMP(expected, bits, sz));
- BN_free(bn);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_PEM_write_DHparams(void)
- {
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
- #if defined(OPENSSL_EXTRA) && !defined(NO_DH) && !defined(NO_FILESYSTEM)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- DH* dh;
- BIO* bio;
- XFILE fp;
- byte pem[2048];
- int pemSz;
- const char expected[] =
- "-----BEGIN DH PARAMETERS-----\n\
- MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n\
- v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n\
- nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n\
- joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n\
- wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n\
- tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\
- -----END DH PARAMETERS-----\n";
- printf(testingFmt, "wolfSSL_PEM_write_DHparams()");
- AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
- AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
- XFCLOSE(fp);
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz);
- AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
- BIO_free(bio);
- AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
- AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
- AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
- XFCLOSE(fp);
- DH_free(dh);
- /* check results */
- XMEMSET(pem, 0, sizeof(pem));
- AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb"));
- AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
- AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0);
- XFCLOSE(fp);
- printf(resultFmt, passed);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_ALL || OPENSSL_QT */
- #endif
- }
- static void test_wolfSSL_AES_ecb_encrypt(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB)
- AES_KEY aes;
- const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte out[AES_BLOCK_SIZE];
- printf(testingFmt, "wolfSSL_AES_ecb_encrypt()");
- AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
- AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
- #ifdef HAVE_AES_DECRYPT
- AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
- AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
- #endif
- /* test bad arguments */
- AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
- AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
- AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_SHA256(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
- defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- unsigned char input[] =
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- unsigned char output[] =
- "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- size_t inLen;
- byte hash[WC_SHA256_DIGEST_SIZE];
- printf(testingFmt, "wolfSSL_SHA256()");
- inLen = XSTRLEN((char*)input);
- XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
- AssertNotNull(SHA256(input, inLen, hash));
- AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_get_serialNumber(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
- ASN1_INTEGER* a;
- BIGNUM* bn;
- X509* x509;
- char *serialHex;
- printf(testingFmt, "wolfSSL_X509_get_serialNumber()");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM));
- AssertNotNull(a = X509_get_serialNumber(x509));
- /* check on value of ASN1 Integer */
- AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
- X509_free(x509); /* free's a */
- AssertNotNull(serialHex = BN_bn2hex(bn));
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- AssertStrEQ(serialHex, "01");
- #else
- AssertStrEQ(serialHex, "1");
- #endif
- OPENSSL_free(serialHex);
- AssertIntEQ(BN_get_word(bn), 1);
- BN_free(bn);
- /* hard test free'ing with dynamic buffer to make sure there is no leaks */
- a = ASN1_INTEGER_new();
- if (a) {
- AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
- DYNAMIC_TYPE_OPENSSL));
- a->isDynamic = 1;
- ASN1_INTEGER_free(a);
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_OpenSSL_add_all_algorithms(void){
- #if defined(OPENSSL_EXTRA)
- printf(testingFmt, "wolfSSL_OpenSSL_add_all_algorithms()");
- AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS);
- wolfSSL_Cleanup();
- AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS);
- wolfSSL_Cleanup();
- AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS);
- wolfSSL_Cleanup();
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_STRING_print_ex(void){
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_STRING* asn_str;
- const char data[] = "Hello wolfSSL!";
- ASN1_STRING* esc_str;
- const char esc_data[] = "a+;<>";
- BIO *bio;
- unsigned long flags;
- int p_len;
- unsigned char rbuf[255];
- printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()");
- /* setup */
- XMEMSET(rbuf, 0, 255);
- bio = BIO_new(BIO_s_mem());
- BIO_set_write_buf_size(bio,255);
- asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
- ASN1_STRING_set(asn_str, (const void*)data, sizeof(data));
- esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
- ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data));
- /* no flags */
- XMEMSET(rbuf, 0, 255);
- flags = 0;
- p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
- AssertIntEQ(p_len, 15);
- BIO_read(bio, (void*)rbuf, 15);
- AssertStrEQ((char*)rbuf, "Hello wolfSSL!");
- /* RFC2253 Escape */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_ESC_2253;
- p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags);
- AssertIntEQ(p_len, 9);
- BIO_read(bio, (void*)rbuf, 9);
- AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
- /* Show type */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_SHOW_TYPE;
- p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
- AssertIntEQ(p_len, 28);
- BIO_read(bio, (void*)rbuf, 28);
- AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
- /* Dump All */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL;
- p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
- AssertIntEQ(p_len, 31);
- BIO_read(bio, (void*)rbuf, 31);
- AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
- /* Dump Der */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
- p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
- AssertIntEQ(p_len, 35);
- BIO_read(bio, (void*)rbuf, 35);
- AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
- /* Dump All + Show type */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
- p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
- AssertIntEQ(p_len, 44);
- BIO_read(bio, (void*)rbuf, 44);
- AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
- BIO_free(bio);
- ASN1_STRING_free(asn_str);
- ASN1_STRING_free(esc_str);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- WOLFSSL_ASN1_TIME *t;
- WOLFSSL_ASN1_TIME *out;
- WOLFSSL_ASN1_TIME *gtime;
- int tlen = 0;
- unsigned char *data;
- printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()");
- /* UTC Time test */
- AssertNotNull(t = wolfSSL_ASN1_TIME_new());
- XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
- AssertNotNull(out = wolfSSL_ASN1_TIME_new());
- t->type = ASN_UTC_TIME;
- t->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
- tlen = wolfSSL_ASN1_TIME_get_length(t);
- AssertIntEQ(tlen, ASN_UTC_TIME_SIZE);
- data = wolfSSL_ASN1_TIME_get_data(t);
- AssertStrEQ((char*)data, "050727123456Z");
- gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
- AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
- AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
- AssertStrEQ((char*)gtime->data, "20050727123456Z");
- /* Generalized Time test */
- XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
- XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE);
- XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE);
- t->type = ASN_GENERALIZED_TIME;
- t->length = ASN_GENERALIZED_TIME_SIZE;
- XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
- tlen = wolfSSL_ASN1_TIME_get_length(t);
- AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE);
- data = wolfSSL_ASN1_TIME_get_data(t);
- AssertStrEQ((char*)data, "20050727123456Z");
- gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
- AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
- AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
- AssertStrEQ((char*)gtime->data, "20050727123456Z");
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- /* Null parameter test */
- XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
- gtime = NULL;
- out = NULL;
- t->type = ASN_UTC_TIME;
- t->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
- AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
- AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
- AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
- AssertStrEQ((char*)gtime->data, "20050727123456Z");
- XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_CA_num(void){
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- defined(HAVE_ECC) && !defined(NO_RSA)
- WOLFSSL_X509_STORE *store;
- WOLFSSL_X509 *x509_1, *x509_2;
- int ca_num = 0;
- printf(testingFmt, "wolfSSL_X509_CA_num()");
- store = wolfSSL_X509_STORE_new();
- x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
- wolfSSL_X509_STORE_add_cert(store, x509_1);
- ca_num = wolfSSL_X509_CA_num(store);
- AssertIntEQ(ca_num, 1);
- x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM);
- wolfSSL_X509_STORE_add_cert(store, x509_2);
- ca_num = wolfSSL_X509_CA_num(store);
- AssertIntEQ(ca_num, 2);
- wolfSSL_X509_free(x509_1);
- wolfSSL_X509_free(x509_2);
- wolfSSL_X509_STORE_free(store);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_check_ca(void){
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- WOLFSSL_X509 *x509;
- printf(testingFmt, "wolfSSL_X509_check_ca()");
- x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
- AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
- wolfSSL_X509_free(x509);
- x509 = wolfSSL_X509_load_certificate_file(ntruCertFile, WOLFSSL_FILETYPE_PEM);
- AssertIntEQ(wolfSSL_X509_check_ca(x509), 0);
- wolfSSL_X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_check_ip_asc(void){
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- WOLFSSL_X509 *x509;
- printf(testingFmt, "wolfSSL_X509_check_ip_asc()");
- x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
- #if 0
- /* TODO: add cert gen for testing positive case */
- AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
- #endif
- AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
- AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
- wolfSSL_X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_DC_cert(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \
- defined(WOLFSSL_CERT_EXT)
- Cert cert;
- RsaKey key;
- WC_RNG rng;
- byte der[FOURK_BUF];
- int certSz;
- int ret, idx;
- const byte mySerial[8] = {1,2,3,4,5,6,7,8};
- const unsigned char* pt;
- X509* x509;
- X509_NAME* x509name;
- X509_NAME_ENTRY* entry;
- ASN1_STRING* entryValue;
- CertName name;
- printf(testingFmt, "wolfSSL Certs with DC");
- XMEMSET(&name, 0, sizeof(CertName));
- /* set up cert name */
- XMEMCPY(name.country, "US", sizeof("US"));
- name.countryEnc = CTC_PRINTABLE;
- XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
- name.stateEnc = CTC_UTF8;
- XMEMCPY(name.locality, "Portland", sizeof("Portland"));
- name.localityEnc = CTC_UTF8;
- XMEMCPY(name.sur, "Test", sizeof("Test"));
- name.surEnc = CTC_UTF8;
- XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
- name.orgEnc = CTC_UTF8;
- XMEMCPY(name.unit, "Development", sizeof("Development"));
- name.unitEnc = CTC_UTF8;
- XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
- name.commonNameEnc = CTC_UTF8;
- XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
- name.serialDevEnc = CTC_PRINTABLE;
- #ifdef WOLFSSL_MULTI_ATTRIB
- #if CTC_MAX_ATTRIB > 2
- {
- NameAttrib* n;
- n = &name.name[0];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("com");
- XMEMCPY(n->value, "com", sizeof("com"));
- n = &name.name[1];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("wolfssl");
- XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
- }
- #endif
- #endif /* WOLFSSL_MULTI_ATTRIB */
- AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- #ifndef HAVE_FIPS
- AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, devId), 0);
- #else
- AssertIntEQ(wc_InitRng(&rng), 0);
- #endif
- AssertIntEQ(wc_MakeRsaKey(&key, 1024, 3, &rng), 0);
- XMEMSET(&cert, 0 , sizeof(Cert));
- AssertIntEQ(wc_InitCert(&cert), 0);
- XMEMCPY(&cert.subject, &name, sizeof(CertName));
- XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
- cert.serialSz = (int)sizeof(mySerial);
- cert.isCA = 1;
- #ifndef NO_SHA256
- cert.sigType = CTC_SHA256wRSA;
- #else
- cert.sigType = CTC_SHAwRSA;
- #endif
- /* add SKID from the Public Key */
- AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);
- /* add AKID from the Public Key */
- AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
- }
- } while (ret == WC_PENDING_E);
- AssertIntGT(ret, 0);
- certSz = ret;
- /* der holds a certificate with DC's now check X509 parsing of it */
- pt = der;
- AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
- AssertNotNull(x509name = X509_get_subject_name(x509));
- #ifdef WOLFSSL_MULTI_ATTRIB
- AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- -1)), 5);
- AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- idx)), 6);
- AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- idx)), -1);
- #endif /* WOLFSSL_MULTI_ATTRIB */
- /* compare DN at index 0 */
- AssertNotNull(entry = X509_NAME_get_entry(x509name, 0));
- AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
- AssertIntEQ(ASN1_STRING_length(entryValue), 2);
- AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US");
- #ifdef WOLFSSL_MULTI_ATTRIB
- /* get first and second DC and compare result */
- AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- -1)), 5);
- AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
- AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
- AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
- AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- idx)), 6);
- AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
- AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
- AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
- #endif /* WOLFSSL_MULTI_ATTRIB */
- /* try invalid index locations for regression test and sanity check */
- AssertNull(entry = X509_NAME_get_entry(x509name, 11));
- AssertNull(entry = X509_NAME_get_entry(x509name, 20));
- (void)idx;
- X509_free(x509);
- wc_FreeRsaKey(&key);
- wc_FreeRng(&rng);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_get_version(void){
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- WOLFSSL_X509 *x509;
- printf(testingFmt, "wolfSSL_X509_get_version()");
- x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2);
- wolfSSL_X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_DES_ncbc(void){
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
- const_DES_cblock myDes;
- DES_cblock iv = {1};
- DES_key_schedule key = {0};
- unsigned char msg[] = "hello wolfssl";
- unsigned char out[DES_BLOCK_SIZE * 2] = {0};
- unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
- unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
- unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
- printf(testingFmt, "wolfSSL_DES_ncbc()");
- /* partial block test */
- DES_set_key(&key, &myDes);
- DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
- AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
- AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
- DES_set_key(&key, &myDes);
- XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
- *((byte*)&iv) = 1;
- DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
- AssertIntEQ(XMEMCMP(msg, pln, 3), 0);
- AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
- /* full block test */
- DES_set_key(&key, &myDes);
- XMEMSET(pln, 0, DES_BLOCK_SIZE);
- XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
- *((byte*)&iv) = 1;
- DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
- AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
- AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
- DES_set_key(&key, &myDes);
- XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
- *((byte*)&iv) = 1;
- DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
- AssertIntEQ(XMEMCMP(msg, pln, 8), 0);
- AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_AES_cbc_encrypt()
- {
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA)
- AES_KEY aes;
- AES_KEY* aesN = NULL;
- size_t len = 0;
- size_t lenB = 0;
- int keySz0 = 0;
- int keySzN = -1;
- byte out[AES_BLOCK_SIZE] = {0};
- byte* outN = NULL;
- const int enc1 = AES_ENCRYPT;
- const int enc2 = AES_DECRYPT;
- /* Test vectors retrieved from:
- * <begin URL>
- * https://csrc.nist.gov/
- * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
- * documents/aes/KAT_AES.zip
- * </end URL>
- */
- const byte* pt128N = NULL;
- byte* key128N = NULL;
- byte* iv128N = NULL;
- byte iv128tmp[AES_BLOCK_SIZE] = {0};
- const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
- const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
- 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
- const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
- byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
- len = sizeof(pt128);
- #define STRESS_T(a, b, c, d, e, f, g, h, i) \
- wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
- AssertIntNE(XMEMCMP(b, g, h), i)
- #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
- printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()");
- STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
- STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0);
- wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1);
- AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
- wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1);
- AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
- STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
- printf(resultFmt, "Stress Tests: passed");
- printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key");
- AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
- AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
- AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
- AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
- printf(resultFmt, "Stress Tests: passed");
- printf(testingFmt, "Stressing wolfSSL_AES_set_decrypt_key");
- AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
- AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
- AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
- AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
- printf(resultFmt, "Stress Tests: passed");
- #ifdef WOLFSSL_AES_128
- printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit");
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv128tmp, iv128);
- AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1);
- AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
- printf(resultFmt, "passed");
- #ifdef HAVE_AES_DECRYPT
- printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode");
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv128tmp, iv128);
- len = sizeof(ct128);
- AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2);
- AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
- printf(resultFmt, "passed");
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
- * Appendix F.2.3 */
- byte iv192tmp[AES_BLOCK_SIZE] = {0};
- const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
- const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
- 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
- const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
- byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
- len = sizeof(pt192);
- printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit");
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv192tmp, iv192);
- AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1);
- AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
- printf(resultFmt, "passed");
- #ifdef HAVE_AES_DECRYPT
- printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode");
- len = sizeof(ct192);
- RESET_IV(iv192tmp, iv192);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2);
- AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
- printf(resultFmt, "passed");
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
- * Appendix F.2.5 */
- byte iv256tmp[AES_BLOCK_SIZE] = {0};
- const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
- const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
- 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
- const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
- byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
- len = sizeof(pt256);
- printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit");
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv256tmp, iv256);
- AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1);
- AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
- printf(resultFmt, "passed");
- #ifdef HAVE_AES_DECRYPT
- printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode");
- len = sizeof(ct256);
- RESET_IV(iv256tmp, iv256);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2);
- AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
- printf(resultFmt, "passed");
- #endif
- #endif /* WOLFSSL_AES_256 */
- #endif
- }
- #if defined(OPENSSL_ALL)
- #if !defined(NO_ASN)
- static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
- {
- WOLFSSL_X509* x509;
- WOLFSSL_X509_NAME* subject;
- WOLFSSL_X509_NAME_ENTRY* e;
- WOLFSSL_ASN1_STRING* a;
- FILE* file;
- int idx = 0;
- char targetOutput[16] = "www.wolfssl.com";
- unsigned char* actual_output;
- int len = 0;
- int result = 0;
- AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- fclose(file);
- printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName");
- AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509));
- AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
- NID_commonName, -1)), 5);
- AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
- AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
- AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
- result = strncmp((const char*)actual_output, targetOutput, len);
- AssertIntEQ(result, 0);
- printf(resultFmt, result == 0 ? passed : failed);
- printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, valid): ");
- AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)),
- WOLFSSL_FATAL_ERROR);
- printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
- printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(valid, NULL): ");
- AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)),
- WOLFSSL_FATAL_ERROR);
- printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
- printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL): ");
- AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)),
- WOLFSSL_FATAL_ERROR);
- printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
- wolfSSL_X509_free(x509);
- XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* !defined(NO_ASN) */
- static void test_wolfSSL_sk_CIPHER_description(void)
- {
- const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
- int i,j,k;
- int numCiphers = 0;
- const SSL_METHOD *method = NULL;
- const SSL_CIPHER *cipher = NULL;
- STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
- SSL_CTX *ctx = NULL;
- SSL *ssl = NULL;
- char buf[256];
- char test_str[9] = "0000000";
- const char badStr[] = "unknown";
- const char certPath[] = "./certs/client-cert.pem";
- XMEMSET(buf, 0, sizeof(buf));
- printf(testingFmt, "wolfSSL_sk_CIPHER_description");
- AssertNotNull(method = TLSv1_2_client_method());
- AssertNotNull(ctx = SSL_CTX_new(method));
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
- SSL_CTX_set_verify_depth(ctx, 4);
- SSL_CTX_set_options(ctx, flags);
- AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
- WOLFSSL_SUCCESS);
- AssertNotNull(ssl = SSL_new(ctx));
- /* SSL_get_ciphers returns a stack of all configured ciphers
- * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description
- */
- AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
- /* loop through the amount of supportedCiphers */
- numCiphers = sk_num(supportedCiphers);
- for (i = 0; i < numCiphers; ++i) {
- /* sk_value increments "sk->data.cipher->cipherOffset".
- * wolfSSL_sk_CIPHER_description sets the description for
- * the cipher based on the provided offset.
- */
- if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
- SSL_CIPHER_description(cipher, buf, sizeof(buf));
- }
- /* Search cipher description string for "unknown" descriptor */
- for (j = 0; j < (int)XSTRLEN(buf); j++) {
- k = 0;
- while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) {
- test_str[k] = badStr[k];
- j++;
- k++;
- }
- }
- /* Fail if test_str == badStr == "unknown" */
- AssertStrNE(test_str,badStr);
- }
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- }
- static void test_wolfSSL_get_ciphers_compat(void)
- {
- const SSL_METHOD *method = NULL;
- const char certPath[] = "./certs/client-cert.pem";
- STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
- SSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
- printf(testingFmt, "wolfSSL_get_ciphers_compat");
- method = SSLv23_client_method();
- AssertNotNull(method);
- ctx = SSL_CTX_new(method);
- AssertNotNull(ctx);
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
- SSL_CTX_set_verify_depth(ctx, 4);
- SSL_CTX_set_options(ctx, flags);
- AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
- WOLFSSL_SUCCESS);
- AssertNotNull(ssl = SSL_new(ctx));
- /* Test Bad NULL input */
- AssertNull(supportedCiphers = SSL_get_ciphers(NULL));
- /* Test for Good input */
- AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
- /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is
- * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- }
- static void test_wolfSSL_X509_PUBKEY_get(void)
- {
- WOLFSSL_X509_PUBKEY pubkey;
- WOLFSSL_X509_PUBKEY* key;
- WOLFSSL_EVP_PKEY evpkey;
- WOLFSSL_EVP_PKEY* evpPkey;
- WOLFSSL_EVP_PKEY* retEvpPkey;
- key = &pubkey;
- evpPkey = &evpkey;
- evpPkey->type = WOLFSSL_SUCCESS;
- key->pkey = evpPkey;
- printf(testingFmt, "wolfSSL_X509_PUBKEY_get()");
- AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
- AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS);
- AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL));
- key->pkey = NULL;
- AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
- printf(resultFmt,retEvpPkey == NULL ? passed : failed);
- }
- static void test_wolfSSL_d2i_DHparams()
- {
- #if !defined(NO_DH)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- FILE* f = NULL;
- unsigned char buf[4096];
- const unsigned char* pt = buf;
- const char* params1 = "./certs/dh2048.der";
- const char* params2 = "./certs/dh3072.der";
- long len = 0;
- WOLFSSL_DH* dh = NULL;
- XMEMSET(buf, 0, sizeof(buf));
- /* Test 2048 bit parameters */
- printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit");
- f = XFOPEN(params1, "rb");
- AssertTrue(f != XBADFILE);
- len = (long)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- /* Valid case */
- AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- AssertNotNull(dh->p);
- AssertNotNull(dh->g);
- AssertTrue(pt != buf);
- AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
- /* Invalid cases */
- AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
- AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
- AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
- DH_free(dh);
- printf(resultFmt, passed);
- *buf = 0;
- pt = buf;
- /* Test 3072 bit parameters */
- printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit");
- f = XFOPEN(params2, "rb");
- AssertTrue(f != XBADFILE);
- len = (long)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- /* Valid case */
- AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- AssertNotNull(dh->p);
- AssertNotNull(dh->g);
- AssertTrue(pt != buf);
- AssertIntEQ(DH_generate_key(dh), 1);
- /* Invalid cases */
- AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
- AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
- DH_free(dh);
- printf(resultFmt, passed);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* !NO_DH */
- }
- static void test_wolfSSL_i2d_DHparams()
- {
- #if !defined(NO_DH)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- FILE* f;
- unsigned char buf[4096];
- const unsigned char* pt = buf;
- unsigned char* pt2 = buf;
- const char* params1 = "./certs/dh2048.der";
- const char* params2 = "./certs/dh3072.der";
- long len;
- WOLFSSL_DH* dh;
- /* Test 2048 bit parameters */
- printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit");
- f = XFOPEN(params1, "rb");
- AssertTrue(f != XBADFILE);
- len = (long)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- /* Valid case */
- AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- AssertTrue(pt != buf);
- AssertIntEQ(DH_generate_key(dh), 1);
- AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
- /* Invalid cases */
- AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
- AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 264);
- DH_free(dh);
- printf(resultFmt, passed);
- *buf = 0;
- pt = buf;
- pt2 = buf;
- /* Test 3072 bit parameters */
- printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit");
- f = XFOPEN(params2, "rb");
- AssertTrue(f != XBADFILE);
- len = (long)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- /* Valid case */
- AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- AssertTrue(pt != buf);
- AssertIntEQ(DH_generate_key(dh), 1);
- AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
- /* Invalid cases */
- AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
- AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 392);
- DH_free(dh);
- printf(resultFmt, passed);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif
- }
- static void test_wolfSSL_EC_KEY_dup(void)
- {
- #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- WOLFSSL_EC_KEY* ecKey;
- WOLFSSL_EC_KEY* dupKey;
- ecc_key* srcKey;
- ecc_key* destKey;
- printf(testingFmt, "wolfSSL_EC_KEY_dup()");
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- /* Valid cases */
- AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- AssertIntEQ(wc_ecc_check_key((ecc_key*)dupKey->internal), 0);
- /* Compare pubkey */
- srcKey = (ecc_key*)ecKey->internal;
- destKey = (ecc_key*)dupKey->internal;
- AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
- /* compare EC_GROUP */
- AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
- /* compare EC_POINT */
- AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
- dupKey->pub_key, NULL), MP_EQ);
- /* compare BIGNUM */
- AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
- wolfSSL_EC_KEY_free(dupKey);
- /* Invalid cases */
- /* NULL key */
- AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
- /* NULL ecc_key */
- wc_ecc_free((ecc_key*)ecKey->internal);
- XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
- ecKey->internal = NULL; /* Set ecc_key to NULL */
- AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- wolfSSL_EC_KEY_free(dupKey);
- /* NULL Group */
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- wolfSSL_EC_GROUP_free(ecKey->group);
- ecKey->group = NULL; /* Set group to NULL */
- AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- wolfSSL_EC_KEY_free(dupKey);
- /* NULL public key */
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
- ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
- AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_POINT_free(ecKey->pub_key);
- ecKey->pub_key = NULL; /* Set pub_key to NULL */
- AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- wolfSSL_EC_KEY_free(dupKey);
- /* NULL private key */
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- wolfSSL_BN_free(ecKey->priv_key);
- ecKey->priv_key = NULL; /* Set priv_key to NULL */
- AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- wolfSSL_EC_KEY_free(dupKey);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
- {
- #if !defined(NO_DSA)
- DSA *dsa = NULL;
- DSA *setDsa = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *set1Pkey = NULL;
- SHA_CTX sha;
- byte signature[DSA_SIG_SIZE];
- byte hash[WC_SHA_DIGEST_SIZE];
- word32 bytes;
- int answer;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* dsaKeyDer = dsa_key_der1024;
- int dsaKeySz = sizeof_dsa_key_der_1024;
- byte tmp[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
- bytes = dsa_key_der_sz;
- #elif defined(USE_CERT_BUFFERS_2048)
- const unsigned char* dsaKeyDer = dsa_key_der_2048;
- int dsaKeySz = sizeof_dsa_key_der_2048;
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
- bytes = dsaKeySz;
- #else
- const unsigned char* dsaKeyDer = dsa_key_der_2048;
- int dsaKeySz = sizeof_dsa_key_der_2048;
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
- XFILE fp = XOPEN("./certs/dsa2048.der", "rb");
- if (fp == XBADFILE) {
- return WOLFSSL_BAD_FILE;
- }
- bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- printf(testingFmt,
- "wolfSSL_EVP_PKEY_set1_DSA and wolfSSL_EVP_PKEY_get1_DSA");
- /* Create hash to later Sign and Verify */
- AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS);
- AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS);
- AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
- /* Initialize pkey with der format dsa key */
- AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
- &dsaKeyDer ,(long)dsaKeySz));
- /* Test wolfSSL_EVP_PKEY_get1_DSA */
- /* Should Fail: NULL argument */
- AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
- AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
- /* Should Pass: Initialized pkey argument */
- AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
- AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
- AssertIntEQ(DSA_bits(dsa), 2048);
- /* Sign */
- AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
- /* Verify. */
- AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer),
- WOLFSSL_SUCCESS);
- /* Test wolfSSL_EVP_PKEY_set1_DSA */
- /* Should Fail: set1Pkey not initialized */
- AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
- /* Initialize set1Pkey */
- set1Pkey = EVP_PKEY_new();
- /* Should Fail Verify: setDsa not initialized from set1Pkey */
- AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
- WOLFSSL_SUCCESS);
- /* Should Pass: set dsa into set1Pkey */
- AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
- printf(resultFmt, passed);
- DSA_free(dsa);
- DSA_free(setDsa);
- EVP_PKEY_free(pkey);
- EVP_PKEY_free(set1Pkey);
- #endif /* NO_DSA */
- } /* END test_EVP_PKEY_set1_get1_DSA */
- static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
- {
- #ifdef HAVE_ECC
- WOLFSSL_EC_KEY *ecKey = NULL;
- WOLFSSL_EC_KEY *ecGet1 = NULL;
- EVP_PKEY *pkey = NULL;
- printf(testingFmt,
- "wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY");
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
- AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
- /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
- AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL));
- AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey));
- wolfSSL_EC_KEY_free(ecKey);
- wolfSSL_EC_KEY_free(ecGet1);
- EVP_PKEY_free(pkey);
- /* PASSED */
- printf(resultFmt, passed);
- #endif /* HAVE_ECC */
- } /* END test_EVP_PKEY_set1_get1_EC_KEY */
- static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
- {
- #if !defined(NO_DH)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- DH *dh = NULL;
- DH *setDh = NULL;
- EVP_PKEY *pkey = NULL;
- FILE* f = NULL;
- unsigned char buf[4096];
- const unsigned char* pt = buf;
- const char* dh2048 = "./certs/dh2048.der";
- long len = 0;
- int code = -1;
- printf(testingFmt,"wolfSSL_EVP_PKEY_set1_DH and wolfSSL_EVP_PKEY_get1_DH");
- XMEMSET(buf, 0, sizeof(buf));
- f = XFOPEN(dh2048, "rb");
- AssertTrue(f != XBADFILE);
- len = (long)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- /* Load dh2048.der into DH with internal format */
- AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS);
- AssertIntEQ(code, 0);
- code = -1;
- pkey = wolfSSL_EVP_PKEY_new();
- /* Set DH into PKEY */
- AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
- /* Get DH from PKEY */
- AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey));
- AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS);
- AssertIntEQ(code, 0);
- EVP_PKEY_free(pkey);
- DH_free(setDh);
- DH_free(dh);
- printf(resultFmt, passed);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* NO_DH */
- } /* END test_EVP_PKEY_set1_get1_DH */
- static void test_wolfSSL_CTX_ctrl(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- char caFile[] = "./certs/client-ca.pem";
- char clientFile[] = "./certs/client-cert.pem";
- SSL_CTX* ctx;
- X509* x509 = NULL;
- #if !defined(NO_DH) && !defined(NO_DSA)
- byte buf[6000];
- char file[] = "./certs/dsaparams.pem";
- XFILE f;
- int bytes;
- BIO* bio;
- DSA* dsa;
- DH* dh;
- #endif
- #ifdef HAVE_ECC
- WOLFSSL_EC_KEY* ecKey;
- #endif
- printf(testingFmt, "wolfSSL_CTX_ctrl");
- AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
- x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- #if !defined(NO_DH) && !defined(NO_DSA)
- /* Initialize DH */
- f = XFOPEN(file, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- bio = BIO_new_mem_buf((void*)buf, bytes);
- AssertNotNull(bio);
- dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
- AssertNotNull(dsa);
- dh = wolfSSL_DSA_dup_DH(dsa);
- AssertNotNull(dh);
- #endif
- #ifdef HAVE_ECC
- /* Initialize WOLFSSL_EC_KEY */
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1);
- #endif
- #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
- /* additional test of getting EVP_PKEY key size from X509
- * Do not run with user RSA because wolfSSL_RSA_size is not currently
- * allowed with user RSA */
- {
- EVP_PKEY* pkey;
- #if defined(HAVE_ECC)
- X509* ecX509;
- #endif /* HAVE_ECC */
- AssertNotNull(pkey = X509_get_pubkey(x509));
- /* current RSA key is 2048 bit (256 bytes) */
- AssertIntEQ(EVP_PKEY_size(pkey), 256);
- EVP_PKEY_free(pkey);
- #if defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
- cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
- SSL_FILETYPE_ASN1));
- #else
- AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
- cliEccCertFile, SSL_FILETYPE_PEM));
- #endif
- AssertNotNull(pkey = X509_get_pubkey(ecX509));
- /* current ECC key is 256 bit (32 bytes) */
- AssertIntEQ(EVP_PKEY_size(pkey), 32);
- X509_free(ecX509);
- EVP_PKEY_free(pkey);
- #endif /* HAVE_ECC */
- }
- #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
- /* Tests should fail with passed in NULL pointer */
- AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL),
- SSL_FAILURE);
- #if !defined(NO_DH) && !defined(NO_DSA)
- AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL),
- SSL_FAILURE);
- #endif
- #ifdef HAVE_ECC
- AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL),
- SSL_FAILURE);
- #endif
- /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
- * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert
- */
- AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509),
- SSL_SUCCESS);
- /* Test with SSL_CTRL_OPTIONS
- * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options
- */
- AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL)
- == SSL_OP_NO_TLSv1);
- AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
- /* Test with SSL_CTRL_SET_TMP_DH
- * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh
- */
- #if !defined(NO_DH) && !defined(NO_DSA)
- AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh),
- SSL_SUCCESS);
- #endif
- /* Test with SSL_CTRL_SET_TMP_ECDH
- * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh
- */
- #ifdef HAVE_ECC
- AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey),
- SSL_SUCCESS);
- #endif
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
- AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
- #endif
- /* Cleanup and Pass */
- #if !defined(NO_DH) && !defined(NO_DSA)
- BIO_free(bio);
- DSA_free(dsa);
- DH_free(dh);
- #endif
- #ifdef HAVE_ECC
- wolfSSL_EC_KEY_free(ecKey);
- #endif
- SSL_CTX_free(ctx);
- printf(resultFmt, passed);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- }
- static void test_wolfSSL_DH_check(void)
- {
- #if !defined(NO_DH) && !defined(NO_DSA)
- byte buf[6000];
- char file[] = "./certs/dsaparams.pem";
- XFILE f;
- int bytes;
- BIO* bio;
- DSA* dsa;
- DH* dh = NULL;
- WOLFSSL_BIGNUM* pTmp = NULL;
- WOLFSSL_BIGNUM* gTmp = NULL;
- int codes = -1;
- printf(testingFmt, "wolfSSL_DH_check");
- /* Initialize DH */
- f = XFOPEN(file, "rb");
- AssertTrue((f != XBADFILE));
- bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
- XFCLOSE(f);
- bio = BIO_new_mem_buf((void*)buf, bytes);
- AssertNotNull(bio);
- dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
- AssertNotNull(dsa);
- dh = wolfSSL_DSA_dup_DH(dsa);
- AssertNotNull(dh);
- /* Test assumed to be valid dh.
- * Should return WOLFSSL_SUCCESS
- * codes should be 0
- * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
- */
- AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_SUCCESS);
- AssertIntEQ(codes, 0);
- /* Test NULL dh: expected BAD_FUNC_ARG */
- AssertIntEQ(wolfSSL_DH_check(NULL, &codes), WOLFSSL_FAILURE);
- /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
- pTmp = dh->p;
- dh->p = NULL;
- AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
- AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME);
- /* set dh->p back to normal so it wont fail on next tests */
- dh->p = pTmp;
- pTmp = NULL;
- /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
- gTmp = dh->g;
- dh->g = NULL;
- AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
- AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
- dh->g = gTmp;
- gTmp = NULL;
- /* Cleanup and Pass Test */
- BIO_free(bio);
- DSA_free(dsa);
- DH_free(dh);
- printf(resultFmt, passed);
- #endif /* !NO_DH && !NO_DSA */
- }
- static void test_wolfSSL_EVP_PKEY_assign(void)
- {
- #if defined(OPENSSL_ALL)
- int type;
- WOLFSSL_EVP_PKEY* pkey;
- #ifndef NO_RSA
- WOLFSSL_RSA* rsa;
- #endif
- #ifndef NO_DSA
- WOLFSSL_DSA* dsa;
- #endif
- #ifdef HAVE_ECC
- WOLFSSL_EC_KEY* ecKey;
- #endif
- printf(testingFmt, "wolfSSL_EVP_PKEY_assign");
- #ifndef NO_RSA
- type = EVP_PKEY_RSA;
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- AssertNotNull(rsa = wolfSSL_RSA_new());
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS);
- wolfSSL_EVP_PKEY_free(pkey);
- #endif /* NO_RSA */
- #ifndef NO_DSA
- type = EVP_PKEY_DSA;
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- AssertNotNull(dsa = wolfSSL_DSA_new());
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS);
- wolfSSL_EVP_PKEY_free(pkey);
- #endif /* NO_DSA */
- #ifdef HAVE_ECC
- type = EVP_PKEY_EC;
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
- wolfSSL_EVP_PKEY_free(pkey);
- #endif /* HAVE_ECC */
- printf(resultFmt, passed);
- #endif /* OPENSSL_ALL */
- }
- static void test_wolfSSL_OBJ_ln(void)
- {
- const int nid_set[] = {
- NID_commonName,
- NID_serialNumber,
- NID_countryName,
- NID_localityName,
- NID_stateOrProvinceName,
- NID_organizationName,
- NID_organizationalUnitName,
- NID_domainComponent,
- NID_businessCategory,
- NID_jurisdictionCountryName,
- NID_jurisdictionStateOrProvinceName,
- NID_emailAddress
- };
- const char* ln_set[] = {
- "commonName",
- "serialNumber",
- "countryName",
- "localityName",
- "stateOrProvinceName",
- "organizationName",
- "organizationalUnitName",
- "domainComponent",
- "businessCategory",
- "jurisdictionCountryName",
- "jurisdictionStateOrProvinceName",
- "emailAddress",
- };
- size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
- printf(testingFmt, "wolfSSL_OBJ_ln");
- AssertIntEQ(OBJ_ln2nid(NULL), NID_undef);
- #ifdef HAVE_ECC
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- {
- size_t nCurves = 27;
- EC_builtin_curve r[nCurves];
- nCurves = EC_get_builtin_curves(r,nCurves);
- for (i = 0; i < nCurves; i++) {
- AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
- AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment);
- }
- }
- #endif
- #endif
- for (i = 0; i < maxIdx; i++) {
- AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]);
- AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]);
- }
- printf(resultFmt, passed);
- }
- static void test_wolfSSL_OBJ_sn(void)
- {
- int i = 0, maxIdx = 7;
- const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName,
- NID_stateOrProvinceName,NID_organizationName,
- NID_organizationalUnitName,NID_emailAddress};
- const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
- const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
- WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
- WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
- WOLFSSL_EMAIL_ADDR};
- printf(testingFmt, "wolfSSL_OBJ_sn");
- AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
- for (i = 0; i < maxIdx; i++) {
- AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
- AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
- }
- printf(resultFmt, passed);
- }
- #endif /* OPENSSL_ALL */
- static void test_wolfSSL_X509V3_EXT_get(void) {
- #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
- FILE* f;
- int numOfExt =0;
- int extNid = 0;
- int i = 0;
- WOLFSSL_X509* x509;
- WOLFSSL_X509_EXTENSION* ext;
- const WOLFSSL_v3_ext_method* method;
- AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- fclose(f);
- printf(testingFmt, "wolfSSL_X509V3_EXT_get() return struct and nid test");
- AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
- for (i = 0; i < numOfExt; i++) {
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- AssertNotNull(extNid = ext->obj->nid);
- AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
- AssertIntEQ(method->ext_nid, extNid);
- }
- printf(resultFmt, "passed");
- printf(testingFmt, "wolfSSL_X509V3_EXT_get() NULL argument test");
- AssertNull(method = wolfSSL_X509V3_EXT_get(NULL));
- printf(resultFmt, "passed");
- wolfSSL_X509_free(x509);
- #endif
- }
- static void test_wolfSSL_X509V3_EXT(void) {
- #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
- FILE* f;
- int numOfExt = 0, nid = 0, i = 0, expected, actual;
- char* str;
- unsigned char* data;
- const WOLFSSL_v3_ext_method* method;
- WOLFSSL_X509* x509;
- WOLFSSL_X509_EXTENSION* ext;
- WOLFSSL_X509_EXTENSION* ext2;
- WOLFSSL_ASN1_OBJECT *obj, *adObj;
- WOLFSSL_ASN1_STRING* asn1str;
- WOLFSSL_AUTHORITY_KEYID* aKeyId;
- WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
- WOLFSSL_BASIC_CONSTRAINTS* bc;
- WOLFSSL_ACCESS_DESCRIPTION* ad;
- WOLFSSL_GENERAL_NAME* gn;
- printf(testingFmt, "wolfSSL_X509V3_EXT_d2i()");
- /* Check NULL argument */
- AssertNull(wolfSSL_X509V3_EXT_d2i(NULL));
- /* Using OCSP cert with X509V3 extensions */
- AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- fclose(f);
- AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
- /* Basic Constraints */
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
- AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
- AssertIntEQ(bc->ca, 1);
- AssertNull(bc->pathlen);
- wolfSSL_BASIC_CONSTRAINTS_free(bc);
- i++;
- /* Subject Key Identifier */
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
- AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
- AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
- asn1str));
- X509_EXTENSION_free(ext2);
- AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
- AssertNotNull(method->i2s);
- AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
- wolfSSL_ASN1_STRING_free(asn1str);
- actual = strcmp(str,
- "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
- AssertIntEQ(actual, 0);
- XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- i++;
- /* Authority Key Identifier */
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);
- AssertNotNull(aKeyId =
- (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext));
- AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
- AssertNotNull(asn1str = aKeyId->keyid);
- AssertNotNull(str =
- wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str));
- actual = strcmp(str,
- "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
- AssertIntEQ(actual, 0);
- XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_AUTHORITY_KEYID_free(aKeyId);
- i++;
- /* Key Usage */
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
- AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
- AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
- expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
- #ifdef BIG_ENDIAN_ORDER
- actual = data[1];
- #else
- actual = data[0];
- #endif
- AssertIntEQ(actual, expected);
- wolfSSL_ASN1_STRING_free(asn1str);
- #if 1
- i++;
- /* Authority Info Access */
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
- AssertNotNull(aia =
- (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext));
- AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
- /* URI entry is an ACCESS_DESCRIPTION type */
- AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0));
- AssertNotNull(adObj = ad->method);
- /* Make sure nid is OCSP */
- AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), AIA_OCSP_OID);
- /* GENERAL_NAME stores URI as an ASN1_STRING */
- AssertNotNull(gn = ad->location);
- AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
- AssertNotNull(asn1str = gn->d.uniformResourceIdentifier);
- AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
- str = (char*)wolfSSL_ASN1_STRING_data(asn1str);
- actual = strcmp(str, "http://127.0.0.1:22220");
- AssertIntEQ(actual, 0);
- wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
- XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
- #else
- (void) aia; (void) ad; (void) adObj; (void) gn;
- #endif
- wolfSSL_X509_free(x509);
- printf(resultFmt, "passed");
- #endif
- }
- static void test_wolfSSL_X509_get_ext(void){
- #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
- int ret = 0;
- FILE* f;
- WOLFSSL_X509* x509;
- WOLFSSL_X509_EXTENSION* foundExtension;
- AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- fclose(f);
- AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
- printf(testingFmt, "wolfSSL_X509_get_ext() valid input");
- AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
- printf(resultFmt, "passed");
- printf(testingFmt, "wolfSSL_X509_get_ext() valid x509, idx out of bounds");
- AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
- AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
- printf(resultFmt, "passed");
- printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, idx out of bounds");
- AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
- AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
- printf(resultFmt, "passed");
- printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, valid idx");
- AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
- printf(resultFmt, "passed");
- wolfSSL_X509_free(x509);
- #endif
- }
- static void test_wolfSSL_X509_get_ext_by_NID(void)
- {
- #if defined(OPENSSL_ALL)
- int rc;
- FILE* f;
- WOLFSSL_X509* x509;
- AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- fclose(f);
- rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
- AssertIntGE(rc, 0);
- /* Start search from last location (should fail) */
- rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc);
- AssertIntGE(rc, -1);
- rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2);
- AssertIntGE(rc, -1);
- rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1);
- AssertIntEQ(rc, -1);
- rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1);
- AssertIntEQ(rc, -1);
- wolfSSL_X509_free(x509);
- #endif
- }
- static void test_wolfSSL_X509_EXTENSION_new(void)
- {
- #if defined (OPENSSL_ALL)
- WOLFSSL_X509_EXTENSION* ext;
- AssertNotNull(ext = wolfSSL_X509_EXTENSION_new());
- AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
- ext->obj->nid = WOLFSSL_SUCCESS;
- AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid);
- wolfSSL_X509_EXTENSION_free(ext);
- #endif
- }
- static void test_wolfSSL_X509_EXTENSION_get_object(void)
- {
- #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
- WOLFSSL_X509* x509;
- WOLFSSL_X509_EXTENSION* ext;
- WOLFSSL_ASN1_OBJECT* o;
- FILE* file;
- int nid = 0;
- AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- fclose(file);
- printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() testing ext idx 0");
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
- AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
- AssertIntEQ(o->nid, 128);
- nid = o->nid;
- printf(resultFmt, nid == 128 ? passed : failed);
- printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() NULL argument");
- AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
- printf(resultFmt, passed);
- wolfSSL_X509_free(x509);
- #endif
- }
- static void test_wolfSSL_X509_EXTENSION_get_data(void)
- {
- #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
- WOLFSSL_X509* x509;
- WOLFSSL_X509_EXTENSION* ext;
- WOLFSSL_ASN1_STRING* str;
- FILE* file;
- printf(testingFmt, "wolfSSL_X509_EXTENSION_get_data");
- AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- fclose(file);
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
- AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
- printf(resultFmt, passed);
- wolfSSL_X509_free(x509);
- #endif
- }
- static void test_wolfSSL_X509_EXTENSION_get_critical(void)
- {
- #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
- WOLFSSL_X509* x509;
- WOLFSSL_X509_EXTENSION* ext;
- FILE* file;
- int crit;
- printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical");
- AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- fclose(file);
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
- crit = wolfSSL_X509_EXTENSION_get_critical(ext);
- AssertIntEQ(crit, 0);
- printf(resultFmt, passed);
- wolfSSL_X509_free(x509);
- #endif
- }
- static void test_wolfSSL_X509V3_EXT_print(void)
- {
- #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
- printf(testingFmt, "wolfSSL_X509V3_EXT_print");
- {
- FILE* f;
- WOLFSSL_X509* x509;
- X509_EXTENSION * ext = NULL;
- int loc;
- BIO *bio = NULL;
- AssertNotNull(f = fopen(svrCertFile, "rb"));
- AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- fclose(f);
- AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
- loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
- AssertIntGT(loc, -1);
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
- AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
- loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
- AssertIntGT(loc, -1);
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
- AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
- loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
- AssertIntGT(loc, -1);
- AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
- AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
- wolfSSL_BIO_free(bio);
- wolfSSL_X509_free(x509);
- }
- {
- X509 *x509;
- BIO *bio;
- X509_EXTENSION *ext;
- unsigned int i;
- unsigned int idx;
- /* Some NIDs to test with */
- int nids[] = {
- /* NID_key_usage, currently X509_get_ext returns this as a bit
- * string, which messes up X509V3_EXT_print */
- /* NID_ext_key_usage, */
- NID_subject_alt_name,
- };
- int* n;
- printf(testingFmt, "wolfSSL_X509V3_EXT_print");
- AssertNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
- WOLFSSL_FILETYPE_PEM));
- printf("\nPrinting extension values:\n");
- for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
- /* X509_get_ext_by_NID should return 3 for now. If that changes then
- * update the index */
- AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
- AssertNotNull(ext = X509_get_ext(x509, idx));
- AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
- printf("\n");
- }
- BIO_free(bio);
- X509_free(x509);
- }
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_cmp(void)
- {
- #if defined(OPENSSL_ALL)
- FILE* file1;
- FILE* file2;
- WOLFSSL_X509* cert1;
- WOLFSSL_X509* cert2;
- int ret = 0;
- AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb"));
- AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb"));
- AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
- AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
- fclose(file1);
- fclose(file2);
- printf(testingFmt, "wolfSSL_X509_cmp() testing matching certs");
- ret = wolfSSL_X509_cmp(cert1, cert1);
- AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
- printf(resultFmt, ret == 0 ? passed : failed);
- printf(testingFmt, "wolfSSL_X509_cmp() testing mismatched certs");
- ret = wolfSSL_X509_cmp(cert1, cert2);
- AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
- printf(resultFmt, ret == -1 ? passed : failed);
- printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, valid args");
- ret = wolfSSL_X509_cmp(NULL, cert2);
- AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
- printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
- printf(testingFmt, "wolfSSL_X509_cmp() testing valid, NULL args");
- ret = wolfSSL_X509_cmp(cert1, NULL);
- AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
- printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
- printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, NULL args");
- ret = wolfSSL_X509_cmp(NULL, NULL);
- AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
- printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
- wolfSSL_X509_free(cert1);
- wolfSSL_X509_free(cert2);
- #endif
- }
- static void test_wolfSSL_PKEY_up_ref()
- {
- #if defined(OPENSSL_ALL)
- EVP_PKEY* pkey;
- printf(testingFmt, "wolfSSL_PKEY_up_ref()");
- pkey = EVP_PKEY_new();
- AssertIntEQ(EVP_PKEY_up_ref(NULL), 0);
- AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
- EVP_PKEY_free(pkey);
- AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
- EVP_PKEY_free(pkey);
- EVP_PKEY_free(pkey);
- printf(resultFmt, "passed");
- #endif
- }
- static void test_wolfSSL_i2d_PrivateKey()
- {
- #if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA)
- printf(testingFmt, "wolfSSL_i2d_PrivateKey()");
- #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
- {
- EVP_PKEY* pkey;
- const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
- unsigned char buf[FOURK_BUF];
- unsigned char* pt = NULL;
- int bufSz;
- AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
- (long)sizeof_server_key_der_2048));
- AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193);
- pt = buf;
- AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193);
- AssertIntNE((pt - buf), 0);
- AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0);
- EVP_PKEY_free(pkey);
- }
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- {
- EVP_PKEY* pkey;
- const unsigned char* client_key =
- (const unsigned char*)ecc_clikey_der_256;
- unsigned char buf[FOURK_BUF];
- unsigned char* pt = NULL;
- int bufSz;
- AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
- sizeof_ecc_clikey_der_256)));
- AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121);
- pt = buf;
- AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121);
- AssertIntNE((pt - buf), 0);
- AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0);
- EVP_PKEY_free(pkey);
- }
- #endif
- printf(resultFmt, "passed");
- #endif
- }
- static void test_wolfSSL_OCSP_get0_info()
- {
- #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && !defined(NO_FILESYSTEM)
- X509* cert;
- X509* issuer;
- OCSP_CERTID* id;
- ASN1_STRING* name = NULL;
- ASN1_OBJECT* pmd = NULL;
- ASN1_STRING* keyHash = NULL;
- ASN1_INTEGER* serial = NULL;
- ASN1_INTEGER* x509Int;
- printf(testingFmt, "wolfSSL_OCSP_get0_info()");
- AssertNotNull(cert =
- wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM));
- AssertNotNull(issuer =
- wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
- id = OCSP_cert_to_id(NULL, cert, issuer);
- AssertNotNull(id);
- AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0);
- AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1);
- /* name, pmd, keyHash not supported yet, expect failure if not NULL */
- AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0);
- AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0);
- AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0);
- AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1);
- AssertNotNull(serial);
- /* compare serial number to one in cert, should be equal */
- x509Int = X509_get_serialNumber(cert);
- AssertNotNull(x509Int);
- AssertIntEQ(x509Int->dataMax, serial->dataMax);
- AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->dataMax), 0);
- OCSP_CERTID_free(id);
- X509_free(cert); /* free's x509Int */
- X509_free(issuer);
- printf(resultFmt, "passed");
- #endif /* OPENSSL_EXTRA & HAVE_OCSP */
- }
- static void test_wolfSSL_EVP_PKEY_derive(void)
- {
- #ifdef OPENSSL_ALL
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- EVP_PKEY_CTX *ctx;
- unsigned char *skey;
- size_t skeylen;
- EVP_PKEY *pkey, *peerkey;
- const unsigned char* key;
- /* DH */
- key = dh_key_der_2048;
- AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
- sizeof_dh_key_der_2048)));
- AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1);
- key = dh_key_der_2048;
- AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
- sizeof_dh_key_der_2048)));
- AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1);
- AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
- AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
- AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
- AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
- AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(peerkey);
- EVP_PKEY_free(pkey);
- XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
- #ifdef HAVE_ECC
- /* ECDH */
- key = ecc_clikey_der_256;
- AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key,
- sizeof_ecc_clikey_der_256)));
- key = ecc_clikeypub_der_256;
- AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key,
- sizeof_ecc_clikeypub_der_256)));
- AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
- AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
- AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
- AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
- AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(peerkey);
- EVP_PKEY_free(pkey);
- XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif /* HAVE_ECC */
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_ALL */
- }
- static void test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
- {
- #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- RSA *rsa;
- const unsigned char *derBuf = client_key_der_2048;
- unsigned char em[256] = {0}; /* len = 2048/8 */
- /* Random data simulating a hash */
- const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
- 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
- 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
- 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
- };
- AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
- AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -1), 1);
- AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -1), 1);
- RSA_free(rsa);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
- }
- static void test_wolfSSL_EC_get_builtin_curves(void)
- {
- #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- EC_builtin_curve* curves = NULL;
- size_t crv_len = 0;
- size_t i = 0;
- printf(testingFmt, "wolfSSL_EC_get_builtin_curves");
- AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
- AssertNotNull(curves = (EC_builtin_curve*)
- XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
- for (i = 0; i < crv_len; i++)
- {
- if (curves[i].comment != NULL)
- AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
- }
- XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- printf(resultFmt, passed);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
- }
- static void test_no_op_functions(void)
- {
- #if defined(OPENSSL_EXTRA)
- printf(testingFmt, "no_op_functions()");
- /* this makes sure wolfSSL can compile and run these no-op functions */
- SSL_load_error_strings();
- ENGINE_load_builtin_engines();
- OpenSSL_add_all_ciphers();
- AssertIntEQ(CRYPTO_malloc_init(), 0);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_CRYPTO_memcmp(void)
- {
- #ifdef OPENSSL_EXTRA
- char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
- "implementation of TLS/SSL for embedded devices to the cloud.";
- char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
- "implementation of TLS/SSL for embedded devices to the cloud.";
- char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
- "implementation of TLS/SSL for embedded devices to the cloud!";
- AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0);
- AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0);
- #endif
- }
- /*----------------------------------------------------------------------------*
- | wolfCrypt ASN
- *----------------------------------------------------------------------------*/
- static void test_wc_GetPkcs8TraditionalOffset(void)
- {
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8)
- int length, derSz;
- word32 inOutIdx;
- const char* path = "./certs/server-keyPkcs8.der";
- XFILE file;
- byte der[2048];
- printf(testingFmt, "wc_GetPkcs8TraditionalOffset");
- file = XFOPEN(path, "rb");
- AssertTrue(file != XBADFILE);
- derSz = (int)XFREAD(der, 1, sizeof(der), file);
- XFCLOSE(file);
- /* valid case */
- inOutIdx = 0;
- length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
- AssertIntGT(length, 0);
- /* inOutIdx > sz */
- inOutIdx = 4000;
- length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
- AssertIntEQ(length, BAD_FUNC_ARG);
- /* null input */
- inOutIdx = 0;
- length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0);
- AssertIntEQ(length, BAD_FUNC_ARG);
- /* invalid input, fill buffer with 1's */
- XMEMSET(der, 1, sizeof(der));
- inOutIdx = 0;
- length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
- AssertIntEQ(length, ASN_PARSE_E);
- printf(resultFmt, passed);
- #endif /* NO_ASN */
- }
- static void test_wc_SetSubjectRaw(void)
- {
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
- const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
- WOLFSSL_X509* x509;
- int peerCertSz;
- const byte* peerCertBuf;
- Cert forgedCert;
- printf(testingFmt, "test_wc_SetSubjectRaw()");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM));
- AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
- AssertIntEQ(0, wc_InitCert(&forgedCert));
- AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz));
- wolfSSL_FreeX509(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wc_GetSubjectRaw(void)
- {
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
- Cert cert;
- byte *subjectRaw;
- printf(testingFmt, "test_wc_GetSubjectRaw()");
- AssertIntEQ(0, wc_InitCert(&cert));
- AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert));
- printf(resultFmt, passed);
- #endif
- }
- static void test_wc_SetIssuerRaw(void)
- {
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
- const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
- WOLFSSL_X509* x509;
- int peerCertSz;
- const byte* peerCertBuf;
- Cert forgedCert;
- printf(testingFmt, "test_wc_SetIssuerRaw()");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM));
- AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
- AssertIntEQ(0, wc_InitCert(&forgedCert));
- AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));
- wolfSSL_FreeX509(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wc_SetIssueBuffer(void)
- {
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
- const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
- WOLFSSL_X509* x509;
- int peerCertSz;
- const byte* peerCertBuf;
- Cert forgedCert;
- printf(testingFmt, "test_wc_SetIssuerBuffer()");
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM));
- AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
- AssertIntEQ(0, wc_InitCert(&forgedCert));
- AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz));
- wolfSSL_FreeX509(x509);
- printf(resultFmt, passed);
- #endif
- }
- /*
- * Testing wc_SetSubjectKeyId
- */
- static void test_wc_SetSubjectKeyId(void)
- {
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
- Cert cert;
- const char* file = "certs/ecc-client-keyPub.pem";
- printf(testingFmt, "wc_SetSubjectKeyId()");
- AssertIntEQ(0, wc_InitCert(&cert));
- AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file));
- AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
- AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
- printf(resultFmt, passed);
- #endif
- } /* END test_wc_SetSubjectKeyId */
- /*
- * Testing wc_SetSubject
- */
- static void test_wc_SetSubject(void)
- {
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
- Cert cert;
- const char* file = "./certs/ca-ecc-cert.pem";
- printf(testingFmt, "wc_SetSubject()");
- AssertIntEQ(0, wc_InitCert(&cert));
- AssertIntEQ(0, wc_SetSubject(&cert, file));
- AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
- AssertIntGT(0, wc_SetSubject(&cert, "badfile.name"));
- printf(resultFmt, passed);
- #endif
- } /* END test_wc_SetSubject */
- static void test_CheckCertSignature(void)
- {
- #if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
- FILE* fp;
- byte cert[4096];
- int certSz;
- #endif
- AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
- AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
- sizeof_server_cert_der_1024, NULL, cm));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
- ca_cert_der_1024, sizeof_ca_cert_der_1024,
- WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(0, CheckCertSignature(server_cert_der_1024,
- sizeof_server_cert_der_1024, NULL, cm));
- #elif defined(USE_CERT_BUFFERS_2048)
- AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
- sizeof_server_cert_der_2048, NULL, cm));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
- ca_cert_der_2048, sizeof_ca_cert_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(0, CheckCertSignature(server_cert_der_2048,
- sizeof_server_cert_der_2048, NULL, cm));
- #endif
- #endif
- #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
- sizeof_serv_ecc_der_256, NULL, cm));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
- ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
- WOLFSSL_FILETYPE_ASN1));
- AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
- NULL, cm));
- #endif
- #if !defined(NO_FILESYSTEM)
- wolfSSL_CertManagerFree(cm);
- AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- #ifndef NO_RSA
- AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb"));
- AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
- XFCLOSE(fp);
- AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
- "./certs/ca-cert.pem", NULL));
- AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
- #endif
- #ifdef HAVE_ECC
- AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb"));
- AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
- XFCLOSE(fp);
- AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
- "./certs/ca-ecc-cert.pem", NULL));
- AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
- #endif
- #endif
- #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
- (void)fp;
- (void)cert;
- (void)certSz;
- #endif
- wolfSSL_CertManagerFree(cm);
- #endif
- }
- /*----------------------------------------------------------------------------*
- | wolfCrypt ECC
- *----------------------------------------------------------------------------*/
- static void test_wc_ecc_get_curve_size_from_name(void)
- {
- #ifdef HAVE_ECC
- int ret;
- printf(testingFmt, "wc_ecc_get_curve_size_from_name");
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- ret = wc_ecc_get_curve_size_from_name("SECP256R1");
- AssertIntEQ(ret, 32);
- #endif
- /* invalid case */
- ret = wc_ecc_get_curve_size_from_name("BADCURVE");
- AssertIntEQ(ret, -1);
- /* NULL input */
- ret = wc_ecc_get_curve_size_from_name(NULL);
- AssertIntEQ(ret, BAD_FUNC_ARG);
- printf(resultFmt, passed);
- #endif /* HAVE_ECC */
- }
- static void test_wc_ecc_get_curve_id_from_name(void)
- {
- #ifdef HAVE_ECC
- int id;
- printf(testingFmt, "wc_ecc_get_curve_id_from_name");
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- id = wc_ecc_get_curve_id_from_name("SECP256R1");
- AssertIntEQ(id, ECC_SECP256R1);
- #endif
- /* invalid case */
- id = wc_ecc_get_curve_id_from_name("BADCURVE");
- AssertIntEQ(id, -1);
- /* NULL input */
- id = wc_ecc_get_curve_id_from_name(NULL);
- AssertIntEQ(id, BAD_FUNC_ARG);
- printf(resultFmt, passed);
- #endif /* HAVE_ECC */
- }
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
- !defined(HAVE_SELFTEST) && \
- !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
- static void test_wc_ecc_get_curve_id_from_dp_params(void)
- {
- int id;
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- int curve_id;
- ecc_key* key;
- const ecc_set_type* params;
- int ret;
- #endif
- WOLFSSL_EC_KEY *ecKey = NULL;
- printf(testingFmt, "wc_ecc_get_curve_id_from_dp_params");
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- id = wc_ecc_get_curve_id_from_name("SECP256R1");
- AssertIntEQ(id, ECC_SECP256R1);
- ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- AssertNotNull(ecKey);
- ret = EC_KEY_generate_key(ecKey);
- if (ret == 0) {
- /* normal test */
- key = (ecc_key*)ecKey->internal;
- params = key->dp;
- curve_id = wc_ecc_get_curve_id_from_dp_params(params);
- AssertIntEQ(curve_id, id);
- }
- #endif
- /* invalid case, NULL input*/
- id = wc_ecc_get_curve_id_from_dp_params(NULL);
- AssertIntEQ(id, BAD_FUNC_ARG);
- wolfSSL_EC_KEY_free(ecKey);
- printf(resultFmt, passed);
- }
- #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
- static void test_wc_ecc_get_curve_id_from_params(void)
- {
- #ifdef HAVE_ECC
- int id;
- const byte prime[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
- };
- const byte primeInvalid[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
- };
- const byte Af[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
- };
- const byte Bf[] =
- {
- 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
- 0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
- 0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
- 0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
- };
- const byte order[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
- 0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
- };
- const byte Gx[] =
- {
- 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
- 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
- 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
- 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
- };
- const byte Gy[] =
- {
- 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
- 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
- 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
- 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
- };
- int cofactor = 1;
- int fieldSize = 256;
- printf(testingFmt, "wc_ecc_get_curve_id_from_params");
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime),
- Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
- Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
- AssertIntEQ(id, ECC_SECP256R1);
- #endif
- /* invalid case, fieldSize = 0 */
- id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
- Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
- Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
- AssertIntEQ(id, ECC_CURVE_INVALID);
- /* invalid case, NULL prime */
- id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
- Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
- Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
- AssertIntEQ(id, BAD_FUNC_ARG);
- /* invalid case, invalid prime */
- id = wc_ecc_get_curve_id_from_params(fieldSize,
- primeInvalid, sizeof(primeInvalid),
- Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
- Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
- AssertIntEQ(id, ECC_CURVE_INVALID);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_EVP_PKEY_encrypt(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_FAST_RSA)
- WOLFSSL_RSA* rsa = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
- const char* in = "What is easy to do is easy not to do.";
- size_t inlen = XSTRLEN(in);
- size_t outEncLen = 0;
- byte* outEnc = NULL;
- byte* outDec = NULL;
- size_t outDecLen = 0;
- size_t rsaKeySz = 2048/8; /* Bytes */
- #ifdef WC_RSA_NO_PADDING
- byte* inTmp = NULL;
- byte* outEncTmp = NULL;
- byte* outDecTmp = NULL;
- #endif
- printf(testingFmt, "wolfSSL_EVP_PKEY_encrypt()");
- AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- XMEMSET(outEnc, 0, rsaKeySz);
- AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- XMEMSET(outDec, 0, rsaKeySz);
- AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
- AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
- WOLFSSL_SUCCESS);
- /* Test pkey references count is decremented. pkey shouldn't be destroyed
- since ctx uses it.*/
- AssertIntEQ(pkey->references, 2);
- EVP_PKEY_free(pkey);
- AssertIntEQ(pkey->references, 1);
- /* Encrypt data */
- AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen,
- (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
- /* Decrypt data */
- AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen),
- WOLFSSL_SUCCESS);
- AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0);
- #ifdef WC_RSA_NO_PADDING
- /* The input length must be the same size as the RSA key.*/
- AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- XMEMSET(inTmp, 9, rsaKeySz);
- AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- XMEMSET(outEncTmp, 0, rsaKeySz);
- AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- XMEMSET(outDecTmp, 0, rsaKeySz);
- AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
- WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz),
- WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen),
- WOLFSSL_SUCCESS);
- AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0);
- #endif
- EVP_PKEY_CTX_free(ctx);
- XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WC_RSA_NO_PADDING
- XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_EVP_PKEY_sign(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- WOLFSSL_RSA* rsa = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
- const char* in = "What is easy to do is easy not to do.";
- size_t inlen = XSTRLEN(in);
- byte hash[SHA256_DIGEST_LENGTH] = {0};
- SHA256_CTX c;
- byte* sig = NULL;
- byte* sigVerify = NULL;
- size_t siglen = 0;
- size_t rsaKeySz = 2048/8; /* Bytes */
- printf(testingFmt, "wolfSSL_EVP_PKEY_sign()");
- sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- AssertNotNull(sig);
- XMEMSET(sig, 0, rsaKeySz);
- AssertNotNull(sigVerify = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- XMEMSET(sigVerify, 0, rsaKeySz);
- /* Generate hash */
- SHA256_Init(&c);
- SHA256_Update(&c, in, inlen);
- SHA256_Final(hash, &c);
- AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
- AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
- AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
- WOLFSSL_SUCCESS);
- /* Sign data */
- AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, SHA256_DIGEST_LENGTH),
- WOLFSSL_SUCCESS);
- /* Verify signature.
- EVP_PKEY_verify() doesn't exist yet, so use RSA_public_decrypt(). */
- AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify,
- rsa, RSA_PKCS1_PADDING), SHA256_DIGEST_LENGTH);
- AssertIntEQ(XMEMCMP(hash, sigVerify, SHA256_DIGEST_LENGTH), 0);
- /* error cases */
- AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS);
- ctx->pkey->type = EVP_PKEY_RSA2;
- AssertIntNE(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
- AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen),
- WOLFSSL_SUCCESS);
- AssertIntNE(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen),
- WOLFSSL_SUCCESS);
- EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(ctx);
- wolfSSL_RSA_free(rsa);
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- printf(resultFmt, passed);
- #endif
- }
- static void test_EVP_PKEY_rsa(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- WOLFSSL_RSA* rsa;
- WOLFSSL_EVP_PKEY* pkey;
- AssertNotNull(rsa = wolfSSL_RSA_new());
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
- AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
- AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
- wolfSSL_EVP_PKEY_free(pkey);
- printf(resultFmt, passed);
- #endif
- }
- static void test_EVP_PKEY_ec(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- WOLFSSL_EC_KEY* ecKey;
- WOLFSSL_EVP_PKEY* pkey;
- AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
- AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
- AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
- AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
- wolfSSL_EVP_PKEY_free(pkey);
- printf(resultFmt, passed);
- #endif
- #endif
- }
- static void test_EVP_PKEY_cmp(void)
- {
- #if defined(OPENSSL_EXTRA)
- EVP_PKEY *a, *b;
- const unsigned char *in;
- #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
- in = client_key_der_2048;
- AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- &in, (long)sizeof_client_key_der_2048));
- in = client_key_der_2048;
- AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- &in, (long)sizeof_client_key_der_2048));
- /* Test success case RSA */
- AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
- EVP_PKEY_free(b);
- EVP_PKEY_free(a);
- #endif
- #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- in = ecc_clikey_der_256;
- AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
- &in, (long)sizeof_ecc_clikey_der_256));
- in = ecc_clikey_der_256;
- AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
- &in, (long)sizeof_ecc_clikey_der_256));
- /* Test success case ECC */
- AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
- EVP_PKEY_free(b);
- EVP_PKEY_free(a);
- #endif
- /* Test failure cases */
- #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \
- defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- in = client_key_der_2048;
- AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- &in, (long)sizeof_client_key_der_2048));
- in = ecc_clikey_der_256;
- AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
- &in, (long)sizeof_ecc_clikey_der_256));
- AssertIntNE(EVP_PKEY_cmp(a, b), 0);
- EVP_PKEY_free(b);
- EVP_PKEY_free(a);
- #endif
- /* invalid or empty failure cases */
- a = EVP_PKEY_new();
- b = EVP_PKEY_new();
- AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0);
- AssertIntNE(EVP_PKEY_cmp(a, NULL), 0);
- AssertIntNE(EVP_PKEY_cmp(NULL, b), 0);
- AssertIntNE(EVP_PKEY_cmp(a, b), 0);
- EVP_PKEY_free(b);
- EVP_PKEY_free(a);
- (void)in;
- printf(resultFmt, passed);
- #endif
- }
- static void test_ERR_load_crypto_strings(void)
- {
- #if defined(OPENSSL_ALL)
- ERR_load_crypto_strings();
- printf(resultFmt, passed);
- #endif
- }
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
- static void free_x509(X509* x)
- {
- AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
- }
- #endif
- static void test_sk_X509(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
- STACK_OF(X509)* s;
- AssertNotNull(s = sk_X509_new());
- AssertIntEQ(sk_X509_num(s), 0);
- sk_X509_free(s);
- AssertNotNull(s = sk_X509_new_null());
- AssertIntEQ(sk_X509_num(s), 0);
- sk_X509_free(s);
- AssertNotNull(s = sk_X509_new());
- sk_X509_push(s, (X509*)1);
- AssertIntEQ(sk_X509_num(s), 1);
- AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
- sk_X509_push(s, (X509*)2);
- AssertIntEQ(sk_X509_num(s), 2);
- AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
- AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
- sk_X509_push(s, (X509*)2);
- sk_X509_pop_free(s, free_x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_X509_get_signature_nid(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509* x509;
- AssertIntEQ(X509_get_signature_nid(NULL), 0);
- AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM));
- AssertIntEQ(X509_get_signature_nid(x509), CTC_SHA256wRSA);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_X509_REQ(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_REQ)
- X509_NAME* name;
- #if !defined(NO_RSA) || defined(HAVE_ECC)
- X509_REQ* req;
- EVP_PKEY* priv;
- EVP_PKEY* pub;
- unsigned char* der = NULL;
- #endif
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
- const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048;
- const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048;
- #endif
- #endif
- #ifdef HAVE_ECC
- const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
- const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
- int len;
- #endif
- AssertNotNull(name = X509_NAME_new());
- AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, 0, 1),
- WOLFSSL_SUCCESS);
- AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1,
- 1), WOLFSSL_SUCCESS);
- #ifndef NO_RSA
- AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
- (long)sizeof_client_key_der_2048));
- AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
- (long)sizeof_client_keypub_der_2048));
- AssertNotNull(req = X509_REQ_new());
- AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
- AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
- AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
- AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
- AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
- AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
- AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
- AssertIntEQ(i2d_X509_REQ(req, &der), 643);
- XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
- der = NULL;
- X509_REQ_free(NULL);
- X509_REQ_free(req);
- EVP_PKEY_free(pub);
- EVP_PKEY_free(priv);
- #endif
- #ifdef HAVE_ECC
- AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv,
- sizeof_ecc_clikey_der_256));
- AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub,
- sizeof_ecc_clikeypub_der_256));
- AssertNotNull(req = X509_REQ_new());
- AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
- AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
- AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
- /* Signature is random and may be shorter or longer. */
- AssertIntGE((len = i2d_X509_REQ(req, &der)), 245);
- AssertIntLE(len, 253);
- XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
- X509_REQ_free(req);
- EVP_PKEY_free(pub);
- EVP_PKEY_free(priv);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif /* HAVE_ECC */
- X509_NAME_free(name);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfssl_PKCS7(void)
- {
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
- PKCS7* pkcs7;
- byte data[FOURK_BUF];
- word32 len = sizeof(data);
- const byte* p = data;
- byte content[] = "Test data to encode.";
- AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
- (word32)sizeof(content),
- 0, 0)), 0);
- AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
- AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
- AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
- AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
- PKCS7_NOVERIFY), WOLFSSL_FAILURE);
- PKCS7_free(pkcs7);
- /* fail case, without PKCS7_NOVERIFY */
- p = data;
- AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
- AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
- 0), WOLFSSL_FAILURE);
- PKCS7_free(pkcs7);
- /* success case, with PKCS7_NOVERIFY */
- p = data;
- AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
- AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
- PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
- PKCS7_free(NULL);
- PKCS7_free(pkcs7);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_PKCS7_SIGNED_new(void)
- {
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
- PKCS7_SIGNED* pkcs7;
- printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()");
- pkcs7 = PKCS7_SIGNED_new();
- AssertNotNull(pkcs7);
- AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);
- PKCS7_SIGNED_free(pkcs7);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_PEM_write_bio_PKCS7(void)
- {
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
- PKCS7* pkcs7 = NULL;
- BIO* bio = NULL;
- const byte* cert_buf = NULL;
- int ret = 0;
- WC_RNG rng;
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- byte key[sizeof_client_key_der_2048];
- byte cert[sizeof_client_cert_der_2048];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- byte key[sizeof_client_key_der_1024];
- byte cert[sizeof_client_cert_der_1024];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz;
- int keySz;
- fp = XFOPEN("./certs/1024/client-cert.der", "rb");
- AssertTrue((fp != XBADFILE));
- certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/1024/client-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof_cliecc_cert_der_256];
- unsigned char key[sizeof_ecc_clikey_der_256];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp;
- int certSz, keySz;
- fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
- AssertTrue(fp != XBADFILE);
- certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
- XFCLOSE(fp);
- fp = XFOPEN("./certs/client-ecc-key.der", "rb");
- AssertTrue(fp != XBADFILE);
- keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
- XFCLOSE(fp);
- #endif
- #else
- #error PKCS7 requires ECC or RSA
- #endif
- printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()");
- AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
- /* initialize with DER encoded cert */
- AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
- /* init rng */
- AssertIntEQ(wc_InitRng(&rng), 0);
- pkcs7->rng = &rng;
- pkcs7->content = (byte*)data; /* not used for ex */
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->contentOID = SIGNED_DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHAh;
- pkcs7->signedAttribs = NULL;
- pkcs7->signedAttribsSz = 0;
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
- AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
- /* Read PKCS#7 PEM from BIO */
- ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
- AssertIntGE(ret, 0);
- BIO_free(bio);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- printf(resultFmt, passed);
- #endif
- }
- /*----------------------------------------------------------------------------*
- | Certificate Failure Checks
- *----------------------------------------------------------------------------*/
- #ifndef NO_CERTS
- /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
- static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
- int type)
- {
- int ret;
- WOLFSSL_CERT_MANAGER* cm = NULL;
- switch (type) {
- case TESTING_RSA:
- #ifdef NO_RSA
- printf("RSA disabled, skipping test\n");
- return ASN_SIG_CONFIRM_E;
- #else
- break;
- #endif
- case TESTING_ECC:
- #ifndef HAVE_ECC
- printf("ECC disabled, skipping test\n");
- return ASN_SIG_CONFIRM_E;
- #else
- break;
- #endif
- default:
- printf("Bad function argument\n");
- return BAD_FUNC_ARG;
- }
- cm = wolfSSL_CertManagerNew();
- if (cm == NULL) {
- printf("wolfSSL_CertManagerNew failed\n");
- return -1;
- }
- #ifndef NO_FILESYSTEM
- ret = wolfSSL_CertManagerLoadCA(cm, ca, 0);
- if (ret != WOLFSSL_SUCCESS) {
- printf("wolfSSL_CertManagerLoadCA failed\n");
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- #else
- (void)ca;
- #endif
- ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1);
- /* Let AssertIntEQ handle return code */
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- static int test_RsaSigFailure_cm(void)
- {
- int ret = 0;
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* server_cert = "./certs/server-cert.der";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- ret = load_file(server_cert, &cert_buf, &cert_sz);
- if (ret == 0) {
- /* corrupt DER - invert last byte, which is signature */
- cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
- /* test bad cert */
- ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA);
- }
- printf("Signature failure test: RSA: Ret %d\n", ret);
- if (cert_buf)
- free(cert_buf);
- return ret;
- }
- static int test_EccSigFailure_cm(void)
- {
- int ret = 0;
- /* self-signed ECC cert, so use server cert as CA */
- const char* ca_cert = "./certs/ca-ecc-cert.pem";
- const char* server_cert = "./certs/server-ecc.der";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- ret = load_file(server_cert, &cert_buf, &cert_sz);
- if (ret == 0) {
- /* corrupt DER - invert last byte, which is signature */
- cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
- /* test bad cert */
- ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC);
- }
- printf("Signature failure test: ECC: Ret %d\n", ret);
- if (cert_buf)
- free(cert_buf);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- return ret;
- }
- #endif /* NO_CERTS */
- #ifdef WOLFSSL_TLS13
- #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
- static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
- #endif
- #ifdef WOLFSSL_EARLY_DATA
- static const char earlyData[] = "Early Data";
- static char earlyDataBuffer[1];
- #endif
- static int test_tls13_apis(void)
- {
- int ret = 0;
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_CLIENT
- WOLFSSL_CTX* clientTls12Ctx;
- WOLFSSL* clientTls12Ssl;
- #endif
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* serverTls12Ctx;
- WOLFSSL* serverTls12Ssl;
- #endif
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- WOLFSSL_CTX* clientCtx;
- WOLFSSL* clientSsl;
- #endif
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* serverCtx;
- WOLFSSL* serverSsl;
- #ifndef NO_CERTS
- const char* ourCert = svrCertFile;
- const char* ourKey = svrKeyFile;
- #endif
- #endif
- #ifdef WOLFSSL_EARLY_DATA
- int outSz;
- #endif
- int groups[2] = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_X448 };
- int numGroups = 2;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- char groupList[] = "P-521:P-384:P-256";
- #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_CLIENT
- clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
- clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
- #ifndef NO_CERTS
- wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
- wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
- #endif
- serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
- #endif
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
- clientSsl = wolfSSL_new(clientCtx);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
- #ifndef NO_CERTS
- wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
- wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
- #endif
- serverSsl = wolfSSL_new(serverCtx);
- #endif
- #ifdef WOLFSSL_SEND_HRR_COOKIE
- AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
- WOLFSSL_SUCCESS);
- #endif
- #endif
- #ifdef HAVE_ECC
- AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
- WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
- WOLFSSL_SUCCESS);
- #endif
- #elif defined(HAVE_CURVE25519)
- AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
- WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
- WOLFSSL_SUCCESS);
- #endif
- #elif defined(HAVE_CURVE448)
- AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
- WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
- WOLFSSL_SUCCESS);
- #endif
- #else
- AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
- NOT_COMPILED_IN);
- #endif
- AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
- NOT_COMPILED_IN);
- #endif
- #endif
- AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
- #endif
- AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
- #endif
- AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
- #endif
- AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
- #endif
- AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
- #endif
- #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
- AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
- #endif
- AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
- #endif
- AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
- #endif
- #endif
- #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
- AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
- #endif
- #endif
- AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
- WOLFSSL_MAX_GROUP_COUNT + 1),
- BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
- WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_set_groups(clientSsl, groups,
- WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
- WOLFSSL_SUCCESS);
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE);
- #endif
- AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
- WOLFSSL_FAILURE);
- #endif
- AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
- WOLFSSL_SUCCESS);
- #endif
- AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
- #endif
- AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
- WOLFSSL_FAILURE);
- #endif
- AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
- WOLFSSL_SUCCESS);
- #endif
- #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
- #ifdef WOLFSSL_EARLY_DATA
- AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0);
- #endif
- AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0);
- #endif
- AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
- &outSz), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
- &outSz), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
- BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
- sizeof(earlyData), NULL),
- BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
- sizeof(earlyData), &outSz),
- SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
- sizeof(earlyData), &outSz),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
- sizeof(earlyData), &outSz),
- WOLFSSL_FATAL_ERROR);
- #endif
- AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz),
- BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
- sizeof(earlyDataBuffer), &outSz),
- BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz),
- BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
- sizeof(earlyDataBuffer), NULL),
- BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz),
- SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz),
- BAD_FUNC_ARG);
- #endif
- AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz),
- WOLFSSL_FATAL_ERROR);
- #endif
- #endif
- #ifndef NO_WOLFSSL_SERVER
- wolfSSL_free(serverSsl);
- wolfSSL_CTX_free(serverCtx);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- wolfSSL_free(clientSsl);
- wolfSSL_CTX_free(clientCtx);
- #endif
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- wolfSSL_free(serverTls12Ssl);
- wolfSSL_CTX_free(serverTls12Ctx);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- wolfSSL_free(clientTls12Ssl);
- wolfSSL_CTX_free(clientTls12Ctx);
- #endif
- #endif
- return ret;
- }
- #endif
- #ifdef HAVE_PK_CALLBACKS
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
- static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
- const unsigned char* priv, unsigned int privSz,
- const unsigned char* pubKeyDer, unsigned int pubKeySz,
- unsigned char* out, unsigned int* outlen,
- void* ctx)
- {
- /* Test fail when context associated with WOLFSSL is NULL */
- if (ctx == NULL) {
- return -1;
- }
- (void)ssl;
- /* return 0 on success */
- return wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
- };
- static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
- wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
- #ifdef WOLFSSL_AES_128
- AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
- WOLFSSL_SUCCESS);
- #endif
- #ifdef WOLFSSL_AES_256
- AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
- WOLFSSL_SUCCESS);
- #endif
- }
- static void test_dh_ssl_setup(WOLFSSL* ssl)
- {
- static int dh_test_ctx = 1;
- int ret;
- wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
- AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
- ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
- AssertIntEQ(ret, WOLFSSL_SUCCESS);
- }
- }
- static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
- {
- int ret;
- wolfSSL_SetDhAgreeCtx(ssl, NULL);
- AssertNull(wolfSSL_GetDhAgreeCtx(ssl));
- ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
- AssertIntEQ(ret, WOLFSSL_SUCCESS);
- }
- }
- #endif
- static void test_DhCallbacks(void)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
- WOLFSSL_CTX *ctx;
- WOLFSSL *ssl;
- tcp_ready ready;
- func_args server_args;
- func_args client_args;
- THREAD_TYPE serverThread;
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- int test;
- printf(testingFmt, "test_DhCallbacks");
- #ifndef NO_WOLFSSL_CLIENT
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
- wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
- /* load client ca cert */
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
- WOLFSSL_SUCCESS);
- /* test with NULL arguments */
- wolfSSL_SetDhAgreeCtx(NULL, &test);
- AssertNull(wolfSSL_GetDhAgreeCtx(NULL));
- /* test success case */
- test = 1;
- AssertNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_SetDhAgreeCtx(ssl, &test);
- AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- /* test a connection where callback is used */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- client_args.signal = &ready;
- server_args.return_code = TEST_FAIL;
- client_args.return_code = TEST_FAIL;
- /* set callbacks to use DH functions */
- func_cb_client.ctx_ready = &test_dh_ctx_setup;
- func_cb_client.ssl_ready = &test_dh_ssl_setup;
- #ifndef WOLFSSL_NO_TLS12
- func_cb_client.method = wolfTLSv1_2_client_method;
- #else
- func_cb_client.method = wolfTLSv1_3_client_method;
- #endif
- client_args.callbacks = &func_cb_client;
- func_cb_server.ctx_ready = &test_dh_ctx_setup;
- func_cb_server.ssl_ready = &test_dh_ssl_setup;
- #ifndef WOLFSSL_NO_TLS12
- func_cb_server.method = wolfTLSv1_2_server_method;
- #else
- func_cb_server.method = wolfTLSv1_3_server_method;
- #endif
- server_args.callbacks = &func_cb_server;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- AssertTrue(client_args.return_code);
- AssertTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- /* now set user ctx to not be 1 so that the callback returns fail case */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- client_args.signal = &ready;
- server_args.return_code = TEST_FAIL;
- client_args.return_code = TEST_FAIL;
- /* set callbacks to use DH functions */
- func_cb_client.ctx_ready = &test_dh_ctx_setup;
- func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
- #ifndef WOLFSSL_NO_TLS12
- func_cb_client.method = wolfTLSv1_2_client_method;
- #else
- func_cb_client.method = wolfTLSv1_3_client_method;
- #endif
- client_args.callbacks = &func_cb_client;
- func_cb_server.ctx_ready = &test_dh_ctx_setup;
- func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
- #ifndef WOLFSSL_NO_TLS12
- func_cb_server.method = wolfTLSv1_2_server_method;
- #else
- func_cb_server.method = wolfTLSv1_3_server_method;
- #endif
- server_args.callbacks = &func_cb_server;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- AssertIntEQ(client_args.return_code, TEST_FAIL);
- AssertIntEQ(server_args.return_code, TEST_FAIL);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- printf(resultFmt, passed);
- #endif
- }
- #endif /* HAVE_PK_CALLBACKS */
- #ifdef HAVE_HASHDRBG
- #ifdef TEST_RESEED_INTERVAL
- static int test_wc_RNG_GenerateBlock_Reseed(void)
- {
- int i, ret;
- WC_RNG rng;
- byte key[32];
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- for(i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
- ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
- if (ret != 0) {
- break;
- }
- }
- }
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* TEST_RESEED_INTERVAL */
- static int test_wc_RNG_GenerateBlock(void)
- {
- int i, ret;
- WC_RNG rng;
- byte key[32];
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- for(i = 0; i < 10; i++) {
- ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
- if (ret != 0) {
- break;
- }
- }
- }
- wc_FreeRng(&rng);
- (void)rng; /* for WC_NO_RNG case */
- (void)key;
- return ret;
- }
- #endif
- /*
- * Testing get_rand_digit
- */
- static int test_get_rand_digit (void)
- {
- int ret = 0;
- #if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
- WC_RNG rng;
- mp_digit d;
- printf(testingFmt, "get_rand_digit()");
- ret = wc_InitRng(&rng);
- if (ret == 0) {
- ret = get_rand_digit(&rng, &d);
- }
- if (ret == 0) {
- ret = get_rand_digit(NULL, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = get_rand_digit(NULL, &d);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = get_rand_digit(&rng, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = wc_FreeRng(&rng);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_get_rand_digit*/
- /*
- * Testing get_digit_count
- */
- static int test_get_digit_count (void)
- {
- int ret = 0;
- #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- printf(testingFmt, "get_digit_count()");
- if (mp_init(&a) != MP_OKAY) {
- ret = -1;
- }
- if (ret == 0) {
- ret = get_digit_count(NULL);
- }
- if (ret == 0) {
- ret = get_digit_count(&a);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- mp_clear(&a);
- #endif
- return ret;
- }/* End test_get_digit_count*/
- /*
- * Testing mp_cond_copy
- */
- static int test_mp_cond_copy (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- mp_int b;
- int copy = 0;
- printf(testingFmt, "mp_cond_copy()");
- if (mp_init(&a) != MP_OKAY) {
- ret = -1;
- }
- if (ret == 0) {
- if (mp_init(&b) != MP_OKAY) {
- ret = -1;
- }
- }
- if (ret == 0) {
- ret = mp_cond_copy(NULL, copy, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = mp_cond_copy(NULL, copy, &b);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = mp_cond_copy(&a, copy, NULL);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = mp_cond_copy(&a, copy, &b);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- mp_clear(&a);
- mp_clear(&b);
- #endif
- return ret;
- }/* End test_mp_cond_copy*/
- /*
- * Testing mp_rand
- */
- static int test_mp_rand (void)
- {
- int ret = 0;
- #if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- int digits = 1;
- WC_RNG rng;
- printf(testingFmt, "mp_rand()");
- if (mp_init(&a) != MP_OKAY) {
- ret = -1;
- }
- if (ret == 0) {
- ret = wc_InitRng(&rng);
- }
- if (ret == 0) {
- ret = mp_rand(&a, digits, NULL);
- if (ret == MISSING_RNG_E) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = mp_rand(NULL, digits, &rng);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = mp_rand(&a, 0, &rng);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- if (ret == 0) {
- ret = mp_rand(&a, digits, &rng);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- mp_clear(&a);
- wc_FreeRng(&rng);
- #endif
- return ret;
- }/* End test_mp_rand*/
- /*
- * Testing get_digit
- */
- static int test_get_digit (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- int n = 0;
- printf(testingFmt, "get_digit()");
- if (mp_init(&a) != MP_OKAY) {
- ret = -1;
- }
- if (ret == 0) {
- if (get_digit(NULL, n) != 0) { /* Should not hit this */
- ret = -1;
- }
- }
- if (ret == 0) {
- if (get_digit(NULL, n) == 0) { /* Should hit this */
- ret = 0;
- }
- }
- if (ret == 0) {
- if (get_digit(&a, n) != 0) { /* Should not hit this */
- ret = -1;
- }
- }
- if (ret == 0) {
- if (get_digit(&a, n) == 0) { /* Should hit this */
- ret = 0;
- }
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- mp_clear(&a);
- #endif
- return ret;
- }/* End test_get_digit*/
- /*
- * Testing wc_export_int
- */
- static int test_wc_export_int (void)
- {
- int ret = 0;
- #if defined(WOLFSSL_PUBLIC_MP)
- mp_int mp;
- byte buf[256];
- word32 keySz = (word32)sizeof(buf);
- word32 len = (word32)sizeof(buf);
- int encType = WC_TYPE_UNSIGNED_BIN;
- printf(testingFmt, "wc_export_int()");
- if (mp_init(&mp) != MP_OKAY) {
- ret = -1;
- }
- if (ret == 0) {
- ret = wc_export_int(NULL, buf, &len, keySz, encType);
- if (ret == BAD_FUNC_ARG) {
- ret = 0;
- }
- }
- len = sizeof(buf)-1;
- if (ret == 0) {
- ret = wc_export_int(&mp, buf, &len, keySz, encType);
- if (ret == BUFFER_E) {
- ret = 0;
- }
- }
- len = sizeof(buf);
- if (ret == 0) {
- ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_HEX_STR);
- }
- if (ret == 0) {
- ret = wc_export_int(&mp, buf, &len, keySz, encType);
- }
- printf(resultFmt, ret == 0 ? passed : failed);
- mp_clear(&mp);
- #endif
- return ret;
- }/* End test_wc_export_int*/
- static int test_wc_InitRngNonce(void)
- {
- int ret=0;
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
- WC_RNG rng;
- byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
- "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
- word32 nonceSz = sizeof(nonce);
- printf(testingFmt, "wc_InitRngNonce()");
- if (ret == 0){
- ret = wc_InitRngNonce(&rng, nonce, nonceSz);
- }
- wc_FreeRng(&rng);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/* End test_wc_InitRngNonce*/
- /*
- * Testing wc_InitRngNonce_ex
- */
- static int test_wc_InitRngNonce_ex(void)
- {
- int ret=0;
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
- WC_RNG rng;
- byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
- "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
- word32 nonceSz = sizeof(nonce);
- printf(testingFmt, "wc_InitRngNonce_ex()");
- if (ret == 0){
- ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, devId);
- }
- wc_FreeRng(&rng);
- printf(resultFmt, ret == 0 ? passed : failed);
- #endif
- return ret;
- }/*End test_wc_InitRngNonce_ex*/
- static void test_wolfSSL_X509_CRL(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
- X509_CRL *crl;
- char pem[][100] = {
- "./certs/crl/crl.pem",
- "./certs/crl/crl2.pem",
- "./certs/crl/caEccCrl.pem",
- "./certs/crl/eccCliCRL.pem",
- "./certs/crl/eccSrvCRL.pem",
- ""
- };
- BIO *bio;
- #ifdef HAVE_TEST_d2i_X509_CRL_fp
- char der[][100] = {
- "./certs/crl/crl.der",
- "./certs/crl/crl2.der",
- ""};
- #endif
- XFILE fp;
- int i;
- printf(testingFmt, "test_wolfSSL_X509_CRL");
- for (i = 0; pem[i][0] != '\0'; i++)
- {
- fp = XFOPEN(pem[i], "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
- AssertNotNull(crl);
- X509_CRL_free(crl);
- XFCLOSE(fp);
- fp = XFOPEN(pem[i], "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL));
- AssertNotNull(crl);
- X509_CRL_free(crl);
- XFCLOSE(fp);
- }
- for (i = 0; pem[i][0] != '\0'; i++)
- {
- AssertNotNull(bio = BIO_new_file(pem[i], "r"));
- AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
- X509_CRL_free(crl);
- BIO_free(bio);
- }
- #ifdef HAVE_TEST_d2i_X509_CRL_fp
- for(i = 0; der[i][0] != '\0'; i++){
- fp = XFOPEN(der[i], "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
- AssertNotNull(crl);
- X509_CRL_free(crl);
- XFCLOSE(fp);
- fp = XFOPEN(der[i], "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
- AssertNotNull(crl);
- X509_CRL_free(crl);
- XFCLOSE(fp);
- }
- #endif
- printf(resultFmt, passed);
- #endif
- return;
- }
- static void test_wolfSSL_PEM_read_X509(void)
- {
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA)
- X509 *x509 = NULL;
- XFILE fp;
- printf(testingFmt, "wolfSSL_PEM_read_X509");
- fp = XFOPEN(svrCertFile, "rb");
- AssertTrue((fp != XBADFILE));
- AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL));
- X509_free(x509);
- XFCLOSE(fp);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_PEM_read(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
- const char* filename = "./certs/server-keyEnc.pem";
- XFILE fp;
- char* name = NULL;
- char* header = NULL;
- byte* data = NULL;
- long len;
- EVP_CIPHER_INFO cipher;
- WOLFSSL_BIO* bio;
- byte* fileData;
- size_t fileDataSz;
- byte* out;
- printf(testingFmt, "wolfSSL_PEM_read");
- fp = XFOPEN(filename, "rb");
- AssertTrue((fp != XBADFILE));
- /* Fail cases. */
- AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
- AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
- AssertIntGT(XSTRLEN(header), 0);
- AssertIntGT(len, 0);
- AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
- AssertIntGT((fileDataSz = XFTELL(fp)), 0);
- AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
- AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
- XFCLOSE(fp);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- /* Fail cases. */
- AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0);
- AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0);
- AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0);
- AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0);
- AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
- AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
- AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
- /* Fail cases. */
- AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
- #ifndef NO_DES3
- AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
- #endif
- /* Fail cases. */
- AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
- (void*)"yassl123"), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
- (void*)"yassl123"), WOLFSSL_FAILURE);
- AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL,
- (void*)"yassl123"), WOLFSSL_FAILURE);
- #if !defined(NO_DES3) && !defined(NO_MD5)
- AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
- (void*)"yassl123"), WOLFSSL_SUCCESS);
- #endif
- BIO_free(bio);
- XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- name = NULL;
- header = NULL;
- data = NULL;
- fp = XFOPEN(svrKeyFile, "rb");
- AssertTrue((fp != XBADFILE));
- AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
- AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
- AssertIntEQ(XSTRLEN(header), 0);
- AssertIntGT(len, 0);
- AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
- AssertIntGT((fileDataSz = XFTELL(fp)), 0);
- AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
- AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
- XFCLOSE(fp);
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
- AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
- AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
- BIO_free(bio);
- XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfssl_EVP_aes_gcm(void)
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* A 256 bit key, AES_128 will use the first 128 bit*/
- byte *key = (byte*)"01234567890123456789012345678901";
- /* A 128 bit IV */
- byte *iv = (byte*)"0123456789012345";
- int ivSz = AES_BLOCK_SIZE;
- /* Message to be encrypted */
- byte *plaintxt = (byte*)"for things to change you have to change";
- /* Additional non-confidential data */
- byte *aad = (byte*)"Don't spend major time on minor things.";
- unsigned char tag[AES_BLOCK_SIZE] = {0};
- int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
- int aadSz = (int)XSTRLEN((char*)aad);
- byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- int i = 0;
- EVP_CIPHER_CTX en[2];
- EVP_CIPHER_CTX de[2];
- printf(testingFmt, "wolfssl_EVP_aes_gcm");
- for (i = 0; i < 2; i++) {
- EVP_CIPHER_CTX_init(&en[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- #ifdef WOLFSSL_AES_128
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv));
- #elif defined(WOLFSSL_AES_192)
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv));
- #elif defined(WOLFSSL_AES_256)
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv));
- #endif
- }
- else {
- #ifdef WOLFSSL_AES_128
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
- #elif defined(WOLFSSL_AES_192)
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
- #elif defined(WOLFSSL_AES_256)
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
- #endif
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- }
- AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
- AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
- ciphertxtSz = len;
- AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
- ciphertxtSz += len;
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag));
- EVP_CIPHER_CTX_init(&de[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- #ifdef WOLFSSL_AES_128
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
- #elif defined(WOLFSSL_AES_192)
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
- #elif defined(WOLFSSL_AES_256)
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
- #endif
- }
- else {
- #ifdef WOLFSSL_AES_128
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
- #elif defined(WOLFSSL_AES_192)
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
- #elif defined(WOLFSSL_AES_256)
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
- #endif
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- }
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
- decryptedtxtSz = len;
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
- AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- decryptedtxtSz += len;
- AssertIntEQ(ciphertxtSz, decryptedtxtSz);
- AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
- /* modify tag*/
- tag[AES_BLOCK_SIZE-1]+=0xBB;
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
- /* fail due to wrong tag */
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
- AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- AssertIntEQ(0, len);
- }
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
- }
- static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
- {
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM)
- BIO* bio;
- X509_INFO* info;
- STACK_OF(X509_INFO)* sk;
- char* subject;
- char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
- char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
- printf(testingFmt, "wolfSSL_PEM_X509_INFO_read_bio");
- AssertNotNull(bio = BIO_new(BIO_s_file()));
- AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
- AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
- AssertIntEQ(sk_X509_INFO_num(sk), 2);
- /* using dereference to maintain testing for Apache port*/
- AssertNotNull(info = sk_X509_INFO_pop(sk));
- AssertNotNull(info->x_pkey);
- AssertNotNull(info->x_pkey->dec_pkey);
- AssertIntEQ(EVP_PKEY_bits(info->x_pkey->dec_pkey), 2048);
- AssertNotNull(subject =
- X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
- AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
- XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
- X509_INFO_free(info);
- AssertNotNull(info = sk_X509_INFO_pop(sk));
- AssertNotNull(subject =
- X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
- AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
- XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
- X509_INFO_free(info);
- AssertNull(info = sk_X509_INFO_pop(sk));
- sk_X509_INFO_pop_free(sk, X509_INFO_free);
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_X509_NAME_ENTRY_get_object()
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509 *x509;
- X509_NAME* name;
- int idx = 0;
- X509_NAME_ENTRY *ne;
- ASN1_OBJECT *object = NULL;
- printf(testingFmt, "wolfSSL_X509_NAME_ENTRY_get_object");
- x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- name = X509_get_subject_name(x509);
- idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
- AssertIntGE(idx, 0);
- ne = X509_NAME_get_entry(name, idx);
- AssertNotNull(ne);
- AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_INTEGER_set()
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_INTEGER *a;
- long val;
- int ret;
- printf(testingFmt, "wolfSSL_ASN1_INTEGER_set");
- a = wolfSSL_ASN1_INTEGER_new();
- val = 0;
- ret = ASN1_INTEGER_set(NULL, val);
- AssertIntEQ(ret, 0);
- wolfSSL_ASN1_INTEGER_free(a);
- /* 0 */
- a = wolfSSL_ASN1_INTEGER_new();
- val = 0;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(ret, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- /* 40 */
- a = wolfSSL_ASN1_INTEGER_new();
- val = 40;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(ret, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- /* -40 */
- a = wolfSSL_ASN1_INTEGER_new();
- val = -40;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(ret, 1);
- AssertIntEQ(a->negative, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- /* 128 */
- a = wolfSSL_ASN1_INTEGER_new();
- val = 128;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(ret, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- /* -128 */
- a = wolfSSL_ASN1_INTEGER_new();
- val = -128;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(ret, 1);
- AssertIntEQ(a->negative, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- /* 200 */
- a = wolfSSL_ASN1_INTEGER_new();
- val = 200;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(ret, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- #ifndef TIME_T_NOT_64BIT
- /* int max (2147483647) */
- a = wolfSSL_ASN1_INTEGER_new();
- val = 2147483647;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(ret, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- /* int min (-2147483648) */
- a = wolfSSL_ASN1_INTEGER_new();
- val = -2147483647 - 1;
- ret = ASN1_INTEGER_set(a, val);
- AssertIntEQ(a->negative, 1);
- AssertIntEQ(ret, 1);
- wolfSSL_ASN1_INTEGER_free(a);
- #endif
- printf(resultFmt, passed);
- #endif
- }
- /* Testing code used in dpp.c in hostap */
- #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- typedef struct {
- /* AlgorithmIdentifier ecPublicKey with optional parameters present
- * as an OID identifying the curve */
- X509_ALGOR *alg;
- /* Compressed format public key per ANSI X9.63 */
- ASN1_BIT_STRING *pub_key;
- } DPP_BOOTSTRAPPING_KEY;
- ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
- ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
- ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
- } ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY);
- IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY);
- #endif
- static void test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS()
- {
- /* Testing code used in dpp.c in hostap */
- #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- EC_KEY *eckey;
- EVP_PKEY *key;
- size_t len;
- unsigned char *der = NULL;
- DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
- const unsigned char *in = ecc_clikey_der_256;
- const EC_GROUP *group;
- const EC_POINT *point;
- int nid;
- AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
- AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
- (long)sizeof_ecc_clikey_der_256));
- AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
- AssertNotNull(group = EC_KEY_get0_group(eckey));
- AssertNotNull(point = EC_KEY_get0_public_key(eckey));
- nid = EC_GROUP_get_curve_name(group);
- AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC),
- V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1);
- #ifdef HAVE_COMP_KEY
- AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
- NULL, 0, NULL)), 0);
- #else
- AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, NULL)), 0);
- #endif
- AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
- #ifdef HAVE_COMP_KEY
- AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
- der, len, NULL), len);
- #else
- AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
- der, len, NULL), len);
- #endif
- bootstrap->pub_key->data = der;
- bootstrap->pub_key->length = (int)len;
- /* Not actually used */
- bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
- bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- der = NULL;
- AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
- XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
- EVP_PKEY_free(key);
- EC_KEY_free(eckey);
- DPP_BOOTSTRAPPING_KEY_free(bootstrap);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* WOLFSSL_WPAS && HAVE_ECC && USE_CERT_BUFFERS_256 */
- }
- static void test_wolfSSL_i2c_ASN1_INTEGER()
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_INTEGER *a;
- unsigned char *pp,*tpp;
- int ret;
- printf(testingFmt, "wolfSSL_i2c_ASN1_INTEGER");
- a = wolfSSL_ASN1_INTEGER_new();
- /* 40 */
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 40;
- ret = i2c_ASN1_INTEGER(a, NULL);
- AssertIntEQ(ret, 1);
- AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- XMEMSET(pp, 0, ret + 1);
- i2c_ASN1_INTEGER(a, &pp);
- pp--;
- AssertIntEQ(*pp, 40);
- XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- /* 128 */
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 128;
- ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
- AssertIntEQ(ret, 2);
- AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- XMEMSET(pp, 0, ret + 1);
- wolfSSL_i2c_ASN1_INTEGER(a, &pp);
- pp--;
- AssertIntEQ(*(pp--), 128);
- AssertIntEQ(*pp, 0);
- XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- /* -40 */
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 40;
- a->negative = 1;
- ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
- AssertIntEQ(ret, 1);
- AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- XMEMSET(pp, 0, ret + 1);
- wolfSSL_i2c_ASN1_INTEGER(a, &pp);
- pp--;
- AssertIntEQ(*pp, 216);
- XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- /* -128 */
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 128;
- a->negative = 1;
- ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
- AssertIntEQ(ret, 1);
- AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- XMEMSET(pp, 0, ret + 1);
- wolfSSL_i2c_ASN1_INTEGER(a, &pp);
- pp--;
- AssertIntEQ(*pp, 128);
- XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- /* -200 */
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 200;
- a->negative = 1;
- ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
- AssertIntEQ(ret, 2);
- AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- XMEMSET(pp, 0, ret + 1);
- wolfSSL_i2c_ASN1_INTEGER(a, &pp);
- pp--;
- AssertIntEQ(*(pp--), 56);
- AssertIntEQ(*pp, 255);
- XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_ASN1_INTEGER_free(a);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !NO_ASN */
- }
- #ifndef NO_INLINE
- #define WOLFSSL_MISC_INCLUDED
- #include <wolfcrypt/src/misc.c>
- #else
- #include <wolfssl/wolfcrypt/misc.h>
- #endif
- static int test_ForceZero(void)
- {
- unsigned char data[32];
- unsigned int i, j, len;
- /* Test case with 0 length */
- ForceZero(data, 0);
- /* Test ForceZero */
- for (i = 0; i < sizeof(data); i++) {
- for (len = 1; len < sizeof(data) - i; len++) {
- for (j = 0; j < sizeof(data); j++)
- data[j] = j + 1;
- ForceZero(data + i, len);
- for (j = 0; j < sizeof(data); j++) {
- if (j < i || j >= i + len) {
- if (data[j] == 0x00)
- return -10200;
- }
- else if (data[j] != 0x00)
- return -10201;
- }
- }
- }
- return 0;
- }
- static void test_wolfSSL_X509_print()
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
- X509 *x509;
- BIO *bio;
- printf(testingFmt, "wolfSSL_X509_print");
- x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
- AssertNotNull(x509);
- /* print to memory */
- AssertNotNull(bio = BIO_new(BIO_s_mem()));
- AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
- #if defined(WOLFSSL_QT)
- AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113);
- #else
- AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103);
- #endif
- BIO_free(bio);
- /* print to stdout */
- AssertNotNull(bio = BIO_new(BIO_s_file()));
- wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
- AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
- BIO_free(bio);
- X509_free(x509);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_RSA_print()
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_FAST_RSA)
- BIO *bio;
- WOLFSSL_RSA* rsa = NULL;
- printf(testingFmt, "wolfSSL_RSA_print");
- AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()));
- wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
- AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);
- BIO_free(bio);
- wolfSSL_RSA_free(rsa);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_BIO_get_len()
- {
- #if defined(OPENSSL_EXTRA)
- BIO *bio;
- const char txt[] = "Some example text to push to the BIO.";
- printf(testingFmt, "wolfSSL_BIO_get_len");
- AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
- AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
- BIO_free(bio);
- printf(resultFmt, passed);
- #endif
- }
- static void test_wolfSSL_ASN1_STRING_print(void){
- #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
- ASN1_STRING* asnStr = NULL;
- const char HELLO_DATA[]= \
- {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
- const unsigned int MAX_UNPRINTABLE_CHAR = 32;
- const unsigned int MAX_BUF = 255;
- const int LF = 10, CR = 13;
- unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
- unsigned char expected[sizeof(unprintableData)+1];
- unsigned char rbuf[MAX_BUF];
- BIO *bio;
- int p_len, i;
- printf(testingFmt, "wolfSSL_ASN1_STRING_print()");
- /* setup */
- for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
- unprintableData[i] = HELLO_DATA[i];
- expected[i] = HELLO_DATA[i];
- }
- for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
- unprintableData[sizeof(HELLO_DATA)+i] = i;
- if (i == LF || i == CR)
- expected[sizeof(HELLO_DATA)+i] = i;
- else
- expected[sizeof(HELLO_DATA)+i] = '.';
- }
- unprintableData[sizeof(unprintableData)-1] = '\0';
- expected[sizeof(expected)-1] = '\0';
- XMEMSET(rbuf, 0, MAX_BUF);
- bio = BIO_new(BIO_s_mem());
- BIO_set_write_buf_size(bio, MAX_BUF);
- asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
- ASN1_STRING_set(asnStr,(const void*)unprintableData,
- (int)sizeof(unprintableData));
- /* test */
- p_len = wolfSSL_ASN1_STRING_print(bio, asnStr);
- AssertIntEQ(p_len, 46);
- BIO_read(bio, (void*)rbuf, 46);
- AssertStrEQ((char*)rbuf, (const char*)expected);
- BIO_free(bio);
- ASN1_STRING_free(asnStr);
- printf(resultFmt, passed);
- #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */
- }
- static void test_wolfSSL_RSA_verify()
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
- !defined(NO_FILESYSTEM) && defined(HAVE_CRL)
- XFILE fp;
- RSA *pKey, *pubKey;
- X509 *cert;
- const char *text = "Hello wolfSSL !";
- unsigned char hash[SHA256_DIGEST_LENGTH];
- unsigned char signature[2048/8];
- unsigned int signatureLength;
- byte *buf;
- BIO *bio;
- SHA256_CTX c;
- EVP_PKEY *evpPkey, *evpPubkey;
- size_t sz;
- printf(testingFmt, "wolfSSL_RSA_verify");
- /* generate hash */
- SHA256_Init(&c);
- SHA256_Update(&c, text, strlen(text));
- SHA256_Final(hash, &c);
- /* read privete key file */
- fp = XFOPEN(svrKeyFile, "r");
- AssertTrue((fp != XBADFILE));
- XFSEEK(fp, 0, XSEEK_END);
- sz = XFTELL(fp);
- XREWIND(fp);
- AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- AssertIntEQ(XFREAD(buf, 1, sz, fp), sz);
- XFCLOSE(fp);
- /* read private key and sign hash data */
- AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
- AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
- AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
- signature, &signatureLength, pKey), SSL_SUCCESS);
- /* read public key and verify signed data */
- fp = XFOPEN(svrCertFile,"r");
- AssertTrue((fp != XBADFILE));
- cert = PEM_read_X509(fp, 0, 0, 0 );
- XFCLOSE(fp);
- evpPubkey = X509_get_pubkey(cert);
- pubKey = EVP_PKEY_get1_RSA(evpPubkey);
- AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
- signatureLength, pubKey), SSL_SUCCESS);
- RSA_free(pKey);
- EVP_PKEY_free(evpPkey);
- RSA_free(pubKey);
- EVP_PKEY_free(evpPubkey);
- X509_free(cert);
- BIO_free(bio);
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- printf(resultFmt, passed);
- #endif
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- static void test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
- {
- X509* x509 = NULL;
- BIGNUM* serial_number = NULL;
- X509_NAME* name = NULL;
- time_t epoch_off = 0;
- ASN1_INTEGER* asn1_serial_number;
- long not_before, not_after;
- AssertNotNull(x509 = X509_new());
- AssertIntNE(X509_set_pubkey(x509, pkey), 0);
- AssertNotNull(serial_number = BN_new());
- AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0);
- AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509));
- AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number));
- /* version 3 */
- AssertIntNE(X509_set_version(x509, 2L), 0);
- AssertNotNull(name = X509_NAME_new());
- AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
- (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
- AssertIntNE(X509_set_subject_name(x509, name), 0);
- AssertIntNE(X509_set_issuer_name(x509, name), 0);
- not_before = (long)XTIME(NULL);
- not_after = not_before + (365 * 24 * 60 * 60);
- AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off));
- AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off));
- AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
- BN_free(serial_number);
- X509_NAME_free(name);
- X509_free(x509);
- }
- #endif
- static void test_openssl_generate_key_and_cert(void)
- {
- #if defined(OPENSSL_EXTRA)
- #if !defined(NO_RSA)
- {
- EVP_PKEY* pkey = EVP_PKEY_new();
- int key_length = 2048;
- BIGNUM* exponent = BN_new();
- RSA* rsa = RSA_new();
- AssertNotNull(pkey);
- AssertNotNull(exponent);
- AssertNotNull(rsa);
- AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0);
- #ifndef WOLFSSL_KEY_GEN
- AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), WOLFSSL_FAILURE);
- #if defined(USE_CERT_BUFFERS_1024)
- AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024,
- sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0);
- key_length = 1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0);
- #else
- RSA_free(rsa);
- rsa = NULL;
- #endif
- #else
- AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
- #endif
- if (rsa) {
- AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0);
- BN_free(exponent);
- #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- test_openssl_make_self_signed_certificate(pkey);
- #endif
- }
- EVP_PKEY_free(pkey);
- }
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- {
- EVP_PKEY* pkey = EVP_PKEY_new();
- EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- AssertNotNull(pkey);
- AssertNotNull(ec_key);
- #ifndef NO_WOLFSSL_STUB
- EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
- #endif
- AssertIntNE(EC_KEY_generate_key(ec_key), 0);
- AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0);
- #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- test_openssl_make_self_signed_certificate(pkey);
- #endif
- EVP_PKEY_free(pkey);
- }
- #endif /* HAVE_ECC */
- #endif /* OPENSSL_EXTRA */
- }
- static void test_stubs_are_stubs()
- {
- #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL_CTX* ctxN = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- #elif !defined(NO_WOLFSSL_SERVER)
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- AssertNotNull(ctx);
- #else
- return;
- #endif
- #define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \
- AssertIntEQ((int) x(z), 0)
- /* test logic, all stubs return same result regardless of ctx being NULL
- * as there are no sanity checks, it's just a stub! If at some
- * point a stub is not a stub it should begin to return BAD_FUNC_ARG
- * if invalid inputs are supplied. Test calling both
- * with and without valid inputs, if a stub functionality remains unchanged.
- */
- CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */
- }
- static void test_wolfSSL_CTX_LoadCRL()
- {
- #ifdef HAVE_CRL
- WOLFSSL_CTX* ctx = NULL;
- const char* badPath = "dummypath";
- const char* validPath = "./certs/crl";
- int derType = WOLFSSL_FILETYPE_ASN1;
- int rawType = WOLFSSL_FILETYPE_RAW;
- int pemType = WOLFSSL_FILETYPE_PEM;
- int monitor = WOLFSSL_CRL_MONITOR;
- #define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
- BAD_FUNC_ARG)
- #define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
- WOLFSSL_SUCCESS)
- FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
- #ifndef NO_WOLFSSL_CLIENT
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #elif !defined(NO_WOLFSSL_SERVER)
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- return;
- #endif
- SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
- SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
- SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
- SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, rawType, monitor);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #endif
- }
- static void test_SetTmpEC_DHE_Sz(void)
- {
- #if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx;
- WOLFSSL *ssl;
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- AssertNotNull(ctx);
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32));
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- }
- static void test_wolfSSL_dtls_set_mtu(void)
- {
- #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
- defined(WOLFSSL_DTLS)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- const char* testCertFile;
- const char* testKeyFile;
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #endif
- if (testCertFile != NULL && testKeyFile != NULL) {
- AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- }
- AssertNotNull(ssl = wolfSSL_new(ctx));
- AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
- AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
- AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- printf(testingFmt, "wolfSSL_dtls_set_mtu()");
- printf(resultFmt, passed);
- #endif
- }
- #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_CERTS)
- static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
- {
- int ret;
- if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
- printf("loading cert %s failed\n", certA);
- printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
- return -1;
- }
- return 0;
- }
- static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
- {
- int ret;
- if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
- != WOLFSSL_SUCCESS) {
- printf("could not verify the cert: %s\n", certA);
- printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
- return -1;
- } else {
- printf("successfully verified: %s\n", certA);
- }
- return 0;
- }
- #define LOAD_ONE_CA(a, b, c, d) \
- do { \
- a = load_ca_into_cm(c, d); \
- if (a != 0) \
- return b; \
- else \
- b--; \
- } while(0)
- #define VERIFY_ONE_CERT(a, b, c, d) \
- do { \
- a = verify_cert_with_cm(c, d); \
- if (a != 0) \
- return b; \
- else \
- b--; \
- } while(0)
- static int test_chainG(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */
- char chainGArr[9][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainG-ICA7-pathlen100.pem",
- "certs/test-pathlen/chainG-ICA6-pathlen10.pem",
- "certs/test-pathlen/chainG-ICA5-pathlen20.pem",
- "certs/test-pathlen/chainG-ICA4-pathlen5.pem",
- "certs/test-pathlen/chainG-ICA3-pathlen99.pem",
- "certs/test-pathlen/chainG-ICA2-pathlen1.pem",
- "certs/test-pathlen/chainG-ICA1-pathlen0.pem",
- "certs/test-pathlen/chainG-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */
- /* test validating the entity twice, should have no effect on pathLen since
- * entity/leaf cert */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */
- return ret;
- }
- static int test_chainH(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9:
- * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2)
- * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1)
- * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0)
- * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR)
- * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
- */
- char chainHArr[6][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainH-ICA4-pathlen2.pem",
- "certs/test-pathlen/chainH-ICA3-pathlen2.pem",
- "certs/test-pathlen/chainH-ICA2-pathlen2.pem",
- "certs/test-pathlen/chainH-ICA1-pathlen0.pem",
- "certs/test-pathlen/chainH-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */
- return ret;
- }
- static int test_chainI(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain I is a valid chain per RFC5280 section 4.2.1.9:
- * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2)
- * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1)
- * ICA1-no_pathlen signing entity (reduce maxPathLen to 0)
- * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
- */
- char chainIArr[5][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainI-ICA3-pathlen2.pem",
- "certs/test-pathlen/chainI-ICA2-no_pathlen.pem",
- "certs/test-pathlen/chainI-ICA1-no_pathlen.pem",
- "certs/test-pathlen/chainI-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */
- return ret;
- }
- static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9:
- * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2)
- * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1)
- * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0)
- * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert)
- */
- char chainJArr[6][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainJ-ICA4-pathlen2.pem",
- "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem",
- "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem",
- "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem",
- "certs/test-pathlen/chainJ-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */
- return ret;
- }
- static int test_various_pathlen_chains(void)
- {
- int ret;
- WOLFSSL_CERT_MANAGER* cm;
- /* Test chain G (large chain with varying pathLens) */
- if ((cm = wolfSSL_CertManagerNew()) == NULL) {
- printf("cert manager new failed\n");
- return -1;
- }
- AssertIntEQ(test_chainG(cm), 0);
- ret = wolfSSL_CertManagerUnloadCAs(cm);
- if (ret != WOLFSSL_SUCCESS)
- return -1;
- wolfSSL_CertManagerFree(cm);
- /* end test chain G */
- /* Test chain H (5 chain with same pathLens) */
- if ((cm = wolfSSL_CertManagerNew()) == NULL) {
- printf("cert manager new failed\n");
- return -1;
- }
- AssertIntLT(test_chainH(cm), 0);
- wolfSSL_CertManagerUnloadCAs(cm);
- wolfSSL_CertManagerFree(cm);
- if ((cm = wolfSSL_CertManagerNew()) == NULL) {
- printf("cert manager new failed\n");
- return -1;
- }
- ret = wolfSSL_CertManagerUnloadCAs(cm);
- if (ret != WOLFSSL_SUCCESS)
- return -1;
- wolfSSL_CertManagerFree(cm);
- /* end test chain H */
- /* Test chain I (only first ICA has pathLen set and it's set to 2,
- * followed by 2 ICA's, should pass) */
- if ((cm = wolfSSL_CertManagerNew()) == NULL) {
- printf("cert manager new failed\n");
- return -1;
- }
- AssertIntEQ(test_chainI(cm), 0);
- wolfSSL_CertManagerUnloadCAs(cm);
- wolfSSL_CertManagerFree(cm);
- if ((cm = wolfSSL_CertManagerNew()) == NULL) {
- printf("cert manager new failed\n");
- return -1;
- }
- ret = wolfSSL_CertManagerUnloadCAs(cm);
- if (ret != WOLFSSL_SUCCESS)
- return -1;
- wolfSSL_CertManagerFree(cm);
- /* Test chain J (Again only first ICA has pathLen set and it's set to 2,
- * this time followed by 3 ICA's, should fail */
- if ((cm = wolfSSL_CertManagerNew()) == NULL) {
- printf("cert manager new failed\n");
- return -1;
- }
- AssertIntLT(test_chainJ(cm), 0);
- wolfSSL_CertManagerUnloadCAs(cm);
- wolfSSL_CertManagerFree(cm);
- if ((cm = wolfSSL_CertManagerNew()) == NULL) {
- printf("cert manager new failed\n");
- return -1;
- }
- ret = wolfSSL_CertManagerUnloadCAs(cm);
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
- /*----------------------------------------------------------------------------*
- | Main
- *----------------------------------------------------------------------------*/
- void ApiTest(void)
- {
- printf("\n-----------------Porting tests------------------\n");
- AssertTrue(test_fileAccess());
- printf(" Begin API Tests\n");
- AssertIntEQ(test_wolfSSL_Init(), WOLFSSL_SUCCESS);
- /* wolfcrypt initialization tests */
- test_wolfSSL_Method_Allocators();
- #ifndef NO_WOLFSSL_SERVER
- test_wolfSSL_CTX_new(wolfSSLv23_server_method());
- #endif
- #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
- (!defined(NO_RSA) || defined(HAVE_ECC))
- test_for_double_Free();
- #endif
- test_wolfSSL_CTX_use_certificate_file();
- AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS);
- test_wolfSSL_CTX_use_PrivateKey_file();
- test_wolfSSL_CTX_load_verify_locations();
- test_wolfSSL_CertManagerLoadCABuffer();
- test_wolfSSL_CertManagerGetCerts();
- test_wolfSSL_CertManagerSetVerify();
- test_wolfSSL_CertManagerNameConstraint();
- test_wolfSSL_CertManagerCRL();
- test_wolfSSL_CTX_load_verify_locations_ex();
- test_wolfSSL_CTX_load_verify_buffer_ex();
- test_wolfSSL_CTX_load_verify_chain_buffer_format();
- test_wolfSSL_CTX_use_certificate_chain_file_format();
- test_wolfSSL_CTX_trust_peer_cert();
- test_wolfSSL_CTX_SetTmpDH_file();
- test_wolfSSL_CTX_SetTmpDH_buffer();
- test_wolfSSL_CTX_SetMinMaxDhKey_Sz();
- test_wolfSSL_CTX_der_load_verify_locations();
- test_wolfSSL_CTX_enable_disable();
- test_server_wolfSSL_new();
- test_client_wolfSSL_new();
- test_wolfSSL_SetTmpDH_file();
- test_wolfSSL_SetTmpDH_buffer();
- test_wolfSSL_SetMinMaxDhKey_Sz();
- test_SetTmpEC_DHE_Sz();
- test_wolfSSL_dtls_set_mtu();
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- test_wolfSSL_read_write();
- #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
- test_wolfSSL_reuse_WOLFSSLobj();
- #endif
- test_wolfSSL_dtls_export();
- #endif
- AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS);
- AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS);
- /* TLS extensions tests */
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- test_wolfSSL_UseSNI();
- #endif
- test_wolfSSL_UseTrustedCA();
- test_wolfSSL_UseMaxFragment();
- test_wolfSSL_UseTruncatedHMAC();
- test_wolfSSL_UseSupportedCurve();
- test_wolfSSL_UseALPN();
- test_wolfSSL_DisableExtendedMasterSecret();
- test_wolfSSL_wolfSSL_UseSecureRenegotiation();
- /* X509 tests */
- test_wolfSSL_X509_NAME_get_entry();
- test_wolfSSL_PKCS12();
- test_wolfSSL_no_password_cb();
- test_wolfSSL_PKCS8();
- test_wolfSSL_PKCS8_ED25519();
- test_wolfSSL_PKCS8_ED448();
- test_wolfSSL_PKCS5();
- test_wolfSSL_URI();
- test_wolfSSL_TBS();
- test_wolfSSL_X509_verify();
- test_wc_PemToDer();
- test_wc_AllocDer();
- test_wc_CertPemToDer();
- test_wc_PubKeyPemToDer();
- test_wc_PemPubKeyToDer();
- /*OCSP Stapling. */
- AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS);
- AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), WOLFSSL_SUCCESS);
- /* Multicast */
- test_wolfSSL_mcast();
- /* compatibility tests */
- test_wolfSSL_X509_NAME();
- test_wolfSSL_X509_INFO();
- test_wolfSSL_X509_subject_name_hash();
- test_wolfSSL_X509_issuer_name_hash();
- test_wolfSSL_DES();
- test_wolfSSL_certs();
- test_wolfSSL_ASN1_TIME_print();
- test_wolfSSL_ASN1_UTCTIME_print();
- test_wolfSSL_ASN1_GENERALIZEDTIME_free();
- test_wolfSSL_private_keys();
- test_wolfSSL_PEM_PrivateKey();
- test_wolfSSL_PEM_bio_RSAKey();
- test_wolfSSL_PEM_bio_DSAKey();
- test_wolfSSL_PEM_bio_ECKey();
- test_wolfSSL_PEM_RSAPrivateKey();
- test_wolfSSL_PEM_PUBKEY();
- test_DSA_do_sign_verify();
- test_wolfSSL_tmp_dh();
- test_wolfSSL_ctrl();
- test_wolfSSL_EVP_MD_size();
- test_wolfSSL_EVP_Digest();
- test_wolfSSL_EVP_PKEY_new_mac_key();
- test_wolfSSL_EVP_MD_hmac_signing();
- test_wolfSSL_EVP_MD_rsa_signing();
- test_wolfSSL_EVP_MD_ecc_signing();
- test_wolfSSL_CTX_add_extra_chain_cert();
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- test_wolfSSL_ERR_peek_last_error_line();
- #endif
- test_wolfSSL_ERR_print_errors_cb();
- AssertFalse(test_wolfSSL_GetLoggingCb());
- AssertFalse(test_WOLFSSL_ERROR_MSG());
- AssertFalse(test_wc_ERR_remove_state());
- AssertFalse(test_wc_ERR_print_errors_fp());
- test_wolfSSL_set_options();
- test_wolfSSL_sk_SSL_CIPHER();
- test_wolfSSL_X509_STORE_CTX();
- test_wolfSSL_X509_STORE_CTX_get0_current_issuer();
- test_wolfSSL_msgCb();
- test_wolfSSL_either_side();
- test_wolfSSL_DTLS_either_side();
- test_generate_cookie();
- test_wolfSSL_X509_STORE_set_flags();
- test_wolfSSL_X509_LOOKUP_load_file();
- test_wolfSSL_X509_NID();
- test_wolfSSL_X509_STORE_CTX_set_time();
- test_wolfSSL_get0_param();
- test_wolfSSL_X509_VERIFY_PARAM_set1_host();
- test_wolfSSL_X509_STORE_CTX_get0_store();
- test_wolfSSL_X509_STORE();
- test_wolfSSL_X509_STORE_load_locations();
- test_wolfSSL_BN();
- test_wolfSSL_PEM_read_bio();
- test_wolfSSL_BIO();
- test_wolfSSL_ASN1_STRING();
- test_wolfSSL_ASN1_BIT_STRING();
- test_wolfSSL_X509();
- test_wolfSSL_X509_VERIFY_PARAM();
- test_wolfSSL_X509_sign();
- test_wolfSSL_X509_get0_tbs_sigalg();
- test_wolfSSL_X509_ALGOR_get0();
- test_wolfSSL_X509_get_X509_PUBKEY();
- test_wolfSSL_X509_PUBKEY();
- test_wolfSSL_RAND();
- test_wolfSSL_BUF();
- test_wolfSSL_set_tlsext_status_type();
- test_wolfSSL_ASN1_TIME_adj();
- test_wolfSSL_X509_cmp_time();
- test_wolfSSL_X509_time_adj();
- test_wolfSSL_CTX_set_client_CA_list();
- test_wolfSSL_CTX_add_client_CA();
- test_wolfSSL_CTX_set_srp_username();
- test_wolfSSL_CTX_set_srp_password();
- test_wolfSSL_pseudo_rand();
- test_wolfSSL_PKCS8_Compat();
- test_wolfSSL_PKCS8_d2i();
- test_wolfSSL_ERR_put_error();
- test_wolfSSL_ERR_print_errors();
- test_wolfSSL_HMAC();
- test_wolfSSL_OBJ();
- test_wolfSSL_i2a_ASN1_OBJECT();
- test_wolfSSL_OBJ_cmp();
- test_wolfSSL_OBJ_txt2nid();
- test_wolfSSL_OBJ_txt2obj();
- test_wolfSSL_X509_NAME_ENTRY();
- test_wolfSSL_X509_set_name();
- test_wolfSSL_X509_set_notAfter();
- test_wolfSSL_X509_set_notBefore();
- test_wolfSSL_X509_set_version();
- test_wolfSSL_BIO_gets();
- test_wolfSSL_BIO_puts();
- test_wolfSSL_BIO_should_retry();
- test_wolfSSL_d2i_PUBKEY();
- test_wolfSSL_BIO_write();
- test_wolfSSL_BIO_printf();
- test_wolfSSL_BIO_f_md();
- test_wolfSSL_SESSION();
- test_wolfSSL_DES_ecb_encrypt();
- test_wolfSSL_sk_GENERAL_NAME();
- test_wolfSSL_MD4();
- test_wolfSSL_RSA();
- test_wolfSSL_RSA_DER();
- test_wolfSSL_RSA_get0_key();
- test_wolfSSL_RSA_meth();
- test_wolfSSL_verify_depth();
- test_wolfSSL_HMAC_CTX();
- test_wolfSSL_msg_callback();
- test_wolfSSL_SHA();
- test_wolfSSL_DH_1536_prime();
- test_wolfSSL_PEM_write_DHparams();
- test_wolfSSL_AES_ecb_encrypt();
- test_wolfSSL_SHA256();
- test_wolfSSL_X509_get_serialNumber();
- test_wolfSSL_X509_CRL();
- test_wolfSSL_PEM_read_X509();
- test_wolfSSL_PEM_read();
- test_wolfSSL_PEM_X509_INFO_read_bio();
- test_wolfSSL_PEM_read_bio_ECPKParameters();
- test_wolfSSL_X509_NAME_ENTRY_get_object();
- test_wolfSSL_OpenSSL_add_all_algorithms();
- test_wolfSSL_ASN1_STRING_print_ex();
- test_wolfSSL_ASN1_TIME_to_generalizedtime();
- test_wolfSSL_ASN1_INTEGER_set();
- test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS();
- test_wolfSSL_i2c_ASN1_INTEGER();
- test_wolfSSL_X509_check_ca();
- test_wolfSSL_X509_check_ip_asc();
- test_wolfSSL_DC_cert();
- test_wolfSSL_DES_ncbc();
- test_wolfSSL_AES_cbc_encrypt();
- test_wolfssl_EVP_aes_gcm();
- test_wolfSSL_PKEY_up_ref();
- test_wolfSSL_i2d_PrivateKey();
- test_wolfSSL_OCSP_get0_info();
- test_wolfSSL_EVP_PKEY_derive();
- test_wolfSSL_RSA_padding_add_PKCS1_PSS();
- #if defined(OPENSSL_ALL)
- test_wolfSSL_X509_PUBKEY_get();
- test_wolfSSL_sk_CIPHER_description();
- test_wolfSSL_get_ciphers_compat();
- test_wolfSSL_d2i_DHparams();
- test_wolfSSL_i2d_DHparams();
- test_wolfSSL_ASN1_STRING_to_UTF8();
- test_wolfSSL_EC_KEY_dup();
- test_wolfSSL_EVP_PKEY_set1_get1_DSA();
- test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
- test_wolfSSL_EVP_PKEY_set1_get1_DH();
- test_wolfSSL_CTX_ctrl();
- test_wolfSSL_DH_check();
- test_wolfSSL_EVP_PKEY_assign();
- test_wolfSSL_OBJ_ln();
- test_wolfSSL_OBJ_sn();
- #endif /* OPENSSL_ALL */
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
- AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
- test_wolfSSL_d2i_PrivateKeys_bio();
- #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
- test_wolfSSL_X509_CA_num();
- test_wolfSSL_X509_get_version();
- test_wolfSSL_X509_print();
- test_wolfSSL_BIO_get_len();
- test_wolfSSL_RSA_verify();
- test_wolfSSL_X509V3_EXT_get();
- test_wolfSSL_X509V3_EXT();
- test_wolfSSL_X509_get_ext();
- test_wolfSSL_X509_get_ext_by_NID();
- test_wolfSSL_X509_get_ext_count();
- test_wolfSSL_X509_EXTENSION_new();
- test_wolfSSL_X509_EXTENSION_get_object();
- test_wolfSSL_X509_EXTENSION_get_data();
- test_wolfSSL_X509_EXTENSION_get_critical();
- test_wolfSSL_X509V3_EXT_print();
- test_wolfSSL_X509_cmp();
- test_wolfSSL_RSA_print();
- test_wolfSSL_ASN1_STRING_print();
- test_openssl_generate_key_and_cert();
- test_wolfSSL_EC_get_builtin_curves();
- test_wolfSSL_CRYPTO_memcmp();
- /* test the no op functions for compatibility */
- test_no_op_functions();
- /* OpenSSL EVP_PKEY API tests */
- test_EVP_PKEY_rsa();
- test_wolfSSL_EVP_PKEY_encrypt();
- test_wolfSSL_EVP_PKEY_sign();
- test_EVP_PKEY_ec();
- test_EVP_PKEY_cmp();
- /* OpenSSL error API tests */
- test_ERR_load_crypto_strings();
- /* OpenSSL sk_X509 API test */
- test_sk_X509();
- /* OpenSSL X509 API test */
- test_X509_get_signature_nid();
- /* OpenSSL X509 REQ API test */
- test_X509_REQ();
- /* OpenSSL PKCS7 API test */
- test_wolfssl_PKCS7();
- test_wolfSSL_PKCS7_SIGNED_new();
- test_wolfSSL_PEM_write_bio_PKCS7();
- /* wolfCrypt ASN tests */
- test_wc_GetPkcs8TraditionalOffset();
- test_wc_SetSubjectRaw();
- test_wc_GetSubjectRaw();
- test_wc_SetIssuerRaw();
- test_wc_SetIssueBuffer();
- test_wc_SetSubjectKeyId();
- test_wc_SetSubject();
- test_CheckCertSignature();
- /* wolfCrypt ECC tests */
- test_wc_ecc_get_curve_size_from_name();
- test_wc_ecc_get_curve_id_from_name();
- test_wc_ecc_get_curve_id_from_params();
- #ifdef WOLFSSL_TLS13
- /* TLS v1.3 API tests */
- test_tls13_apis();
- #endif
- #ifndef NO_CERTS
- /* Bad certificate signature tests */
- AssertIntEQ(test_EccSigFailure_cm(), ASN_SIG_CONFIRM_E);
- AssertIntEQ(test_RsaSigFailure_cm(), ASN_SIG_CONFIRM_E);
- #endif /* NO_CERTS */
- #ifdef HAVE_PK_CALLBACKS
- /* public key callback tests */
- test_DhCallbacks();
- #endif
- /*wolfcrypt */
- printf("\n-----------------wolfcrypt unit tests------------------\n");
- AssertFalse(test_wolfCrypt_Init());
- AssertFalse(test_wc_InitMd5());
- AssertFalse(test_wc_Md5Update());
- AssertFalse(test_wc_Md5Final());
- AssertFalse(test_wc_InitSha());
- AssertFalse(test_wc_ShaUpdate());
- AssertFalse(test_wc_ShaFinal());
- AssertFalse(test_wc_InitSha256());
- AssertFalse(test_wc_Sha256Update());
- AssertFalse(test_wc_Sha256Final());
- AssertFalse(test_wc_Sha256FinalRaw());
- AssertFalse(test_wc_Sha256GetFlags());
- AssertFalse(test_wc_Sha256Free());
- AssertFalse(test_wc_Sha256GetHash());
- AssertFalse(test_wc_Sha256Copy());
- AssertFalse(test_wc_InitSha512());
- AssertFalse(test_wc_Sha512Update());
- AssertFalse(test_wc_Sha512Final());
- AssertFalse(test_wc_Sha512GetFlags());
- AssertFalse(test_wc_Sha512FinalRaw());
- AssertFalse(test_wc_Sha512Free());
- AssertFalse(test_wc_Sha512GetHash());
- AssertFalse(test_wc_Sha512Copy());
- AssertFalse(test_wc_InitSha384());
- AssertFalse(test_wc_Sha384Update());
- AssertFalse(test_wc_Sha384Final());
- AssertFalse(test_wc_Sha384GetFlags());
- AssertFalse(test_wc_Sha384FinalRaw());
- AssertFalse(test_wc_Sha384Free());
- AssertFalse(test_wc_Sha384GetHash());
- AssertFalse(test_wc_Sha384Copy());
- AssertFalse(test_wc_InitSha224());
- AssertFalse(test_wc_Sha224Update());
- AssertFalse(test_wc_Sha224Final());
- AssertFalse(test_wc_Sha224SetFlags());
- AssertFalse(test_wc_Sha224GetFlags());
- AssertFalse(test_wc_Sha224Free());
- AssertFalse(test_wc_Sha224GetHash());
- AssertFalse(test_wc_Sha224Copy());
- AssertFalse(test_wc_InitBlake2b());
- AssertFalse(test_wc_InitRipeMd());
- AssertFalse(test_wc_RipeMdUpdate());
- AssertFalse(test_wc_RipeMdFinal());
- AssertIntEQ(test_wc_InitSha3(), 0);
- AssertIntEQ(testing_wc_Sha3_Update(), 0);
- AssertIntEQ(test_wc_Sha3_224_Final(), 0);
- AssertIntEQ(test_wc_Sha3_256_Final(), 0);
- AssertIntEQ(test_wc_Sha3_384_Final(), 0);
- AssertIntEQ(test_wc_Sha3_512_Final(), 0);
- AssertIntEQ(test_wc_Sha3_224_Copy(), 0);
- AssertIntEQ(test_wc_Sha3_256_Copy(), 0);
- AssertIntEQ(test_wc_Sha3_384_Copy(), 0);
- AssertIntEQ(test_wc_Sha3_512_Copy(), 0);
- AssertIntEQ(test_wc_Sha3_GetFlags(), 0);
- AssertIntEQ(test_wc_InitShake256(), 0);
- AssertIntEQ(testing_wc_Shake256_Update(), 0);
- AssertIntEQ(test_wc_Shake256_Final(), 0);
- AssertIntEQ(test_wc_Shake256_Copy(), 0);
- AssertIntEQ(test_wc_Shake256Hash(), 0);
- AssertFalse(test_wc_Md5HmacSetKey());
- AssertFalse(test_wc_Md5HmacUpdate());
- AssertFalse(test_wc_Md5HmacFinal());
- AssertFalse(test_wc_ShaHmacSetKey());
- AssertFalse(test_wc_ShaHmacUpdate());
- AssertFalse(test_wc_ShaHmacFinal());
- AssertFalse(test_wc_Sha224HmacSetKey());
- AssertFalse(test_wc_Sha224HmacUpdate());
- AssertFalse(test_wc_Sha224HmacFinal());
- AssertFalse(test_wc_Sha256HmacSetKey());
- AssertFalse(test_wc_Sha256HmacUpdate());
- AssertFalse(test_wc_Sha256HmacFinal());
- AssertFalse(test_wc_Sha384HmacSetKey());
- AssertFalse(test_wc_Sha384HmacUpdate());
- AssertFalse(test_wc_Sha384HmacFinal());
- AssertIntEQ(test_wc_HashInit(), 0);
- AssertIntEQ(test_wc_HashSetFlags(), 0);
- AssertIntEQ(test_wc_HashGetFlags(), 0);
- AssertIntEQ(test_wc_InitCmac(), 0);
- AssertIntEQ(test_wc_CmacUpdate(), 0);
- AssertIntEQ(test_wc_CmacFinal(), 0);
- AssertIntEQ(test_wc_AesCmacGenerate(), 0);
- AssertIntEQ(test_wc_Des3_SetIV(), 0);
- AssertIntEQ(test_wc_Des3_SetKey(), 0);
- AssertIntEQ(test_wc_Des3_CbcEncryptDecrypt(), 0);
- AssertIntEQ(test_wc_Des3_CbcEncryptDecryptWithKey(), 0);
- AssertIntEQ(test_wc_IdeaSetKey(), 0);
- AssertIntEQ(test_wc_IdeaSetIV(), 0);
- AssertIntEQ(test_wc_IdeaCipher(), 0);
- AssertIntEQ(test_wc_IdeaCbcEncyptDecrypt(), 0);
- AssertIntEQ(test_wc_Chacha_SetKey(), 0);
- AssertIntEQ(test_wc_Chacha_Process(), 0);
- AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0);
- AssertIntEQ(test_wc_Poly1305SetKey(), 0);
- AssertIntEQ(test_wc_CamelliaSetKey(), 0);
- AssertIntEQ(test_wc_CamelliaSetIV(), 0);
- AssertIntEQ(test_wc_CamelliaEncryptDecryptDirect(), 0);
- AssertIntEQ(test_wc_CamelliaCbcEncryptDecrypt(), 0);
- AssertIntEQ(test_wc_RabbitSetKey(), 0);
- AssertIntEQ(test_wc_RabbitProcess(), 0);
- AssertIntEQ(test_wc_Arc4SetKey(), 0);
- AssertIntEQ(test_wc_Arc4Process(), 0);
- AssertIntEQ(test_wc_AesSetKey(), 0);
- AssertIntEQ(test_wc_AesSetIV(), 0);
- AssertIntEQ(test_wc_AesCbcEncryptDecrypt(), 0);
- AssertIntEQ(test_wc_AesCtrEncryptDecrypt(), 0);
- AssertIntEQ(test_wc_AesGcmSetKey(), 0);
- AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0);
- AssertIntEQ(test_wc_GmacSetKey(), 0);
- AssertIntEQ(test_wc_GmacUpdate(), 0);
- AssertIntEQ(test_wc_InitRsaKey(), 0);
- AssertIntEQ(test_wc_RsaPrivateKeyDecode(), 0);
- AssertIntEQ(test_wc_RsaPublicKeyDecode(), 0);
- AssertIntEQ(test_wc_RsaPublicKeyDecodeRaw(), 0);
- AssertIntEQ(test_wc_MakeRsaKey(), 0);
- AssertIntEQ(test_wc_SetKeyUsage (), 0);
- AssertIntEQ(test_wc_SetMutexCb(), 0);
- AssertIntEQ(test_wc_LockMutex_ex(), 0);
- AssertIntEQ(test_wc_RsaKeyToDer(), 0);
- AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0);
- AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0);
- AssertIntEQ(test_wc_RsaPublicEncryptDecrypt_ex(), 0);
- AssertIntEQ(test_wc_RsaEncryptSize(), 0);
- AssertIntEQ(test_wc_RsaSSL_SignVerify(), 0);
- AssertIntEQ(test_wc_RsaFlattenPublicKey(), 0);
- AssertIntEQ(test_RsaDecryptBoundsCheck(), 0);
- AssertIntEQ(test_wc_AesCcmSetKey(), 0);
- AssertIntEQ(test_wc_AesCcmEncryptDecrypt(), 0);
- AssertIntEQ(test_wc_Hc128_SetKey(), 0);
- AssertIntEQ(test_wc_Hc128_Process(), 0);
- AssertIntEQ(test_wc_InitDsaKey(), 0);
- AssertIntEQ(test_wc_DsaSignVerify(), 0);
- AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0);
- AssertIntEQ(test_wc_MakeDsaKey(), 0);
- AssertIntEQ(test_wc_DsaKeyToDer(), 0);
- AssertIntEQ(test_wc_DsaKeyToPublicDer(), 0);
- AssertIntEQ(test_wc_DsaImportParamsRaw(), 0);
- AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0);
- AssertIntEQ(test_wc_DsaExportParamsRaw(), 0);
- AssertIntEQ(test_wc_DsaExportKeyRaw(), 0);
- AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0);
- AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0);
- wolfCrypt_Cleanup();
- #ifdef OPENSSL_EXTRA
- /*wolfSSL_EVP_get_cipherbynid test*/
- test_wolfSSL_EVP_get_cipherbynid();
- test_wolfSSL_EVP_CIPHER_CTX();
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- test_wolfSSL_EC();
- #endif
- test_wolfSSL_ECDSA_SIG();
- test_ECDSA_size_sign();
- test_ED25519();
- test_ED448();
- test_EC_i2d();
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
- !defined(HAVE_SELFTEST) && \
- !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
- test_wc_ecc_get_curve_id_from_dp_params();
- #endif
- #ifdef HAVE_HASHDRBG
- #ifdef TEST_RESEED_INTERVAL
- AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0);
- #endif
- AssertIntEQ(test_wc_RNG_GenerateBlock(), 0);
- #endif
- AssertIntEQ(test_get_rand_digit(), 0);
- AssertIntEQ(test_get_digit_count(), 0);
- AssertIntEQ(test_mp_cond_copy(), 0);
- AssertIntEQ(test_mp_rand(), 0);
- AssertIntEQ(test_get_digit(), 0);
- AssertIntEQ(test_wc_export_int(), 0);
- AssertIntEQ(test_wc_InitRngNonce(), 0);
- AssertIntEQ(test_wc_InitRngNonce_ex(), 0);
- AssertIntEQ(test_wc_ed25519_make_key(), 0);
- AssertIntEQ(test_wc_ed25519_init(), 0);
- AssertIntEQ(test_wc_ed25519_sign_msg(), 0);
- AssertIntEQ(test_wc_ed25519_import_public(), 0);
- AssertIntEQ(test_wc_ed25519_import_private_key(), 0);
- AssertIntEQ(test_wc_ed25519_export(), 0);
- AssertIntEQ(test_wc_ed25519_size(), 0);
- AssertIntEQ(test_wc_ed25519_exportKey(), 0);
- AssertIntEQ(test_wc_Ed25519PublicKeyToDer(), 0);
- AssertIntEQ(test_wc_curve25519_init(), 0);
- AssertIntEQ(test_wc_curve25519_size(), 0);
- AssertIntEQ(test_wc_curve25519_export_key_raw(), 0);
- AssertIntEQ(test_wc_curve25519_export_key_raw_ex(), 0);
- AssertIntEQ(test_wc_curve25519_size (), 0);
- AssertIntEQ(test_wc_curve25519_make_key (), 0);
- AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0);
- AssertIntEQ(test_wc_curve25519_make_pub (), 0);
- AssertIntEQ(test_wc_curve25519_export_public_ex (), 0);
- AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0);
- AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0);
- AssertIntEQ(test_wc_curve25519_import_private (), 0);
- AssertIntEQ(test_wc_ed448_make_key(), 0);
- AssertIntEQ(test_wc_ed448_init(), 0);
- AssertIntEQ(test_wc_ed448_sign_msg(), 0);
- AssertIntEQ(test_wc_ed448_import_public(), 0);
- AssertIntEQ(test_wc_ed448_import_private_key(), 0);
- AssertIntEQ(test_wc_ed448_export(), 0);
- AssertIntEQ(test_wc_ed448_size(), 0);
- AssertIntEQ(test_wc_ed448_exportKey(), 0);
- AssertIntEQ(test_wc_Ed448PublicKeyToDer(), 0);
- AssertIntEQ(test_wc_curve448_make_key (), 0);
- AssertIntEQ(test_wc_curve448_shared_secret_ex (), 0);
- AssertIntEQ(test_wc_curve448_export_public_ex (), 0);
- AssertIntEQ(test_wc_curve448_export_private_raw_ex (), 0);
- AssertIntEQ(test_wc_curve448_export_key_raw (), 0);
- AssertIntEQ(test_wc_curve448_import_private_raw_ex (), 0);
- AssertIntEQ(test_wc_curve448_import_private (), 0);
- AssertIntEQ(test_wc_curve448_init(), 0);
- AssertIntEQ(test_wc_curve448_size (), 0);
- AssertIntEQ(test_wc_ecc_make_key(), 0);
- AssertIntEQ(test_wc_ecc_init(), 0);
- AssertIntEQ(test_wc_ecc_check_key(), 0);
- AssertIntEQ(test_wc_ecc_get_generator(), 0);
- AssertIntEQ(test_wc_ecc_size(), 0);
- test_wc_ecc_params();
- AssertIntEQ(test_wc_ecc_signVerify_hash(), 0);
- AssertIntEQ(test_wc_ecc_shared_secret(), 0);
- AssertIntEQ(test_wc_ecc_export_x963(), 0);
- AssertIntEQ(test_wc_ecc_export_x963_ex(), 0);
- AssertIntEQ(test_wc_ecc_import_x963(), 0);
- AssertIntEQ(ecc_import_private_key(), 0);
- AssertIntEQ(test_wc_ecc_export_private_only(), 0);
- AssertIntEQ(test_wc_ecc_rs_to_sig(), 0);
- AssertIntEQ(test_wc_ecc_import_raw(), 0);
- AssertIntEQ(test_wc_ecc_import_unsigned(), 0);
- AssertIntEQ(test_wc_ecc_sig_size(), 0);
- AssertIntEQ(test_wc_ecc_ctx_new(), 0);
- AssertIntEQ(test_wc_ecc_ctx_reset(), 0);
- AssertIntEQ(test_wc_ecc_ctx_set_peer_salt(), 0);
- AssertIntEQ(test_wc_ecc_ctx_set_info(), 0);
- AssertIntEQ(test_wc_ecc_encryptDecrypt(), 0);
- AssertIntEQ(test_wc_ecc_del_point(), 0);
- AssertIntEQ(test_wc_ecc_pointFns(), 0);
- AssertIntEQ(test_wc_ecc_shared_secret_ssh(), 0);
- AssertIntEQ(test_wc_ecc_verify_hash_ex(), 0);
- AssertIntEQ(test_wc_ecc_mulmod(), 0);
- AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
- AssertIntEQ(test_ToTraditional(), 0);
- AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0);
- AssertIntEQ(test_wc_Ed25519KeyToDer(), 0);
- AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0);
- AssertIntEQ(test_wc_Ed448KeyToDer(), 0);
- AssertIntEQ(test_wc_Ed448PrivateKeyToDer(), 0);
- AssertIntEQ(test_wc_SetAuthKeyIdFromPublicKey_ex(), 0);
- AssertIntEQ(test_wc_SetSubjectBuffer(), 0);
- AssertIntEQ(test_wc_SetSubjectKeyIdFromPublicKey_ex(), 0);
- test_wc_PKCS7_New();
- test_wc_PKCS7_Init();
- test_wc_PKCS7_InitWithCert();
- test_wc_PKCS7_EncodeData();
- test_wc_PKCS7_EncodeSignedData();
- test_wc_PKCS7_EncodeSignedData_ex();
- test_wc_PKCS7_VerifySignedData();
- test_wc_PKCS7_EncodeDecodeEnvelopedData();
- test_wc_PKCS7_EncodeEncryptedData();
- test_wc_PKCS7_Degenerate();
- test_wc_PKCS7_BER();
- test_PKCS7_signed_enveloped();
- test_wc_i2d_PKCS12();
- test_wolfSSL_CTX_LoadCRL();
- AssertIntEQ(test_ForceZero(), 0);
- AssertIntEQ(test_wolfSSL_Cleanup(), WOLFSSL_SUCCESS);
- #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_CERTS)
- AssertIntEQ(test_various_pathlen_chains(), WOLFSSL_SUCCESS);
- #endif
- /* If at some point a stub get implemented this test should fail indicating
- * a need to implement a new test case
- */
- test_stubs_are_stubs();
- #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
- && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- wolfSSL_Cleanup();
- (void)devId;
- printf(" End API Tests\n");
- }
|