1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213 |
- /* test.c
- *
- * Copyright (C) 2006-2017 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #ifndef NO_CRYPT_TEST
- #include <wolfssl/wolfcrypt/memory.h>
- #ifdef WOLFSSL_STATIC_MEMORY
- static WOLFSSL_HEAP_HINT* HEAP_HINT;
- #else
- #define HEAP_HINT NULL
- #endif /* WOLFSSL_STATIC_MEMORY */
- #include <wolfssl/wolfcrypt/wc_port.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/types.h>
- #if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER)
- #include <wolfssl/wolfcrypt/asn.h>
- #else
- #include <wolfssl/wolfcrypt/asn_public.h>
- #endif
- #include <wolfssl/wolfcrypt/md2.h>
- #include <wolfssl/wolfcrypt/md5.h>
- #include <wolfssl/wolfcrypt/md4.h>
- #include <wolfssl/wolfcrypt/sha.h>
- #include <wolfssl/wolfcrypt/sha256.h>
- #include <wolfssl/wolfcrypt/sha512.h>
- #include <wolfssl/wolfcrypt/arc4.h>
- #if defined(WC_NO_RNG) && defined(USE_FAST_MATH)
- #include <wolfssl/wolfcrypt/tfm.h>
- #else
- #include <wolfssl/wolfcrypt/random.h>
- #endif
- #include <wolfssl/wolfcrypt/coding.h>
- #include <wolfssl/wolfcrypt/signature.h>
- #include <wolfssl/wolfcrypt/rsa.h>
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/aes.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #include <wolfssl/wolfcrypt/cmac.h>
- #include <wolfssl/wolfcrypt/poly1305.h>
- #include <wolfssl/wolfcrypt/camellia.h>
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/dh.h>
- #include <wolfssl/wolfcrypt/dsa.h>
- #include <wolfssl/wolfcrypt/srp.h>
- #include <wolfssl/wolfcrypt/idea.h>
- #include <wolfssl/wolfcrypt/hc128.h>
- #include <wolfssl/wolfcrypt/rabbit.h>
- #include <wolfssl/wolfcrypt/chacha.h>
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
- #include <wolfssl/wolfcrypt/pwdbased.h>
- #include <wolfssl/wolfcrypt/ripemd.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_BLAKE2
- #include <wolfssl/wolfcrypt/blake2.h>
- #endif
- #ifdef WOLFSSL_SHA3
- #include <wolfssl/wolfcrypt/sha3.h>
- #endif
- #ifdef HAVE_LIBZ
- #include <wolfssl/wolfcrypt/compress.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/wolfcrypt/pkcs7.h>
- #endif
- #ifdef HAVE_FIPS
- #include <wolfssl/wolfcrypt/fips_test.h>
- #endif
- #ifdef HAVE_SELFTEST
- #include <wolfssl/wolfcrypt/selftest.h>
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- #include <wolfssl/wolfcrypt/async.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- #include <wolfssl/wolfcrypt/logging.h>
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #endif
- #ifdef WOLF_CRYPTO_DEV
- #include <wolfssl/wolfcrypt/cryptodev.h>
- #endif
- /* only for stack size check */
- #ifdef HAVE_STACK_SIZE
- #include <wolfssl/ssl.h>
- #define err_sys err_sys_remap /* remap err_sys */
- #include <wolfssl/test.h>
- #undef err_sys
- #endif
- #ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable: 4996)
- #endif
- #ifdef OPENSSL_EXTRA
- #ifndef WOLFCRYPT_ONLY
- #include <wolfssl/openssl/evp.h>
- #endif
- #include <wolfssl/openssl/rand.h>
- #include <wolfssl/openssl/hmac.h>
- #include <wolfssl/openssl/aes.h>
- #include <wolfssl/openssl/des.h>
- #endif
- #if defined(NO_FILESYSTEM)
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_4096)
- #define USE_CERT_BUFFERS_2048
- #endif
- #if !defined(USE_CERT_BUFFERS_256)
- #define USE_CERT_BUFFERS_256
- #endif
- #endif
- #include <wolfssl/certs_test.h>
- #ifdef HAVE_NTRU
- #include "libntruencrypt/ntru_crypto.h"
- #endif
- #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
- #include <mqx.h>
- #include <stdlib.h>
- #if MQX_USE_IO_OLD
- #include <fio.h>
- #else
- #include <nio.h>
- #endif
- #elif defined(FREESCALE_KSDK_BM)
- #include "fsl_debug_console.h"
- #undef printf
- #define printf PRINTF
- #elif defined(WOLFSSL_APACHE_MYNEWT)
- #include <assert.h>
- #include <string.h>
- #include "sysinit/sysinit.h"
- #include "os/os.h"
- #ifdef ARCH_sim
- #include "mcu/mcu_sim.h"
- #endif
- #include "os/os_time.h"
- #else
- #include <stdio.h>
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
- #define ENABLE_ECC384_CERT_GEN_TEST
- #endif
- #ifdef THREADX
- /* since just testing, use THREADX log printf instead */
- int dc_log_printf(char*, ...);
- #undef printf
- #define printf dc_log_printf
- #endif
- #ifdef MICRIUM
- #include <bsp_ser.h>
- void BSP_Ser_Printf (CPU_CHAR* format, ...);
- #undef printf
- #define printf BSP_Ser_Printf
- #elif defined(WOLFSSL_PB)
- #include <stdarg.h>
- int wolfssl_pb_print(const char*, ...);
- #undef printf
- #define printf wolfssl_pb_print
- #endif
- #include "wolfcrypt/test/test.h"
- #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
- static void initDefaultName(void);
- #endif
- /* for async devices */
- static int devId = INVALID_DEVID;
- #ifdef HAVE_WNR
- const char* wnrConfigFile = "wnr-example.conf";
- #endif
- typedef struct testVector {
- const char* input;
- const char* output;
- size_t inLen;
- size_t outLen;
- } testVector;
- int error_test(void);
- int base64_test(void);
- int base16_test(void);
- int asn_test(void);
- int md2_test(void);
- int md5_test(void);
- int md4_test(void);
- int sha_test(void);
- int sha224_test(void);
- int sha256_test(void);
- int sha512_test(void);
- int sha384_test(void);
- int sha3_test(void);
- int hash_test(void);
- int hmac_md5_test(void);
- int hmac_sha_test(void);
- int hmac_sha224_test(void);
- int hmac_sha256_test(void);
- int hmac_sha384_test(void);
- int hmac_sha512_test(void);
- int hmac_blake2b_test(void);
- int hmac_sha3_test(void);
- int hkdf_test(void);
- int x963kdf_test(void);
- int arc4_test(void);
- int hc128_test(void);
- int rabbit_test(void);
- int chacha_test(void);
- int chacha20_poly1305_aead_test(void);
- int des_test(void);
- int des3_test(void);
- int aes_test(void);
- int aes192_test(void);
- int aes256_test(void);
- int cmac_test(void);
- int poly1305_test(void);
- int aesgcm_test(void);
- int aesgcm_default_test(void);
- int gmac_test(void);
- int aesccm_test(void);
- int aeskeywrap_test(void);
- int camellia_test(void);
- int rsa_no_pad_test(void);
- int rsa_test(void);
- int dh_test(void);
- int dsa_test(void);
- int srp_test(void);
- #ifndef WC_NO_RNG
- int random_test(void);
- #endif /* WC_NO_RNG */
- int pwdbased_test(void);
- int ripemd_test(void);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- int openssl_test(void); /* test mini api */
- int openssl_pkey_test(void);
- int openssl_pkey0_test(void);
- int openssl_pkey1_test(void);
- int openSSL_evpMD_test(void);
- int openssl_evpSig_test(void);
- #endif
- int pbkdf1_test(void);
- int pkcs12_test(void);
- int pbkdf2_test(void);
- int scrypt_test(void);
- #ifdef HAVE_ECC
- int ecc_test(void);
- #ifdef HAVE_ECC_ENCRYPT
- int ecc_encrypt_test(void);
- #endif
- #ifdef USE_CERT_BUFFERS_256
- int ecc_test_buffers(void);
- #endif
- #endif
- #ifdef HAVE_CURVE25519
- int curve25519_test(void);
- #endif
- #ifdef HAVE_ED25519
- int ed25519_test(void);
- #endif
- #ifdef HAVE_BLAKE2
- int blake2b_test(void);
- #endif
- #ifdef HAVE_LIBZ
- int compress_test(void);
- #endif
- #ifdef HAVE_PKCS7
- int pkcs7enveloped_test(void);
- int pkcs7signed_test(void);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- int pkcs7encrypted_test(void);
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT)
- int cert_test(void);
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)
- int certext_test(void);
- #endif
- #ifdef HAVE_IDEA
- int idea_test(void);
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- int memory_test(void);
- #endif
- #ifdef HAVE_VALGRIND
- int mp_test(void);
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- int prime_test(void);
- #endif
- #ifdef ASN_BER_TO_DER
- int berder_test(void);
- #endif
- int logging_test(void);
- int mutex_test(void);
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- int memcb_test(void);
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- int blob_test(void);
- #endif
- #ifdef WOLF_CRYPTO_DEV
- int cryptodev_test(void);
- #endif
- /* General big buffer size for many tests. */
- #define FOURK_BUF 4096
- #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
- #ifdef HAVE_STACK_SIZE
- static THREAD_RETURN err_sys(const char* msg, int es)
- #else
- static int err_sys(const char* msg, int es)
- #endif
- {
- printf("%s error = %d\n", msg, es);
- EXIT_TEST(-1);
- }
- #ifndef HAVE_STACK_SIZE
- /* func_args from test.h, so don't have to pull in other stuff */
- typedef struct func_args {
- int argc;
- char** argv;
- int return_code;
- } func_args;
- #endif /* !HAVE_STACK_SIZE */
- #ifdef HAVE_FIPS
- static void myFipsCb(int ok, int err, const char* hash)
- {
- printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
- printf("message = %s\n", wc_GetErrorString(err));
- printf("hash = %s\n", hash);
- if (err == IN_CORE_FIPS_E) {
- printf("In core integrity hash check failure, copy above hash\n");
- printf("into verifyCore[] in fips_test.c and rebuild\n");
- }
- }
- #endif /* HAVE_FIPS */
- #ifdef WOLFSSL_STATIC_MEMORY
- #ifdef BENCH_EMBEDDED
- static byte gTestMemory[10000];
- #elif defined(WOLFSSL_CERT_EXT)
- static byte gTestMemory[140000];
- #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE)
- static byte gTestMemory[130000];
- #else
- static byte gTestMemory[80000];
- #endif
- #endif
- #ifdef WOLFSSL_PB
- int wolfssl_pb_print(const char* msg, ...)
- {
- int ret;
- va_list args;
- char tmpBuf[80];
- va_start(args, msg);
- ret = vsprint(tmpBuf, msg, args);
- va_end(args);
- fnDumpStringToSystemLog(tmpBuf);
- return ret;
- }
- #endif /* WOLFSSL_PB */
- #ifdef HAVE_STACK_SIZE
- THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
- #else
- int wolfcrypt_test(void* args)
- #endif
- {
- int ret;
- if (args)
- ((func_args*)args)->return_code = -1; /* error state */
- #ifdef WOLFSSL_STATIC_MEMORY
- if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
- WOLFMEM_GENERAL, 1) != 0) {
- printf("unable to load static memory");
- exit(EXIT_FAILURE);
- }
- #endif
- #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
- wolfSSL_Debugging_ON();
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- wc_SetLoggingHeap(HEAP_HINT);
- #endif
- #ifdef HAVE_FIPS
- wolfCrypt_SetCb_fips(myFipsCb);
- #endif
- #if !defined(NO_BIG_INT)
- if (CheckCtcSettings() != 1)
- return err_sys("Build vs runtime math mismatch\n", -1000);
- #if defined(USE_FAST_MATH) && \
- (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
- if (CheckFastMathSettings() != 1)
- return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
- -1001);
- #endif /* USE_FAST_MATH */
- #endif /* !NO_BIG_INT */
- #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
- initDefaultName();
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- ret = wolfAsync_DevOpen(&devId);
- if (ret < 0) {
- printf("Async device open failed\nRunning without async\n");
- }
- #else
- (void)devId;
- #endif /* WOLFSSL_ASYNC_CRYPT */
- #ifdef HAVE_SELFTEST
- if ( (ret = wolfCrypt_SelfTest()) != 0)
- return err_sys("CAVP selftest failed!\n", ret);
- else
- printf("CAVP selftest passed!\n");
- #endif
- if ( (ret = error_test()) != 0)
- return err_sys("error test failed!\n", ret);
- else
- printf( "error test passed!\n");
- #ifndef NO_CODING
- if ( (ret = base64_test()) != 0)
- return err_sys("base64 test failed!\n", ret);
- else
- printf( "base64 test passed!\n");
- #ifdef WOLFSSL_BASE16
- if ( (ret = base16_test()) != 0)
- return err_sys("base16 test failed!\n", ret);
- else
- printf( "base16 test passed!\n");
- #endif
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- if ( (ret = asn_test()) != 0)
- return err_sys("asn test failed!\n", ret);
- else
- printf( "asn test passed!\n");
- #endif
- #ifndef NO_MD5
- if ( (ret = md5_test()) != 0)
- return err_sys("MD5 test failed!\n", ret);
- else
- printf( "MD5 test passed!\n");
- #endif
- #ifdef WOLFSSL_MD2
- if ( (ret = md2_test()) != 0)
- return err_sys("MD2 test failed!\n", ret);
- else
- printf( "MD2 test passed!\n");
- #endif
- #ifndef NO_MD4
- if ( (ret = md4_test()) != 0)
- return err_sys("MD4 test failed!\n", ret);
- else
- printf( "MD4 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = sha_test()) != 0)
- return err_sys("SHA test failed!\n", ret);
- else
- printf( "SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = sha224_test()) != 0)
- return err_sys("SHA-224 test failed!\n", ret);
- else
- printf( "SHA-224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = sha256_test()) != 0)
- return err_sys("SHA-256 test failed!\n", ret);
- else
- printf( "SHA-256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = sha384_test()) != 0)
- return err_sys("SHA-384 test failed!\n", ret);
- else
- printf( "SHA-384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = sha512_test()) != 0)
- return err_sys("SHA-512 test failed!\n", ret);
- else
- printf( "SHA-512 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA3
- if ( (ret = sha3_test()) != 0)
- return err_sys("SHA-3 test failed!\n", ret);
- else
- printf( "SHA-3 test passed!\n");
- #endif
- if ( (ret = hash_test()) != 0)
- return err_sys("Hash test failed!\n", ret);
- else
- printf( "Hash test passed!\n");
- #ifdef WOLFSSL_RIPEMD
- if ( (ret = ripemd_test()) != 0)
- return err_sys("RIPEMD test failed!\n", ret);
- else
- printf( "RIPEMD test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2
- if ( (ret = blake2b_test()) != 0)
- return err_sys("BLAKE2b test failed!\n", ret);
- else
- printf( "BLAKE2b test passed!\n");
- #endif
- #ifndef NO_HMAC
- #ifndef NO_MD5
- if ( (ret = hmac_md5_test()) != 0)
- return err_sys("HMAC-MD5 test failed!\n", ret);
- else
- printf( "HMAC-MD5 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = hmac_sha_test()) != 0)
- return err_sys("HMAC-SHA test failed!\n", ret);
- else
- printf( "HMAC-SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = hmac_sha224_test()) != 0)
- return err_sys("HMAC-SHA224 test failed!\n", ret);
- else
- printf( "HMAC-SHA224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = hmac_sha256_test()) != 0)
- return err_sys("HMAC-SHA256 test failed!\n", ret);
- else
- printf( "HMAC-SHA256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = hmac_sha384_test()) != 0)
- return err_sys("HMAC-SHA384 test failed!\n", ret);
- else
- printf( "HMAC-SHA384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = hmac_sha512_test()) != 0)
- return err_sys("HMAC-SHA512 test failed!\n", ret);
- else
- printf( "HMAC-SHA512 test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2
- if ( (ret = hmac_blake2b_test()) != 0)
- return err_sys("HMAC-BLAKE2 test failed!\n", ret);
- else
- printf( "HMAC-BLAKE2 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA3
- if ( (ret = hmac_sha3_test()) != 0)
- return err_sys("HMAC-SHA3 test failed!\n", ret);
- else
- printf( "HMAC-SHA3 test passed!\n");
- #endif
- #ifdef HAVE_HKDF
- if ( (ret = hkdf_test()) != 0)
- return err_sys("HMAC-KDF test failed!\n", ret);
- else
- printf( "HMAC-KDF test passed!\n");
- #endif
- #endif /* !NO_HMAC */
- #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
- if ( (ret = x963kdf_test()) != 0)
- return err_sys("X963-KDF test failed!\n", ret);
- else
- printf( "X963-KDF test passed!\n");
- #endif
- #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
- if ( (ret = gmac_test()) != 0)
- return err_sys("GMAC test failed!\n", ret);
- else
- printf( "GMAC test passed!\n");
- #endif
- #ifndef NO_RC4
- if ( (ret = arc4_test()) != 0)
- return err_sys("ARC4 test failed!\n", ret);
- else
- printf( "ARC4 test passed!\n");
- #endif
- #ifndef NO_HC128
- if ( (ret = hc128_test()) != 0)
- return err_sys("HC-128 test failed!\n", ret);
- else
- printf( "HC-128 test passed!\n");
- #endif
- #ifndef NO_RABBIT
- if ( (ret = rabbit_test()) != 0)
- return err_sys("Rabbit test failed!\n", ret);
- else
- printf( "Rabbit test passed!\n");
- #endif
- #ifdef HAVE_CHACHA
- if ( (ret = chacha_test()) != 0)
- return err_sys("Chacha test failed!\n", ret);
- else
- printf( "Chacha test passed!\n");
- #endif
- #ifdef HAVE_POLY1305
- if ( (ret = poly1305_test()) != 0)
- return err_sys("POLY1305 test failed!\n", ret);
- else
- printf( "POLY1305 test passed!\n");
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- if ( (ret = chacha20_poly1305_aead_test()) != 0)
- return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- printf( "ChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des_test()) != 0)
- return err_sys("DES test failed!\n", ret);
- else
- printf( "DES test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des3_test()) != 0)
- return err_sys("DES3 test failed!\n", ret);
- else
- printf( "DES3 test passed!\n");
- #endif
- #ifndef NO_AES
- if ( (ret = aes_test()) != 0)
- return err_sys("AES test failed!\n", ret);
- else
- printf( "AES test passed!\n");
- #ifdef WOLFSSL_AES_192
- if ( (ret = aes192_test()) != 0)
- return err_sys("AES192 test failed!\n", ret);
- else
- printf( "AES192 test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_256
- if ( (ret = aes256_test()) != 0)
- return err_sys("AES256 test failed!\n", ret);
- else
- printf( "AES256 test passed!\n");
- #endif
- #ifdef HAVE_AESGCM
- #ifndef WOLFSSL_AFALG
- if ( (ret = aesgcm_test()) != 0)
- return err_sys("AES-GCM test failed!\n", ret);
- else
- #endif
- {
- if ((ret = aesgcm_default_test()) != 0) {
- return err_sys("AES-GCM test failed!\n", ret);
- }
- else {
- printf( "AES-GCM test passed!\n");
- }
- }
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if ( (ret = aesccm_test()) != 0)
- return err_sys("AES-CCM test failed!\n", ret);
- else
- printf( "AES-CCM test passed!\n");
- #endif
- #ifdef HAVE_AES_KEYWRAP
- if ( (ret = aeskeywrap_test()) != 0)
- return err_sys("AES Key Wrap test failed!\n", ret);
- else
- printf( "AES Key Wrap test passed!\n");
- #endif
- #endif
- #ifdef HAVE_CAMELLIA
- if ( (ret = camellia_test()) != 0)
- return err_sys("CAMELLIA test failed!\n", ret);
- else
- printf( "CAMELLIA test passed!\n");
- #endif
- #ifdef HAVE_IDEA
- if ( (ret = idea_test()) != 0)
- return err_sys("IDEA test failed!\n", ret);
- else
- printf( "IDEA test passed!\n");
- #endif
- #ifndef WC_NO_RNG
- if ( (ret = random_test()) != 0)
- return err_sys("RANDOM test failed!\n", ret);
- else
- printf( "RANDOM test passed!\n");
- #endif /* WC_NO_RNG */
- #ifdef WOLFSSL_STATIC_MEMORY
- if ( (ret = memory_test()) != 0)
- return err_sys("MEMORY test failed!\n", ret);
- else
- printf( "MEMORY test passed!\n");
- #endif
- #ifndef NO_RSA
- #ifdef WC_RSA_NO_PADDING
- if ( (ret = rsa_no_pad_test()) != 0)
- return err_sys("RSA NOPAD test failed!\n", ret);
- else
- printf( "RSA NOPAD test passed!\n");
- #endif
- if ( (ret = rsa_test()) != 0)
- return err_sys("RSA test failed!\n", ret);
- else
- printf( "RSA test passed!\n");
- #endif
- #ifndef NO_DH
- if ( (ret = dh_test()) != 0)
- return err_sys("DH test failed!\n", ret);
- else
- printf( "DH test passed!\n");
- #endif
- #ifndef NO_DSA
- if ( (ret = dsa_test()) != 0)
- return err_sys("DSA test failed!\n", ret);
- else
- printf( "DSA test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SRP
- if ( (ret = srp_test()) != 0)
- return err_sys("SRP test failed!\n", ret);
- else
- printf( "SRP test passed!\n");
- #endif
- #ifndef NO_PWDBASED
- if ( (ret = pwdbased_test()) != 0)
- return err_sys("PWDBASED test failed!\n", ret);
- else
- printf( "PWDBASED test passed!\n");
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- if ( (ret = openssl_test()) != 0)
- return err_sys("OPENSSL test failed!\n", ret);
- else
- printf( "OPENSSL test passed!\n");
- if ( (ret = openSSL_evpMD_test()) != 0)
- return err_sys("OPENSSL (EVP MD) test failed!\n", ret);
- else
- printf( "OPENSSL (EVP MD) passed!\n");
- if ( (ret = openssl_pkey0_test()) != 0)
- return err_sys("OPENSSL (PKEY0) test failed!\n", ret);
- else
- printf( "OPENSSL (PKEY0) passed!\n");
- if ( (ret = openssl_pkey1_test()) != 0)
- return err_sys("OPENSSL (PKEY1) test failed!\n", ret);
- else
- printf( "OPENSSL (PKEY1) passed!\n");
- if ( (ret = openssl_evpSig_test()) != 0)
- return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
- else
- printf( "OPENSSL (EVP Sign/Verify) passed!\n");
- #endif
- #ifdef HAVE_ECC
- if ( (ret = ecc_test()) != 0)
- return err_sys("ECC test failed!\n", ret);
- else
- printf( "ECC test passed!\n");
- #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
- if ( (ret = ecc_encrypt_test()) != 0)
- return err_sys("ECC Enc test failed!\n", ret);
- else
- printf( "ECC Enc test passed!\n");
- #endif
- #ifdef USE_CERT_BUFFERS_256
- if ( (ret = ecc_test_buffers()) != 0)
- return err_sys("ECC buffer test failed!\n", ret);
- else
- printf( "ECC buffer test passed!\n");
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT)
- if ( (ret = cert_test()) != 0)
- return err_sys("CERT test failed!\n", ret);
- else
- printf( "CERT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)
- if ( (ret = certext_test()) != 0)
- return err_sys("CERT EXT test failed!\n", ret);
- else
- printf( "CERT EXT test passed!\n");
- #endif
- #ifdef HAVE_CURVE25519
- if ( (ret = curve25519_test()) != 0)
- return err_sys("CURVE25519 test failed!\n", ret);
- else
- printf( "CURVE25519 test passed!\n");
- #endif
- #ifdef HAVE_ED25519
- if ( (ret = ed25519_test()) != 0)
- return err_sys("ED25519 test failed!\n", ret);
- else
- printf( "ED25519 test passed!\n");
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if ( (ret = cmac_test()) != 0)
- return err_sys("CMAC test failed!\n", ret);
- else
- printf( "CMAC test passed!\n");
- #endif
- #ifdef HAVE_LIBZ
- if ( (ret = compress_test()) != 0)
- return err_sys("COMPRESS test failed!\n", ret);
- else
- printf( "COMPRESS test passed!\n");
- #endif
- #ifdef HAVE_PKCS7
- if ( (ret = pkcs7enveloped_test()) != 0)
- return err_sys("PKCS7enveloped test failed!\n", ret);
- else
- printf( "PKCS7enveloped test passed!\n");
- if ( (ret = pkcs7signed_test()) != 0)
- return err_sys("PKCS7signed test failed!\n", ret);
- else
- printf( "PKCS7signed test passed!\n");
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- if ( (ret = pkcs7encrypted_test()) != 0)
- return err_sys("PKCS7encrypted test failed!\n", ret);
- else
- printf( "PKCS7encrypted test passed!\n");
- #endif
- #endif
- #ifdef HAVE_VALGRIND
- if ( (ret = mp_test()) != 0)
- return err_sys("mp test failed!\n", ret);
- else
- printf( "mp test passed!\n");
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- if ( (ret = prime_test()) != 0)
- return err_sys("prime test failed!\n", ret);
- else
- printf( "prime test passed!\n");
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- if ( (ret = berder_test()) != 0)
- return err_sys("ber-der test failed!\n", ret);
- else
- printf( "ber-der test passed!\n");
- #endif
- if ( (ret = logging_test()) != 0)
- return err_sys("logging test failed!\n", ret);
- else
- printf( "logging test passed!\n");
- if ( (ret = mutex_test()) != 0)
- return err_sys("mutex test failed!\n", ret);
- else
- printf( "mutex test passed!\n");
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- if ( (ret = memcb_test()) != 0)
- return err_sys("memcb test failed!\n", ret);
- else
- printf( "memcb test passed!\n");
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- if ( (ret = blob_test()) != 0)
- return err_sys("blob test failed!\n", ret);
- else
- printf( "blob test passed!\n");
- #endif
- #ifdef WOLF_CRYPTO_DEV
- if ( (ret = cryptodev_test()) != 0)
- return err_sys("crypto dev test failed!\n", ret);
- else
- printf( "crypto dev test passed!\n");
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- wolfAsync_DevClose(&devId);
- #endif
- /* cleanup the thread if fixed point cache is enabled and have thread local */
- #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
- wc_ecc_fp_free();
- #endif
- if (args)
- ((func_args*)args)->return_code = ret;
- EXIT_TEST(ret);
- }
- #ifndef NO_MAIN_DRIVER
- /* so overall tests can pull in test function */
- int main(int argc, char** argv)
- {
- int ret;
- func_args args;
- #ifdef WOLFSSL_APACHE_MYNEWT
- #ifdef ARCH_sim
- mcu_sim_parse_args(argc, argv);
- #endif
- sysinit();
- /* set dummy wallclock time. */
- struct os_timeval utctime;
- struct os_timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- os_settimeofday(&utctime, &tz);
- #endif
- #ifdef HAVE_WNR
- if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
- err_sys("Whitewood netRandom global config failed", -1002);
- return -1001;
- }
- #endif
- args.argc = argc;
- args.argv = argv;
- if ((ret = wolfCrypt_Init()) != 0) {
- printf("wolfCrypt_Init failed %d\n", ret);
- err_sys("Error with wolfCrypt_Init!\n", -1003);
- }
- #ifdef HAVE_STACK_SIZE
- StackSizeCheck(&args, wolfcrypt_test);
- #else
- wolfcrypt_test(&args);
- #endif
- if ((ret = wolfCrypt_Cleanup()) != 0) {
- printf("wolfCrypt_Cleanup failed %d\n", ret);
- err_sys("Error with wolfCrypt_Cleanup!\n", -1004);
- }
- #ifdef HAVE_WNR
- if (wc_FreeNetRandom() < 0)
- err_sys("Failed to free netRandom context", -1005);
- #endif /* HAVE_WNR */
- return args.return_code;
- }
- #endif /* NO_MAIN_DRIVER */
- /* helper to save DER, convert to PEM and save PEM */
- #if !defined(NO_ASN) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
- (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- #define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB)
- #else
- #define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, NULL, NULL, pT, eB)
- #endif
- static int _SaveDerAndPem(const byte* der, int derSz,
- byte* pem, int pemSz, const char* fileDer,
- const char* filePem, int pemType, int errBase)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- int ret;
- FILE* derFile;
- derFile = fopen(fileDer, "wb");
- if (!derFile) {
- return errBase + 0;
- }
- ret = (int)fwrite(der, 1, derSz, derFile);
- fclose(derFile);
- if (ret != derSz) {
- return errBase + 1;
- }
- #endif
- if (pem && filePem) {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- FILE* pemFile;
- #endif
- #ifdef WOLFSSL_DER_TO_PEM
- pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
- if (pemSz < 0) {
- return errBase + 2;
- }
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- pemFile = fopen(filePem, "wb");
- if (!pemFile) {
- return errBase + 3;
- }
- ret = (int)fwrite(pem, 1, pemSz, pemFile);
- fclose(pemFile);
- if (ret != pemSz) {
- return errBase + 4;
- }
- #endif
- }
- /* suppress unused variable warnings */
- (void)filePem;
- (void)fileDer;
- return 0;
- }
- #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
- int error_test(void)
- {
- const char* errStr;
- char out[WOLFSSL_MAX_ERROR_SZ];
- const char* unknownStr = wc_GetErrorString(0);
- #ifdef NO_ERROR_STRINGS
- /* Ensure a valid error code's string matches an invalid code's.
- * The string is that error strings are not available.
- */
- errStr = wc_GetErrorString(OPEN_RAN_E);
- wc_ErrorString(OPEN_RAN_E, out);
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1100;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1101;
- #else
- int i;
- int j = 0;
- /* Values that are not or no longer error codes. */
- int missing[] = { -122, -123, -124, -127, -128, -129,
- -163, -164, -165, -166, -167, -168, -169,
- -179, -233,
- 0 };
- /* Check that all errors have a string and it's the same through the two
- * APIs. Check that the values that are not errors map to the unknown
- * string.
- */
- for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (i != missing[j]) {
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) == 0)
- return -1102;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) == 0)
- return -1103;
- if (XSTRNCMP(errStr, out, XSTRLEN(errStr)) != 0)
- return -1104;
- }
- else {
- j++;
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1105;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1106;
- }
- }
- /* Check if the next possible value has been given a string. */
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1107;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1108;
- #endif
- return 0;
- }
- #ifndef NO_CODING
- int base64_test(void)
- {
- int ret;
- const byte good[] = "A+Gd\0\0\0";
- const byte goodEnd[] = "A+Gd \r\n";
- byte out[128];
- word32 outLen;
- #ifdef WOLFSSL_BASE64_ENCODE
- byte data[3];
- word32 dataLen;
- byte longData[79] = { 0 };
- const byte symbols[] = "+/A=";
- #endif
- const byte badSmall[] = "AAA Gdj=";
- const byte badLarge[] = "AAA~Gdj=";
- const byte badEOL[] = "A+Gd ";
- int i;
- /* Good Base64 encodings. */
- outLen = sizeof(out);
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != 0)
- return -1200;
- outLen = sizeof(out);
- ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
- if (ret != 0)
- return -1201;
- /* Bad parameters. */
- outLen = 1;
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -1202;
- outLen = sizeof(out);
- ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1203;
- /* Bad character at each offset 0-3. */
- for (i = 0; i < 4; i++) {
- outLen = sizeof(out);
- ret = Base64_Decode(badSmall + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1204 - i;
- ret = Base64_Decode(badLarge + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1214 - i;
- }
- #ifdef WOLFSSL_BASE64_ENCODE
- /* Decode and encode all symbols - non-alphanumeric. */
- dataLen = sizeof(data);
- ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
- if (ret != 0)
- return -1224;
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return -1225;
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1226;
- outLen = 7;
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != BUFFER_E)
- return -1227;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return -1228;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1229;
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1230;
- /* Data that results in an encoding longer than one line. */
- outLen = sizeof(out);
- dataLen = sizeof(longData);
- ret = Base64_Encode(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1231;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1232;
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1233;
- #endif
- return 0;
- }
- #ifdef WOLFSSL_BASE16
- int base16_test(void)
- {
- int ret;
- const byte testData[] = "SomeDataToEncode\n";
- const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
- byte encoded[40];
- word32 encodedLen;
- byte plain[40];
- word32 len;
- /* length returned includes null termination */
- encodedLen = sizeof(encoded);
- ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
- if (ret != 0)
- return -1300;
- len = (word32)XSTRLEN((char*)encoded);
- if (len != encodedLen - 1)
- return -1301;
- len = sizeof(plain);
- ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
- if (ret != 0)
- return -1302;
- if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
- return -1303;
- if (encodedLen != sizeof(encodedTestData) ||
- XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
- return -1304;
- }
- return 0;
- }
- #endif /* WOLFSSL_BASE16 */
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- int asn_test(void)
- {
- int ret;
- /* ASN1 encoded date buffer */
- const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
- 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a};
- byte format;
- int length;
- const byte* datePart;
- #ifndef NO_ASN_TIME
- struct tm timearg;
- #ifdef WORD64_AVAILABLE
- word64 now;
- #else
- word32 now;
- #endif
- #endif
- ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
- &length);
- if (ret != 0)
- return -1400;
- #ifndef NO_ASN_TIME
- /* Parameter Validation tests. */
- if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG)
- return -1401;
- if (wc_GetTime(&now, 0) != BUFFER_E)
- return -1402;
- now = 0;
- if (wc_GetTime(&now, sizeof(now)) != 0) {
- return -1403;
- }
- if (now == 0) {
- printf("RTC/Time not set!\n");
- return -1404;
- }
- ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
- if (ret != 0)
- return -1405;
- #endif /* !NO_ASN_TIME */
- return 0;
- }
- #endif /* !NO_ASN */
- #ifdef WOLFSSL_MD2
- int md2_test(void)
- {
- Md2 md2;
- byte hash[MD2_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md2[7];
- int times = sizeof(test_md2) / sizeof(testVector), i;
- a.input = "";
- a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
- "\x27\x73";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD2_DIGEST_SIZE;
- b.input = "a";
- b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
- "\xb5\xd1";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD2_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
- "\xd6\xbb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD2_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
- "\x06\xb0";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD2_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
- "\x94\x0b";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD2_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
- "\x38\xcd";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD2_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
- "\xef\xd8";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD2_DIGEST_SIZE;
- test_md2[0] = a;
- test_md2[1] = b;
- test_md2[2] = c;
- test_md2[3] = d;
- test_md2[4] = e;
- test_md2[5] = f;
- test_md2[6] = g;
- wc_InitMd2(&md2);
- for (i = 0; i < times; ++i) {
- wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
- wc_Md2Final(&md2, hash);
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
- return -1500 - i;
- }
- return 0;
- }
- #endif
- #ifndef NO_MD5
- int md5_test(void)
- {
- int ret = 0;
- wc_Md5 md5, md5Copy;
- byte hash[WC_MD5_DIGEST_SIZE];
- byte hashcopy[WC_MD5_DIGEST_SIZE];
- testVector a, b, c, d, e, f;
- testVector test_md5[6];
- int times = sizeof(test_md5) / sizeof(testVector), i;
- a.input = "";
- a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
- "\x7e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
- "\x72";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "message digest";
- c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
- "\xd0";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- d.input = "abcdefghijklmnopqrstuvwxyz";
- d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
- "\x3b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_MD5_DIGEST_SIZE;
- e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
- "\x9f";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_MD5_DIGEST_SIZE;
- f.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_MD5_DIGEST_SIZE;
- test_md5[0] = a;
- test_md5[1] = b;
- test_md5[2] = c;
- test_md5[3] = d;
- test_md5[4] = e;
- test_md5[5] = f;
- ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
- if (ret != 0)
- return -1600;
- ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Md5Free(&md5);
- return -1601;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
- (word32)test_md5[i].inLen);
- if (ret != 0)
- ERROR_OUT(-1602 - i, exit);
- ret = wc_Md5GetHash(&md5, hashcopy);
- if (ret != 0)
- ERROR_OUT(-1603 - i, exit);
- ret = wc_Md5Copy(&md5, &md5Copy);
- if (ret != 0)
- ERROR_OUT(-1604 - i, exit);
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(-1605 - i, exit);
- wc_Md5Free(&md5Copy);
- if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1606 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1607 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Md5SizeSet(&md5, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-1608, exit);
- }
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(-1609, exit);
- if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1610, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Md5Free(&md5);
- wc_Md5Free(&md5Copy);
- return ret;
- }
- #endif /* NO_MD5 */
- #ifndef NO_MD4
- int md4_test(void)
- {
- Md4 md4;
- byte hash[MD4_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md4[7];
- int times = sizeof(test_md4) / sizeof(testVector), i;
- a.input = "";
- a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
- "\xc0";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD4_DIGEST_SIZE;
- b.input = "a";
- b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
- "\x24";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD4_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
- "\x9d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD4_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
- "\x4b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD4_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
- "\xa9";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD4_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
- "\xe4";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD4_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
- "\x36";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD4_DIGEST_SIZE;
- test_md4[0] = a;
- test_md4[1] = b;
- test_md4[2] = c;
- test_md4[3] = d;
- test_md4[4] = e;
- test_md4[5] = f;
- test_md4[6] = g;
- wc_InitMd4(&md4);
- for (i = 0; i < times; ++i) {
- wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
- wc_Md4Final(&md4, hash);
- if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
- return -1700 - i;
- }
- return 0;
- }
- #endif /* NO_MD4 */
- #ifndef NO_SHA
- int sha_test(void)
- {
- int ret = 0;
- wc_Sha sha, shaCopy;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte hashcopy[WC_SHA_DIGEST_SIZE];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
- "\x90\xaf\xd8\x07\x09";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
- "\x6C\x9C\xD0\xD8\x9D";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
- "\xE5\xE5\x46\x70\xF1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa";
- d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
- "\x2A\x25\xEC\x64\x4D";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA_DIGEST_SIZE;
- e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -1800;
- ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_ShaFree(&sha);
- return -1801;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-1802 - i, exit);
- ret = wc_ShaGetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-1803 - i, exit);
- ret = wc_ShaCopy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-1804 - i, exit);
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-1805 - i, exit);
- wc_ShaFree(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1806 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1807 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
- "\xc5\xd9\x0a\xac";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_ShaSizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-1808, exit);
- }
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-1809, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1810, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_ShaFree(&sha);
- wc_ShaFree(&shaCopy);
- return ret;
- }
- #endif /* NO_SHA */
- #ifdef WOLFSSL_RIPEMD
- int ripemd_test(void)
- {
- RipeMd ripemd;
- int ret;
- byte hash[RIPEMD_DIGEST_SIZE];
- testVector a, b, c, d;
- testVector test_ripemd[4];
- int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
- a.input = "abc";
- a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
- "\xb0\x87\xf1\x5a\x0b\xfc";
- a.inLen = XSTRLEN(a.input);
- a.outLen = RIPEMD_DIGEST_SIZE;
- b.input = "message digest";
- b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
- "\x5f\xfa\x21\x59\x5f\x36";
- b.inLen = XSTRLEN(b.input);
- b.outLen = RIPEMD_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
- "\xf4\x9a\xda\x62\xeb\x2b";
- c.inLen = XSTRLEN(c.input);
- c.outLen = RIPEMD_DIGEST_SIZE;
- d.input = "12345678901234567890123456789012345678901234567890123456"
- "789012345678901234567890";
- d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
- "\x82\xbf\x63\x32\x6b\xfb";
- d.inLen = XSTRLEN(d.input);
- d.outLen = RIPEMD_DIGEST_SIZE;
- test_ripemd[0] = a;
- test_ripemd[1] = b;
- test_ripemd[2] = c;
- test_ripemd[3] = d;
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- return -1900;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
- (word32)test_ripemd[i].inLen);
- if (ret != 0) {
- return -1901 - i;
- }
- ret = wc_RipeMdFinal(&ripemd, hash);
- if (ret != 0) {
- return -1911 - i;
- }
- if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
- return -1921 - i;
- }
- return 0;
- }
- #endif /* WOLFSSL_RIPEMD */
- #ifdef HAVE_BLAKE2
- #define BLAKE2_TESTS 3
- static const byte blake2b_vec[BLAKE2_TESTS][BLAKE2B_OUTBYTES] =
- {
- {
- 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
- 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
- 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
- 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
- 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
- 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
- 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
- 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
- },
- {
- 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
- 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
- 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
- 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
- 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
- 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
- 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
- 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
- },
- {
- 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
- 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
- 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
- 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
- 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
- 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
- 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
- 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
- }
- };
- int blake2b_test(void)
- {
- Blake2b b2b;
- byte digest[64];
- byte input[64];
- int i, ret;
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2_TESTS; i++) {
- ret = wc_InitBlake2b(&b2b, 64);
- if (ret != 0)
- return -2000 - i;
- ret = wc_Blake2bUpdate(&b2b, input, i);
- if (ret != 0)
- return -2010 - 1;
- ret = wc_Blake2bFinal(&b2b, digest, 64);
- if (ret != 0)
- return -2020 - i;
- if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
- return -2030 - i;
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2 */
- #ifdef WOLFSSL_SHA224
- int sha224_test(void)
- {
- wc_Sha224 sha, shaCopy;
- byte hash[WC_SHA224_DIGEST_SIZE];
- byte hashcopy[WC_SHA224_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
- "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
- "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
- "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2100;
- ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha224Free(&sha);
- return -2101;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2102 - i, exit);
- ret = wc_Sha224GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2103 - i, exit);
- ret = wc_Sha224Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2104 - i, exit);
- ret = wc_Sha224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2105 - i, exit);
- wc_Sha224Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2106 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2107 - i, exit);
- }
- exit:
- wc_Sha224Free(&sha);
- wc_Sha224Free(&shaCopy);
- return ret;
- }
- #endif
- #ifndef NO_SHA256
- int sha256_test(void)
- {
- wc_Sha256 sha, shaCopy;
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashcopy[WC_SHA256_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
- "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
- "\xb8\x55";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2200;
- ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha256Free(&sha);
- return -2201;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0) {
- ERROR_OUT(-2202 - i, exit);
- }
- ret = wc_Sha256GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2203 - i, exit);
- ret = wc_Sha256Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2204 - i, exit);
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2205 - i, exit);
- wc_Sha256Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2206 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2207 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
- "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Sha256SizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2208, exit);
- }
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2209, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2210, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha256Free(&sha);
- wc_Sha256Free(&shaCopy);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- int sha512_test(void)
- {
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
- "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
- "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
- "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
- "\xf9\x27\xda\x3e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
- "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
- "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
- "\xa5\x4c\xa4\x9f";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2300;
- ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512Free(&sha);
- return -2301;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2302 - i, exit);
- ret = wc_Sha512GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2303 - i, exit);
- ret = wc_Sha512Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2304 - i, exit);
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2305 - i, exit);
- wc_Sha512Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2306 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2307 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
- "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
- "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
- "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2308, exit);
- }
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2309, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2310, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha512Free(&sha);
- wc_Sha512Free(&shaCopy);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA384
- int sha384_test(void)
- {
- wc_Sha384 sha, shaCopy;
- byte hash[WC_SHA384_DIGEST_SIZE];
- byte hashcopy[WC_SHA384_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
- "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
- "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
- "\x98\xb9\x5b";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2400;
- ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha384Free(&sha);
- return -2401;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2402 - i, exit);
- ret = wc_Sha384GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2403 - i, exit);
- ret = wc_Sha384Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2404 - i, exit);
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2405 - i, exit);
- wc_Sha384Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2406 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2407 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
- "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
- "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2408, exit);
- }
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2409, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2410, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha384Free(&sha);
- wc_Sha384Free(&shaCopy);
- return ret;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static int sha3_224_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
- "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
- "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
- "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2500;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2501 - i, exit);
- ret = wc_Sha3_224_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2502 - i, exit);
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2503 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2504 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2505 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
- "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2506, exit);
- }
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2507, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2508, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_224_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- static int sha3_256_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
- "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
- "\x43\x4a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
- "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
- "\x15\x32";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
- "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
- "\x33\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2600;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2601 - i, exit);
- ret = wc_Sha3_256_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2602 - i, exit);
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2603 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2604 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2605 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
- "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2606, exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2607, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2608, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_256_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- #ifndef WOLFSSL_NOSHA3_384
- static int sha3_384_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
- "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
- "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
- "\xd5\xf0\x04";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_384_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
- "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
- "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
- "\x37\x6d\x25";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
- "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
- "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
- "\x65\x7c\x22";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_384_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2700;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2701 - i, exit);
- ret = wc_Sha3_384_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2702 - i, exit);
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2703 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2704 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2705 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
- "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
- "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2706, exit);
- }
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2707, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2708, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_384_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_384 */
- #ifndef WOLFSSL_NOSHA3_512
- static int sha3_512_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
- "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
- "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
- "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
- "\x28\x1d\xcd\x26";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
- "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
- "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
- "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
- "\x4e\xec\x53\xf0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_512_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
- "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
- "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
- "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
- "\x39\xd6\xe7\x5e";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2800;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2801 - i, exit);
- ret = wc_Sha3_512_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2802 - i, exit);
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2803 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2804 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2805 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
- "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
- "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
- "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2806, exit);
- }
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2807, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2808, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_512_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- int sha3_test(void)
- {
- int ret;
- #ifndef WOLFSSL_NOSHA3_224
- if ((ret = sha3_224_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- if ((ret = sha3_256_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- if ((ret = sha3_384_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- if ((ret = sha3_512_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #endif
- int hash_test(void)
- {
- wc_HashAlg hash;
- int ret, exp_ret;
- int i, j;
- int digestSz;
- byte data[] = "0123456789abcdef0123456789abcdef012345";
- byte out[WC_MAX_DIGEST_SIZE];
- byte hashOut[WC_MAX_DIGEST_SIZE];
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- enum wc_HashType hashType;
- #endif
- enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
- WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
- WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512 };
- enum wc_HashType typesNoImpl[] = {
- #ifdef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifdef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifndef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifdef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifndef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifndef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- WC_HASH_TYPE_NONE
- };
- enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
- enum wc_HashType typesSha3[] = { WC_HASH_TYPE_SHA3_224,
- WC_HASH_TYPE_SHA3_256,
- WC_HASH_TYPE_SHA3_384,
- WC_HASH_TYPE_SHA3_512 };
- enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_SHA3_224,
- WC_HASH_TYPE_SHA3_256,
- WC_HASH_TYPE_SHA3_384,
- WC_HASH_TYPE_SHA3_512,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_NONE };
- /* Parameter Validation testing. */
- ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
- if (ret != BAD_FUNC_ARG)
- return -2900;
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -2901;
- ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -2902;
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -2903;
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return -2904;
- ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return -2905;
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
- if (ret != BAD_FUNC_ARG)
- return -2906;
- /* Try invalid hash algorithms. */
- for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
- ret = wc_HashInit(&hash, typesBad[i]);
- if (ret != BAD_FUNC_ARG)
- return -2907 - i;
- ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -2917 - i;
- ret = wc_HashFinal(&hash, typesBad[i], out);
- if (ret != BAD_FUNC_ARG)
- return -2927 - i;
- wc_HashFree(&hash, typesBad[i]);
- }
- /* Try valid hash algorithms. */
- for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
- exp_ret = 0;
- if (typesGood[i] == typesNoImpl[j]) {
- /* Recognized but no implementation compiled in. */
- exp_ret = HASH_TYPE_E;
- j++;
- }
- ret = wc_HashInit(&hash, typesGood[i]);
- if (ret != exp_ret)
- return -2937 - i;
- ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
- if (ret != exp_ret)
- return -2947 - i;
- ret = wc_HashFinal(&hash, typesGood[i], out);
- if (ret != exp_ret)
- return -2957 - i;
- wc_HashFree(&hash, typesGood[i]);
- digestSz = wc_HashGetDigestSize(typesGood[i]);
- if (exp_ret < 0 && digestSz != exp_ret)
- return -2967 - i;
- if (exp_ret == 0 && digestSz < 0)
- return -2977 - i;
- if (exp_ret == 0) {
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
- digestSz - 1);
- if (ret != BUFFER_E)
- return -2987 - i;
- }
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz);
- if (ret != exp_ret)
- return -2997 - i;
- if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
- return -3007 -i;
- ret = wc_HashGetBlockSize(typesGood[i]);
- if (exp_ret < 0 && ret != exp_ret)
- return -3008 - i;
- if (exp_ret == 0 && ret < 0)
- return -3018 - i;
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(typesGood[i]);
- if (ret == BAD_FUNC_ARG ||
- (exp_ret == 0 && ret == HASH_TYPE_E) ||
- (exp_ret != 0 && ret != HASH_TYPE_E)) {
- return -3028 - i;
- }
- hashType = wc_OidGetHash(ret);
- if (exp_ret < 0 && ret != exp_ret)
- return -3038 - i;
- if (exp_ret == 0 && hashType != typesGood[i])
- return -3048 - i;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- }
- for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
- ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
- if (ret != BAD_FUNC_ARG && ret != BUFFER_E)
- return -3058 - i;
- }
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3068;
- #else
- if (ret != HASH_TYPE_E)
- return -3069;
- #endif
- hashType = wc_OidGetHash(646); /* Md2h */
- #ifdef WOLFSSL_MD2
- if (hashType != WC_HASH_TYPE_MD2)
- return -3070;
- #else
- if (hashType != WC_HASH_TYPE_NONE)
- return -3071;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
- #ifndef NO_MD5
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3072;
- #else
- if (ret != HASH_TYPE_E)
- return -3073;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
- if (ret != BAD_FUNC_ARG)
- return -3074;
- ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3075;
- hashType = wc_OidGetHash(0);
- if (hashType != WC_HASH_TYPE_NONE)
- return -3076;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3077;
- #else
- if (ret != HASH_TYPE_E)
- return -3078;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3079;
- #else
- if (ret != HASH_TYPE_E)
- return -3080;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3081;
- #else
- if (ret != HASH_TYPE_E)
- return -3082;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3083;
- #else
- if (ret != HASH_TYPE_E)
- return -3084;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
- #if !defined(NO_MD5) && !defined(NO_SHA)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3085;
- #else
- if (ret != HASH_TYPE_E)
- return -3086;
- #endif
- for (i = 0; i < (int)(sizeof(typesSha3)/sizeof(*typesSha3)); i++) {
- ret = wc_HashGetBlockSize(typesSha3[i]);
- #ifdef WOLFSSL_SHA3
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3087;
- #else
- if (ret != HASH_TYPE_E)
- return -3088;
- #endif
- ret = wc_HashGetDigestSize(typesSha3[i]);
- #ifdef WOLFSSL_SHA3
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3089;
- #else
- if (ret != HASH_TYPE_E)
- return -3090;
- #endif
- }
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
- if (ret != BAD_FUNC_ARG)
- return -3091;
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
- if (ret != BAD_FUNC_ARG)
- return -3092;
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3093;
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3094;
- #ifndef NO_ASN
- #ifdef WOLFSSL_MD2
- ret = wc_GetCTC_HashOID(MD2);
- if (ret == 0)
- return -3095;
- #endif
- #ifndef NO_MD5
- ret = wc_GetCTC_HashOID(WC_MD5);
- if (ret == 0)
- return -3096;
- #endif
- #ifndef NO_SHA
- ret = wc_GetCTC_HashOID(WC_SHA);
- if (ret == 0)
- return -3097;
- #endif
- #ifdef WOLFSSL_SHA224
- ret = wc_GetCTC_HashOID(WC_SHA224);
- if (ret == 0)
- return -3098;
- #endif
- #ifndef NO_SHA256
- ret = wc_GetCTC_HashOID(WC_SHA256);
- if (ret == 0)
- return -3099;
- #endif
- #ifdef WOLFSSL_SHA384
- ret = wc_GetCTC_HashOID(WC_SHA384);
- if (ret == 0)
- return -3100;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_GetCTC_HashOID(WC_SHA512);
- if (ret == 0)
- return -3101;
- #endif
- ret = wc_GetCTC_HashOID(-1);
- if (ret != 0)
- return -3102;
- #endif
- return 0;
- }
- #if !defined(NO_HMAC) && !defined(NO_MD5)
- int hmac_md5_test(void)
- {
- Hmac hmac;
- byte hash[WC_MD5_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- testVector a, b, c;
- testVector test_hmac[3];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
- "\x9d";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
- "\x38";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
- "\xf6";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1) {
- continue; /* cavium can't handle short keys, fips not allowed */
- }
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) {
- return -3200;
- }
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3201;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3202;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3203;
- if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
- return -3204 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE)
- return -3214;
- #endif
- return 0;
- }
- #endif /* NO_HMAC && NO_MD5 */
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- int hmac_sha_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c;
- testVector test_hmac[3];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
- "\x8e\xf1\x46\xbe\x00";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
- "\x9c\x25\x9a\x7c\x79";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
- "\x4f\x63\xf1\x75\xd3";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3300;
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3301;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3302;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3303;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
- return -3304 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE)
- return -3314;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- int hmac_sha224_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA224_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
- "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
- "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
- "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1"
- "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA224_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3400;
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3401;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3402;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3403;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- return -3404 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE)
- return -3414;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- int hmac_sha256_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA256_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
- "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
- "\xcf\xf7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
- "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
- "\x38\x43";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
- "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
- "\x65\xfe";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- d.input = 0;
- d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
- "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
- "\x3e\x46";
- d.inLen = 0;
- d.outLen = WC_SHA256_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
- if (i == 3)
- continue; /* QuickAssist can't handle empty HMAC */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3500 - i;
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3510 - i;
- if (test_hmac[i].input != NULL) {
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3520 - i;
- }
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3530 - i;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- return -3540 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE)
- return -3550;
- if (wc_HmacSizeByType(20) != BAD_FUNC_ARG)
- return -3551;
- #endif
- if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE)
- return -3552;
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(HAVE_BLAKE2)
- int hmac_blake2b_test(void)
- {
- Hmac hmac;
- byte hash[BLAKE2B_256];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c;
- testVector test_hmac[3];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x72\x93\x0d\xdd\xf5\xf7\xe1\x78\x38\x07\x44\x18\x0b\x3f\x51"
- "\x37\x25\xb5\x82\xc2\x08\x83\x2f\x1c\x99\xfd\x03\xa0\x16\x75"
- "\xac\xfd";
- a.inLen = XSTRLEN(a.input);
- a.outLen = BLAKE2B_256;
- b.input = "what do ya want for nothing?";
- b.output = "\x3d\x20\x50\x71\x05\xc0\x8c\x0c\x38\x44\x1e\xf7\xf9\xd1\x67"
- "\x21\xff\x64\xf5\x94\x00\xcf\xf9\x75\x41\xda\x88\x61\x9d\x7c"
- "\xda\x2b";
- b.inLen = XSTRLEN(b.input);
- b.outLen = BLAKE2B_256;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\xda\xfe\x2a\x24\xfc\xe7\xea\x36\x34\xbe\x41\x92\xc7\x11\xa7"
- "\x00\xae\x53\x9c\x11\x9c\x80\x74\x55\x22\x25\x4a\xb9\x55\xd3"
- "\x0f\x87";
- c.inLen = XSTRLEN(c.input);
- c.outLen = BLAKE2B_256;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- #if !defined(HAVE_CAVIUM_V)
- /* Blake2 only supported on Cavium Nitrox III */
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3600;
- #endif
- ret = wc_HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3601;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3602;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3603;
- if (XMEMCMP(hash, test_hmac[i].output, BLAKE2B_256) != 0)
- return -3604 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(BLAKE2B_ID) != BLAKE2B_OUTBYTES)
- return -3614;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- int hmac_sha384_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA384_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
- "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
- "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
- "\xfa\x9c\xb6";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
- "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
- "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
- "\xb2\x16\x49";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
- "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
- "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
- "\xa3\x4f\x27";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b"
- "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54"
- "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a"
- "\x57\x41\x69";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA384_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3700;
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3701;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3702;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3703;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- return -3704 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE)
- return -3714;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
- int hmac_sha512_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA512_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
- "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
- "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
- "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
- "\x3a\x12\x68\x54";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
- "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
- "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
- "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
- "\x38\xbc\xe7\x37";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
- "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
- "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
- "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
- "\xe1\x32\x92\xfb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb"
- "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27"
- "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30"
- "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b"
- "\x1e\x18\xfe\xfa";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA512_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3800;
- ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3801;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3802;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3803;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- return -3804 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE)
- return -3814;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3)
- int hmac_sha3_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- const char* key[4] =
- {
- "Jefe",
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- const char* input[4] =
- {
- "what do ya want for nothing?",
- "Hi There",
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
- "Big Key Input"
- };
- const int hashType[4] =
- {
- WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
- };
- const int hashSz[4] =
- {
- WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
- WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
- };
- const char* output[16] =
- {
- /* key = jefe, input = what do ya want for nothing? */
- /* HMAC-SHA3-224 */
- "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
- "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
- /* HMAC-SHA3-256 */
- "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
- "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
- /* HMAC-SHA3-384 */
- "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
- "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
- "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
- /* HMAC-SHA3-512 */
- "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
- "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
- "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
- "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
- /* key = 0b..., input = Hi There */
- /* HMAC-SHA3-224 */
- "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
- "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
- /* HMAC-SHA3-256 */
- "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
- "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
- /* HMAC-SHA3-384 */
- "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
- "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
- "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
- /* HMAC-SHA3-512 */
- "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
- "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
- "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
- "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
- /* key = aa..., output = dd... */
- /* HMAC-SHA3-224 */
- "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
- "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
- /* HMAC-SHA3-256 */
- "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
- "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
- /* HMAC-SHA3-384 */
- "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
- "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
- "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
- /* HMAC-SHA3-512 */
- "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
- "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
- "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
- "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
- /* key = big key, input = Big Key Input */
- /* HMAC-SHA3-224 */
- "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
- "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
- /* HMAC-SHA3-256 */
- "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
- "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
- /* HMAC-SHA3-384 */
- "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
- "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
- "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
- /* HMAC-SHA3-512 */
- "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
- "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
- "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
- "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
- };
- int i = 0, iMax = sizeof(input) / sizeof(input[0]),
- j, jMax = sizeof(hashType) / sizeof(hashType[0]),
- ret;
- #ifdef HAVE_FIPS
- /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
- * short. Skip it in FIPS builds. */
- i = 1;
- #endif
- for (; i < iMax; i++) {
- for (j = 0; j < jMax; j++) {
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3900;
- ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
- (word32)XSTRLEN(key[i]));
- if (ret != 0)
- return -3901;
- ret = wc_HmacUpdate(&hmac, (byte*)input[i],
- (word32)XSTRLEN(input[i]));
- if (ret != 0)
- return -3902;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3903;
- if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0)
- return -3904;
- wc_HmacFree(&hmac);
- if (i > 0)
- continue;
- #ifndef HAVE_FIPS
- ret = wc_HmacSizeByType(hashType[j]);
- if (ret != hashSz[j])
- return -3905;
- #endif
- }
- }
- return 0;
- }
- #endif
- #ifndef NO_RC4
- int arc4_test(void)
- {
- byte cipher[16];
- byte plain[16];
- const char* keys[] =
- {
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xef\x01\x23\x45"
- };
- testVector a, b, c, d;
- testVector test_arc4[4];
- int times = sizeof(test_arc4) / sizeof(testVector), i;
- a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
- c.inLen = 8;
- c.outLen = 8;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
- d.inLen = 10;
- d.outLen = 10;
- test_arc4[0] = a;
- test_arc4[1] = b;
- test_arc4[2] = c;
- test_arc4[3] = d;
- for (i = 0; i < times; ++i) {
- Arc4 enc;
- Arc4 dec;
- int keylen = 8; /* XSTRLEN with key 0x00 not good */
- if (i == 3)
- keylen = 4;
- if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0)
- return -4000;
- if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0)
- return -4001;
- wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
- wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
- wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
- (word32)test_arc4[i].outLen);
- wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
- if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
- return -4002 - i;
- if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
- return -4012 - i;
- wc_Arc4Free(&enc);
- wc_Arc4Free(&dec);
- }
- return 0;
- }
- #endif
- int hc128_test(void)
- {
- #ifdef HAVE_HC128
- byte cipher[16];
- byte plain[16];
- const char* keys[] =
- {
- "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
- "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
- };
- const char* ivs[] =
- {
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
- "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
- };
- testVector a, b, c, d;
- testVector test_hc128[4];
- int times = sizeof(test_hc128) / sizeof(testVector), i;
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A";
- c.inLen = 8;
- c.outLen = 8;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29";
- d.inLen = 15;
- d.outLen = 15;
- test_hc128[0] = a;
- test_hc128[1] = b;
- test_hc128[2] = c;
- test_hc128[3] = d;
- for (i = 0; i < times; ++i) {
- HC128 enc;
- HC128 dec;
- /* align keys/ivs in plain/cipher buffers */
- XMEMCPY(plain, keys[i], 16);
- XMEMCPY(cipher, ivs[i], 16);
- wc_Hc128_SetKey(&enc, plain, cipher);
- wc_Hc128_SetKey(&dec, plain, cipher);
- /* align input */
- XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen);
- if (wc_Hc128_Process(&enc, cipher, plain,
- (word32)test_hc128[i].outLen) != 0) {
- return -4100;
- }
- if (wc_Hc128_Process(&dec, plain, cipher,
- (word32)test_hc128[i].outLen) != 0) {
- return -4101;
- }
- if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen))
- return -4102 - i;
- if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen))
- return -4112 - i;
- }
- #endif /* HAVE_HC128 */
- return 0;
- }
- #ifndef NO_RABBIT
- int rabbit_test(void)
- {
- byte cipher[16];
- byte plain[16];
- const char* keys[] =
- {
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
- };
- const char* ivs[] =
- {
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
- 0
- };
- testVector a, b, c;
- testVector test_rabbit[3];
- int times = sizeof(test_rabbit) / sizeof(testVector), i;
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77";
- c.inLen = 8;
- c.outLen = 8;
- test_rabbit[0] = a;
- test_rabbit[1] = b;
- test_rabbit[2] = c;
- for (i = 0; i < times; ++i) {
- Rabbit enc;
- Rabbit dec;
- byte* iv;
- /* align keys/ivs in plain/cipher buffers */
- XMEMCPY(plain, keys[i], 16);
- if (ivs[i]) {
- XMEMCPY(cipher, ivs[i], 8);
- iv = cipher;
- } else
- iv = NULL;
- wc_RabbitSetKey(&enc, plain, iv);
- wc_RabbitSetKey(&dec, plain, iv);
- /* align input */
- XMEMCPY(plain, test_rabbit[i].input, test_rabbit[i].outLen);
- wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen);
- wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen);
- if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen))
- return -4200 - i;
- if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen))
- return -4210 - i;
- }
- return 0;
- }
- #endif /* NO_RABBIT */
- #ifdef HAVE_CHACHA
- int chacha_test(void)
- {
- ChaCha enc;
- ChaCha dec;
- byte cipher[128];
- byte plain[128];
- byte sliver[64];
- byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- word32 keySz = 32;
- int ret = 0;
- int i;
- int times = 4;
- static const byte key1[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- static const byte key2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- static const byte key3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- /* 128 bit key */
- static const byte key4[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* keys[] = {key1, key2, key3, key4};
- static const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- static const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- static const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01};
- static const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
- byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
- byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
- byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
- byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
- byte* test_chacha[4];
- test_chacha[0] = a;
- test_chacha[1] = b;
- test_chacha[2] = c;
- test_chacha[3] = d;
- for (i = 0; i < times; ++i) {
- if (i < 3) {
- keySz = 32;
- }
- else {
- keySz = 16;
- }
- XMEMCPY(plain, keys[i], keySz);
- XMEMSET(cipher, 0, 32);
- XMEMCPY(cipher + 4, ivs[i], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 0);
- if (ret != 0)
- return ret;
- XMEMCPY(plain, input, 8);
- ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
- ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
- if (ret != 0)
- return ret;
- if (XMEMCMP(test_chacha[i], cipher, 8))
- return -4300 - i;
- if (XMEMCMP(plain, input, 8))
- return -4310 - i;
- }
- /* test of starting at a different counter
- encrypts all of the information and decrypts starting at 2nd chunk */
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMCPY(cipher + 4, ivs[0], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 1);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
- ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain + 64, sliver, 64))
- return -4320;
- return 0;
- }
- #endif /* HAVE_CHACHA */
- #ifdef HAVE_POLY1305
- int poly1305_test(void)
- {
- int ret = 0;
- int i;
- byte tag[16];
- Poly1305 enc;
- static const byte msg1[] =
- {
- 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
- 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
- 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
- 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
- 0x75,0x70
- };
- static const byte msg2[] =
- {
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
- 0x6c,0x64,0x21
- };
- static const byte msg3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- static const byte msg4[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- static const byte msg5[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- };
- static const byte msg6[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- byte additional[] =
- {
- 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
- 0xc4,0xc5,0xc6,0xc7
- };
- static const byte correct0[] =
- {
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- static const byte correct1[] =
- {
- 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
- 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
- };
- static const byte correct2[] =
- {
- 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
- 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
- };
- static const byte correct3[] =
- {
- 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
- 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
- };
- static const byte correct4[] =
- {
- 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
- 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
- };
- static const byte correct5[] =
- {
- 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- static const byte correct6[] =
- {
- 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
- 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
- };
- static const byte key[] = {
- 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
- 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- static const byte key2[] = {
- 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
- 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
- 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
- 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
- };
- static const byte key4[] = {
- 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
- 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
- 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
- 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
- };
- static const byte key5[] = {
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
- word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
- sizeof(msg3), sizeof(msg5), sizeof(msg6)};
- const byte* keys[] = {key, key, key2, key2, key5, key};
- const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
- correct6};
- for (i = 0; i < 6; i++) {
- ret = wc_Poly1305SetKey(&enc, keys[i], 32);
- if (ret != 0)
- return -4400 - i;
- ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
- if (ret != 0)
- return -4410 - i;
- ret = wc_Poly1305Final(&enc, tag);
- if (ret != 0)
- return -4420 - i;
- if (XMEMCMP(tag, tests[i], sizeof(tag)))
- return -4430 - i;
- }
- /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
- XMEMSET(tag, 0, sizeof(tag));
- ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
- if (ret != 0)
- return -4440;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return -4441;
- if (XMEMCMP(tag, correct4, sizeof(tag)))
- return -4442;
- /* Check fail of TLS MAC function if altering additional data */
- XMEMSET(tag, 0, sizeof(tag));
- additional[0]++;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return -4443;
- if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
- return -4444;
- return 0;
- }
- #endif /* HAVE_POLY1305 */
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- int chacha20_poly1305_aead_test(void)
- {
- /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- const byte key1[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- const byte plaintext1[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
- 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
- 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
- 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
- 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
- 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
- 0x74, 0x2e
- };
- const byte iv1[] = {
- 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47
- };
- const byte aad1[] = { /* additional data */
- 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
- 0xc4, 0xc5, 0xc6, 0xc7
- };
- const byte cipher1[] = { /* expected output from operation */
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
- 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
- 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
- 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
- 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
- 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
- 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
- 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
- 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
- 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
- 0x61, 0x16
- };
- const byte authTag1[] = { /* expected output from operation */
- 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
- 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
- };
- /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- const byte key2[] = {
- 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
- 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
- 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
- 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
- };
- const byte plaintext2[] = {
- 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
- 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
- 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
- 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
- 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
- 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
- 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
- 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
- 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
- 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
- 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
- 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
- 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
- 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
- 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
- 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
- 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
- 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
- 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
- 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
- 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
- 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
- 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
- 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
- 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
- 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
- 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
- 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
- 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
- 0x9d
- };
- const byte iv2[] = {
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
- 0x05, 0x06, 0x07, 0x08
- };
- const byte aad2[] = { /* additional data */
- 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x4e, 0x91
- };
- const byte cipher2[] = { /* expected output from operation */
- 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
- 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
- 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
- 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
- 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
- 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
- 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
- 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
- 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
- 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
- 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
- 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
- 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
- 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
- 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
- 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
- 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
- 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
- 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
- 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
- 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
- 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
- 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
- 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
- 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
- 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
- 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
- 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
- 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
- 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
- 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
- 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
- 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
- 0x9b
- };
- const byte authTag2[] = { /* expected output from operation */
- 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
- 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
- };
- byte generatedCiphertext[272];
- byte generatedPlaintext[272];
- byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- int err;
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Parameter Validation testing */
- /* Encrypt */
- err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4500;
- err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1), generatedCiphertext,
- generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4501;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4502;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4503;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, NULL);
- if (err != BAD_FUNC_ARG)
- return -4504;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- 0, generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4505;
- /* Decrypt */
- err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4506;
- err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4507;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4508;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), NULL, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4509;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, NULL);
- if (err != BAD_FUNC_ARG)
- return -4510;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- 0, authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4511;
- /* Test #1 */
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
- aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return -4512;
- }
- if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
- return -4513;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
- aad1, sizeof(aad1),
- cipher1, sizeof(cipher1),
- authTag1, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof( plaintext1))) {
- return -4514;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test #2 */
- err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
- aad2, sizeof(aad2),
- plaintext2, sizeof(plaintext2),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return -4515;
- }
- if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
- return -4516;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
- aad2, sizeof(aad2),
- cipher2, sizeof(cipher2),
- authTag2, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return -4517;
- }
- return err;
- }
- #endif /* HAVE_CHACHA && HAVE_POLY1305 */
- #ifndef NO_DES3
- int des_test(void)
- {
- const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des enc;
- Des dec;
- const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- const byte verify[] =
- {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- int ret;
- ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
- if (ret != 0)
- return -4600;
- ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- if (ret != 0)
- return -4601;
- ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
- if (ret != 0)
- return -4602;
- ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- if (ret != 0)
- return -4603;
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -4604;
- if (XMEMCMP(cipher, verify, sizeof(cipher)))
- return -4605;
- return 0;
- }
- #endif /* NO_DES3 */
- #ifndef NO_DES3
- int des3_test(void)
- {
- const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des3 enc;
- Des3 dec;
- const byte key3[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv3[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- const byte verify3[] =
- {
- 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
- 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
- 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
- };
- int ret;
- if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0)
- return -4700;
- if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0)
- return -4701;
- ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
- if (ret != 0)
- return -4702;
- ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
- if (ret != 0)
- return -4703;
- ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4704;
- ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4705;
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -4706;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return -4707;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- /* test the same vectors with using compatibility layer */
- {
- DES_key_schedule ks1;
- DES_key_schedule ks2;
- DES_key_schedule ks3;
- DES_cblock iv4;
- XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
- XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
- XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
- XMEMCPY(iv4, iv3, sizeof(DES_cblock));
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(cipher, 0, sizeof(cipher));
- DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3,
- &iv4, DES_ENCRYPT);
- DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3,
- &iv4, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -4708;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return -4709;
- }
- #endif /* OPENSSL_EXTRA */
- wc_Des3Free(&enc);
- wc_Des3Free(&dec);
- return 0;
- }
- #endif /* NO_DES */
- #ifndef NO_AES
- #ifdef WOLFSSL_AES_CFB
- /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/
- static int aescfb_test(void)
- {
- Aes enc;
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- Aes dec;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- int ret = 0;
- const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- #ifdef WOLFSSL_AES_128
- const byte key1[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
- 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
- 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
- };
- const byte msg1[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 size key test */
- const byte key2[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- const byte cipher2[] =
- {
- 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
- 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
- 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
- 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
- 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
- 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
- 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
- 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
- };
- const byte msg2[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 size key simple test */
- const byte key3[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- const byte cipher3[] =
- {
- 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
- 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
- 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
- 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
- 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
- 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
- 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
- 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
- };
- const byte msg3[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- return -4710;
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- return -4711;
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(&enc, cipher, msg1, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- return -4712;
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- return -4713;
- /* test restarting encryption process */
- ret = wc_AesCfbEncrypt(&enc, cipher + (AES_BLOCK_SIZE * 2),
- msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
- if (ret != 0)
- return -4714;
- if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
- cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
- return -4715;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- return -4716;
- if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
- return -4717;
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- return -4718;
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- return -4719;
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- return -4720;
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
- return -4721;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- return -4722;
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
- return -4723;
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- return -4724;
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- return -4725;
- #endif
- /* test with data left overs, magic lengths are checking near edges */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(&enc, cipher, msg3, 4);
- if (ret != 0)
- return -4726;
- if (XMEMCMP(cipher, cipher3, 4))
- return -4727;
- ret = wc_AesCfbEncrypt(&enc, cipher + 4, msg3 + 4, 27);
- if (ret != 0)
- return -4728;
- if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
- return -4729;
- ret = wc_AesCfbEncrypt(&enc, cipher + 31, msg3 + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- return -4730;
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
- return -4731;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(&dec, plain, cipher, 4);
- if (ret != 0)
- return -4732;
- if (XMEMCMP(plain, msg3, 4))
- return -4733;
- ret = wc_AesCfbDecrypt(&dec, plain + 4, cipher + 4, 4);
- if (ret != 0)
- return -4734;
- ret = wc_AesCfbDecrypt(&dec, plain + 8, cipher + 8, 23);
- if (ret != 0)
- return -4735;
- if (XMEMCMP(plain + 4, msg3 + 4, 27))
- return -4736;
- ret = wc_AesCfbDecrypt(&dec, plain + 31, cipher + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- return -4737;
- if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
- return -4738;
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* WOLFSSL_AES_CFB */
- static int aes_key_size_test(void)
- {
- int ret;
- Aes aes;
- byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
- byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- byte iv[] = "1234567890abcdef";
- #ifndef HAVE_FIPS
- word32 keySize;
- #endif
- #ifdef WC_INITAES_H
- ret = wc_InitAes_h(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -4800;
- ret = wc_InitAes_h(&aes, NULL);
- if (ret != 0)
- return -4801;
- #endif
- #ifndef HAVE_FIPS
- /* Parameter Validation testing. */
- ret = wc_AesGetKeySize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -4802;
- ret = wc_AesGetKeySize(&aes, NULL);
- if (ret != BAD_FUNC_ARG)
- return -4803;
- ret = wc_AesGetKeySize(NULL, &keySize);
- if (ret != BAD_FUNC_ARG)
- return -4804;
- /* Crashes in FIPS */
- ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- return -4805;
- #endif
- /* NULL IV indicates to use all zeros IV. */
- ret = wc_AesSetKey(&aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -4806;
- ret = wc_AesSetKey(&aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- return -4807;
- #ifndef HAVE_FIPS
- /* Force invalid rounds */
- aes.rounds = 16;
- ret = wc_AesGetKeySize(&aes, &keySize);
- if (ret != BAD_FUNC_ARG)
- return -4808;
- #endif
- ret = wc_AesSetKey(&aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -4809;
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
- ret = wc_AesGetKeySize(&aes, &keySize);
- if (ret != 0 || keySize != sizeof(key16))
- return -4810;
- #endif
- ret = wc_AesSetKey(&aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_192
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -4811;
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
- ret = wc_AesGetKeySize(&aes, &keySize);
- if (ret != 0 || keySize != sizeof(key24))
- return -4812;
- #endif
- ret = wc_AesSetKey(&aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_256
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -4813;
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
- ret = wc_AesGetKeySize(&aes, &keySize);
- if (ret != 0 || keySize != sizeof(key32))
- return -4814;
- #endif
- return 0;
- }
- #if defined(WOLFSSL_AES_XTS)
- /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
- #ifdef WOLFSSL_AES_128
- static int aes_xts_128_test(void)
- {
- XtsAes aes;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- unsigned char cipher[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- static unsigned char k1[] = {
- 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
- 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
- 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
- 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
- };
- static unsigned char i1[] = {
- 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- static unsigned char p1[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
- };
- /* plain text test of partial block is not from NIST test vector list */
- static unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- static unsigned char c1[] = {
- 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
- 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
- };
- static unsigned char k2[] = {
- 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
- 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
- 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
- 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
- };
- static unsigned char i2[] = {
- 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
- 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
- };
- static unsigned char p2[] = {
- 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
- 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
- 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
- 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
- };
- static unsigned char c2[] = {
- 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
- 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
- 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
- 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
- };
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- return -4900;
- ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4901;
- if (XMEMCMP(c2, buf, sizeof(c2)))
- return -4902;
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- return -4903;
- ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4904;
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- return -4905;
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4906;
- wc_AesXtsFree(&aes);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- return -4907;
- ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4908;
- if (XMEMCMP(pp, buf, sizeof(pp)))
- return -4909;
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4910;
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- return -4911;
- /* fail case with decrypting using wrong key */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4912;
- if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
- return -4913;
- /* set correct key and retest */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- return -4914;
- ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -4915;
- if (XMEMCMP(p2, buf, sizeof(p2)))
- return -4916;
- wc_AesXtsFree(&aes);
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- static int aes_xts_256_test(void)
- {
- XtsAes aes;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 3];
- unsigned char cipher[AES_BLOCK_SIZE * 3];
- /* 256 key tests */
- static unsigned char k1[] = {
- 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
- 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
- 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
- 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
- 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
- 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
- 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
- 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
- };
- static unsigned char i1[] = {
- 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
- 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
- };
- static unsigned char p1[] = {
- 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
- 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
- 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
- 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
- };
- /* plain text test of partial block is not from NIST test vector list */
- static unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- static unsigned char c1[] = {
- 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
- 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
- 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
- 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
- };
- static unsigned char k2[] = {
- 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
- 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
- 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
- 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
- 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
- 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
- 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
- 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
- };
- static unsigned char i2[] = {
- 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
- 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
- };
- static unsigned char p2[] = {
- 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
- 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
- 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
- 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
- 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
- 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
- };
- static unsigned char c2[] = {
- 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
- 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
- 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
- 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
- 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
- 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
- };
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- return -5000;
- ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5001;
- if (XMEMCMP(c2, buf, sizeof(c2)))
- return -5002;
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- return -5003;
- ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5004;
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- return -5005;
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5006;
- wc_AesXtsFree(&aes);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- return -5007;
- ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5008;
- if (XMEMCMP(pp, buf, sizeof(pp)))
- return -5009;
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5010;
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- return -5011;
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- return -5012;
- ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5013;
- if (XMEMCMP(p2, buf, sizeof(p2)))
- return -5014;
- wc_AesXtsFree(&aes);
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- /* both 128 and 256 bit key test */
- static int aes_xts_sector_test(void)
- {
- XtsAes aes;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- static unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- static unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- static unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- /* 256 key tests */
- static unsigned char k2[] = {
- 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
- 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
- 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
- 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
- 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
- 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
- 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
- 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
- };
- static unsigned char p2[] = {
- 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
- 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
- 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
- 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
- };
- static unsigned char c2[] = {
- 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
- 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
- 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
- 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
- };
- word64 s2 = 187;
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- return -5100;
- ret = wc_AesXtsEncryptSector(&aes, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5101;
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- return -5102;
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- return -5103;
- ret = wc_AesXtsDecryptSector(&aes, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5104;
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- return -5105;
- wc_AesXtsFree(&aes);
- /* 256 bit key tests */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- return -5106;
- ret = wc_AesXtsEncryptSector(&aes, buf, p2, sizeof(p2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5107;
- if (XMEMCMP(c2, buf, sizeof(c2)))
- return -5108;
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- return -5109;
- ret = wc_AesXtsDecryptSector(&aes, buf, c2, sizeof(c2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5110;
- if (XMEMCMP(p2, buf, sizeof(p2)))
- return -5111;
- wc_AesXtsFree(&aes);
- return ret;
- }
- #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- /* testing of bad arguments */
- static int aes_xts_args_test(void)
- {
- XtsAes aes;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- static unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- static unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- static unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) == 0)
- return -5200;
- if (wc_AesXtsSetKey(&aes, NULL, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) == 0)
- return -5201;
- /* encryption operations */
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- return -5202;
- ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- return -5203;
- ret = wc_AesXtsEncryptSector(&aes, NULL, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- return -5204;
- wc_AesXtsFree(&aes);
- /* decryption operations */
- if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- return -5205;
- ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- return -5206;
- ret = wc_AesXtsDecryptSector(&aes, NULL, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- return -5207;
- wc_AesXtsFree(&aes);
- return 0;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* WOLFSSL_AES_XTS */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- static int aes_cbc_test(void)
- {
- byte cipher[AES_BLOCK_SIZE];
- byte plain[AES_BLOCK_SIZE];
- int ret;
- const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- /* Parameter Validation testing. */
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return -5300;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return -5301;
- #endif
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return -5302;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return -5303;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
- return -5304;
- #endif /* HAVE_AES_DECRYPT */
- (void)plain;
- return 0;
- }
- #endif
- int aes_test(void)
- {
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
- Aes enc;
- byte cipher[AES_BLOCK_SIZE * 4];
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- Aes dec;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (wc_AesInit(&enc, HEAP_HINT, devId) != 0)
- return -5400;
- if (wc_AesInit(&dec, HEAP_HINT, devId) != 0)
- return -5401;
- #endif
- ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- return -5402;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
- if (ret != 0)
- return -5403;
- #endif
- ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5404;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5405;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -5406;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -5407;
- #endif /* WOLFSSL_AES_128 */
- #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
- {
- const byte bigMsg[] = {
- /* "All work and no play makes Jack a dull boy. " */
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
- };
- const byte bigKey[] = "0123456789abcdeffedcba9876543210";
- byte bigCipher[sizeof(bigMsg)];
- byte bigPlain[sizeof(bigMsg)];
- word32 keySz, msgSz;
- /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
- * message by AES_BLOCK_SIZE for each size of AES key. */
- for (keySz = 16; keySz <= 32; keySz += 8) {
- for (msgSz = AES_BLOCK_SIZE;
- msgSz <= sizeof(bigMsg);
- msgSz += AES_BLOCK_SIZE) {
- XMEMSET(bigCipher, 0, sizeof(bigCipher));
- XMEMSET(bigPlain, 0, sizeof(bigPlain));
- ret = wc_AesSetKey(&enc, bigKey, keySz, iv, AES_ENCRYPTION);
- if (ret != 0)
- return -5408;
- ret = wc_AesSetKey(&dec, bigKey, keySz, iv, AES_DECRYPTION);
- if (ret != 0)
- return -5409;
- ret = wc_AesCbcEncrypt(&enc, bigCipher, bigMsg, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5410;
- ret = wc_AesCbcDecrypt(&dec, bigPlain, bigCipher, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5411;
- if (XMEMCMP(bigPlain, bigMsg, msgSz))
- return -5412;
- }
- }
- }
- #endif /* WOLFSSL_AESNI HAVE_AES_DECRYPT */
- /* Test of AES IV state with encrypt/decrypt */
- #ifdef WOLFSSL_AES_128
- {
- /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
- * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
- */
- const byte msg2[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
- };
- const byte verify2[] =
- {
- 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
- 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
- 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
- 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
- };
- byte key2[] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- byte iv2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- return -5413;
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5414;
- if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
- return -5415;
- ret = wc_AesCbcEncrypt(&enc, cipher + AES_BLOCK_SIZE,
- msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5416;
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- return -5417;
- #if defined(HAVE_AES_DECRYPT)
- ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
- if (ret != 0)
- return -5418;
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcDecrypt(&dec, plain, verify2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5419;
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
- return -5420;
- ret = wc_AesCbcDecrypt(&dec, plain + AES_BLOCK_SIZE,
- verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5421;
- if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- return -5422;
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #ifdef WOLFSSL_AES_COUNTER
- {
- /* test vectors from "Recommendation for Block Cipher Modes of
- * Operation" NIST Special Publication 800-38A */
- const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #ifdef WOLFSSL_AES_128
- const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- const byte ctr128Key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- const byte ctr128Cipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
- 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
- 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
- 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
- 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
- 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
- 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
- };
- #endif
- #ifdef WOLFSSL_AES_256
- const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
- 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
- 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
- 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
- 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
- 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
- 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
- };
- #endif
- #ifdef WOLFSSL_AES_128
- wc_AesSetKeyDirect(&enc, ctr128Key, sizeof(ctr128Key),
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(&dec, ctr128Key, sizeof(ctr128Key),
- ctrIv, AES_ENCRYPTION);
- ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain));
- if (ret != 0) {
- return -5423;
- }
- ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain));
- if (ret != 0) {
- return -5424;
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
- return -5425;
- if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher)))
- return -5426;
- /* let's try with just 9 bytes, non block size test */
- wc_AesSetKeyDirect(&enc, ctr128Key, AES_BLOCK_SIZE,
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(&dec, ctr128Key, AES_BLOCK_SIZE,
- ctrIv, AES_ENCRYPTION);
- ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher));
- if (ret != 0) {
- return -5427;
- }
- ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher));
- if (ret != 0) {
- return -5428;
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
- return -5429;
- if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher)))
- return -5430;
- /* and an additional 9 bytes to reuse tmp left buffer */
- ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher));
- if (ret != 0) {
- return -5431;
- }
- ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher));
- if (ret != 0) {
- return -5432;
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
- return -5433;
- if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher)))
- return -5434;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 bit key */
- wc_AesSetKeyDirect(&enc, ctr192Key, sizeof(ctr192Key),
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(&dec, ctr192Key, sizeof(ctr192Key),
- ctrIv, AES_ENCRYPTION);
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher));
- if (ret != 0) {
- return -5435;
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher)))
- return -5436;
- ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain));
- if (ret != 0) {
- return -5437;
- }
- if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher)))
- return -5438;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 bit key */
- wc_AesSetKeyDirect(&enc, ctr256Key, sizeof(ctr256Key),
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(&dec, ctr256Key, sizeof(ctr256Key),
- ctrIv, AES_ENCRYPTION);
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher));
- if (ret != 0) {
- return -5439;
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
- return -5440;
- ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain));
- if (ret != 0) {
- return -5441;
- }
- if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher)))
- return -5442;
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* WOLFSSL_AES_COUNTER */
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- {
- const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- return -5443;
- wc_AesEncryptDirect(&enc, cipher, niPlain);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- return -5444;
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- return -5445;
- wc_AesDecryptDirect(&dec, plain, niCipher);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- return -5446;
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- ret = aes_key_size_test();
- if (ret != 0)
- return ret;
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ret = aes_cbc_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_AES_XTS)
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_128_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_256
- ret = aes_xts_256_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- ret = aes_xts_sector_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_args_test();
- if (ret != 0)
- return ret;
- #endif
- #endif
- #if defined(WOLFSSL_AES_CFB)
- ret = aescfb_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
- wc_AesFree(&enc);
- (void)cipher;
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- wc_AesFree(&dec);
- (void)plain;
- #endif
- #endif
- return ret;
- }
- #ifdef WOLFSSL_AES_192
- int aes192_test(void)
- {
- #ifdef HAVE_AES_CBC
- Aes enc;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- Aes dec;
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
- * Appendix F.2.3 */
- const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
- 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
- };
- byte key[] = {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- if (wc_AesInit(&enc, HEAP_HINT, devId) != 0)
- return -5500;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(&dec, HEAP_HINT, devId) != 0)
- return -5501;
- #endif
- ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- return -5502;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- return -5503;
- #endif
- ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5504;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5505;
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- return -5506;
- }
- #endif
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- return -5507;
- wc_AesFree(&enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(&dec);
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- int aes256_test(void)
- {
- #ifdef HAVE_AES_CBC
- Aes enc;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- Aes dec;
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
- * Appendix F.2.5 */
- const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
- 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
- };
- byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- if (wc_AesInit(&enc, HEAP_HINT, devId) != 0)
- return -5600;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(&dec, HEAP_HINT, devId) != 0)
- return -5601;
- #endif
- ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- return -5602;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- return -5603;
- #endif
- ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5604;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5605;
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- return -5606;
- }
- #endif
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- return -5607;
- wc_AesFree(&enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(&dec);
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #ifdef HAVE_AESGCM
- static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
- byte* plain, int plainSz, byte* cipher, int cipherSz,
- byte* aad, int aadSz, byte* tag, int tagSz)
- {
- Aes enc;
- Aes dec;
- byte resultT[AES_BLOCK_SIZE];
- byte resultP[AES_BLOCK_SIZE * 3];
- byte resultC[AES_BLOCK_SIZE * 3];
- int result;
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) {
- return -5700;
- }
- result = wc_AesGcmSetKey(&enc, key, keySz);
- if (result != 0)
- return -4701;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, plain, plainSz, iv, ivSz,
- resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -4702;
- if (cipher != NULL) {
- if (XMEMCMP(cipher, resultC, cipherSz))
- return -4703;
- }
- if (XMEMCMP(tag, resultT, tagSz))
- return -4704;
- wc_AesFree(&enc);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmSetKey(&dec, key, keySz);
- if (result != 0)
- return -4705;
- result = wc_AesGcmDecrypt(&dec, resultP, resultC, cipherSz,
- iv, ivSz, resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -4706;
- if (plain != NULL) {
- if (XMEMCMP(plain, resultP, plainSz))
- return -4707;
- }
- wc_AesFree(&dec);
- #endif /* HAVE_AES_DECRYPT */
- return 0;
- }
- /* tests that only use 12 byte IV and 16 or less byte AAD
- * test vectors are from NIST SP 800-38D
- * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
- int aesgcm_default_test(void)
- {
- byte key1[] = {
- 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
- 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
- };
- byte iv1[] = {
- 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
- 0xe4, 0xed, 0x2f, 0x6d
- };
- byte plain1[] = {
- 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
- 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
- 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
- 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
- };
- byte aad1[] = {
- 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
- 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
- };
- byte cipher1[] = {
- 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
- 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
- 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
- 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
- };
- byte tag1[] = {
- 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
- 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
- };
- byte key2[] = {
- 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
- 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
- };
- byte iv2[] = {
- 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
- 0xc9, 0x8a, 0xff, 0xe3
- };
- byte plain2[] = {
- 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
- 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
- };
- byte cipher2[] = {
- 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
- 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
- };
- byte tag2[] = {
- 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
- 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
- };
- byte key3[] = {
- 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
- 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
- };
- byte iv3[] = {
- 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
- 0x6a, 0x4b, 0xd5, 0xe1
- };
- byte tag3[] = {
- 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
- 0x11, 0x64, 0xb2, 0xff
- };
- int ret;
- ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
- plain1, sizeof(plain1), cipher1, sizeof(cipher1),
- aad1, sizeof(aad1), tag1, sizeof(tag1));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
- plain2, sizeof(plain2), cipher2, sizeof(cipher2),
- NULL, 0, tag2, sizeof(tag2));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
- NULL, 0, NULL, 0,
- NULL, 0, tag3, sizeof(tag3));
- if (ret != 0) {
- return ret;
- }
- return 0;
- }
- int aesgcm_test(void)
- {
- Aes enc;
- /*
- * This is Test Case 16 from the document Galois/
- * Counter Mode of Operation (GCM) by McGrew and
- * Viega.
- */
- const byte p[] =
- {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
- 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
- 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
- 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
- 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
- 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
- 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
- 0xba, 0x63, 0x7b, 0x39
- };
- const byte a[] =
- {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- #ifdef WOLFSSL_AES_256
- const byte k1[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
- };
- const byte iv1[] =
- {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
- 0xde, 0xca, 0xf8, 0x88
- };
- const byte c1[] =
- {
- 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
- 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
- 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
- 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
- 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
- 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
- 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
- 0xbc, 0xc9, 0xf6, 0x62
- };
- #endif /* WOLFSSL_AES_256 */
- const byte t1[] =
- {
- 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
- 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
- };
- /* FIPS, QAT and STM32F2/4 HW Crypto only support 12-byte IV */
- #if !defined(HAVE_FIPS) && \
- !defined(STM32_CRYPTO) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
- !defined(WOLFSSL_XILINX_CRYPT)
- #define ENABLE_NON_12BYTE_IV_TEST
- #ifdef WOLFSSL_AES_192
- /* Test Case 12, uses same plaintext and AAD data. */
- const byte k2[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
- };
- const byte iv2[] =
- {
- 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
- 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
- 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
- 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
- 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
- 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
- 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
- 0xa6, 0x37, 0xb3, 0x9b
- };
- const byte c2[] =
- {
- 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
- 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
- 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
- 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
- 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
- 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
- 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
- 0xe9, 0xb7, 0x37, 0x3b
- };
- const byte t2[] =
- {
- 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
- 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- /* The following is an interesting test case from the example
- * FIPS test vectors for AES-GCM. IVlen = 1 byte */
- const byte p3[] =
- {
- 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
- 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
- };
- const byte k3[] =
- {
- 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
- 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
- };
- const byte iv3[] =
- {
- 0xca
- };
- const byte c3[] =
- {
- 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
- 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
- };
- const byte a3[] =
- {
- 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
- 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
- };
- const byte t3[] =
- {
- 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
- 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- int ivlen;
- #endif
- #endif
- byte resultT[sizeof(t1)];
- byte resultP[sizeof(p)];
- byte resultC[sizeof(p)];
- int result;
- #ifdef WOLFSSL_AES_256
- int alen, plen;
- #endif
- #if !defined(BENCH_EMBEDDED)
- #ifndef BENCH_AESGCM_LARGE
- #define BENCH_AESGCM_LARGE 1024
- #endif
- byte large_input[BENCH_AESGCM_LARGE];
- byte large_output[BENCH_AESGCM_LARGE];
- byte large_outdec[BENCH_AESGCM_LARGE];
- XMEMSET(large_input, 0, sizeof(large_input));
- XMEMSET(large_output, 0, sizeof(large_output));
- XMEMSET(large_outdec, 0, sizeof(large_outdec));
- #endif
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) {
- return -5700;
- }
- #ifdef WOLFSSL_AES_256
- result = wc_AesGcmSetKey(&enc, k1, sizeof(k1));
- if (result != 0)
- return -5701;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5702;
- if (XMEMCMP(c1, resultC, sizeof(resultC)))
- return -5703;
- if (XMEMCMP(t1, resultT, sizeof(resultT)))
- return -5704;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC),
- iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5705;
- if (XMEMCMP(p, resultP, sizeof(resultP)))
- return -5706;
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5707;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5708;
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- return -5709;
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #ifdef ENABLE_NON_12BYTE_IV_TEST
- /* Variable IV length test */
- for (ivlen=0; ivlen<(int)sizeof(k1); ivlen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), k1,
- (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5710;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), k1,
- (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5711;
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- /* Variable authenticated data length test */
- for (alen=0; alen<(int)sizeof(p); alen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1,
- sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5712;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv1,
- sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5713;
- #endif /* HAVE_AES_DECRYPT */
- }
- #ifdef BENCH_AESGCM_LARGE
- /* Variable plain text length test */
- for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, large_output, large_input,
- plen, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5714;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, large_outdec, large_output,
- plen, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5715;
- #endif /* HAVE_AES_DECRYPT */
- }
- #else
- /* Variable plain text length test */
- for (plen=1; plen<(int)sizeof(p); plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, p, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5716;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, resultP, resultC, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5717;
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* BENCH_AESGCM_LARGE */
- #endif /* WOLFSSL_AES_256 */
- /* test with IV != 12 bytes */
- #ifdef ENABLE_NON_12BYTE_IV_TEST
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #ifdef WOLFSSL_AES_192
- wc_AesGcmSetKey(&enc, k2, sizeof(k2));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5718;
- if (XMEMCMP(c2, resultC, sizeof(resultC)))
- return -5719;
- if (XMEMCMP(t2, resultT, sizeof(resultT)))
- return -5720;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC),
- iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5721;
- if (XMEMCMP(p, resultP, sizeof(resultP)))
- return -5722;
- #endif /* HAVE_AES_DECRYPT */
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- wc_AesGcmSetKey(&enc, k3, sizeof(k3));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
- resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5723;
- if (XMEMCMP(c3, resultC, sizeof(c3)))
- return -5724;
- if (XMEMCMP(t3, resultT, sizeof(t3)))
- return -5725;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c3),
- iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5726;
- if (XMEMCMP(p3, resultP, sizeof(p3)))
- return -5727;
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #endif /* ENABLE_NON_12BYTE_IV_TEST */
- #ifdef WOLFSSL_AES_256
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(&enc, k1, sizeof(k1));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5728;
- if (XMEMCMP(c1, resultC, sizeof(resultC)))
- return -5729;
- if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1))
- return -5730;
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC),
- iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -5731;
- if (XMEMCMP(p, resultP, sizeof(resultP)))
- return -5732;
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- /* Test encrypt with internally generated IV */
- #if !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST))
- {
- WC_RNG rng;
- byte randIV[12];
- result = wc_InitRng(&rng);
- if (result != 0)
- return -8208;
- XMEMSET(randIV, 0, sizeof(randIV));
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(&enc, k1, sizeof(k1));
- result = wc_AesGcmSetIV(&enc, sizeof(randIV), NULL, 0, &rng);
- if (result != 0)
- return -8213;
- result = wc_AesGcmEncrypt_ex(&enc,
- resultC, p, sizeof(p),
- randIV, sizeof(randIV),
- resultT, sizeof(resultT),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -8209;
- /* Check the IV has been set. */
- {
- word32 i, ivSum = 0;
- for (i = 0; i < sizeof(randIV); i++)
- ivSum += randIV[i];
- if (ivSum == 0)
- return -8210;
- }
- result = wc_AesGcmDecrypt(&enc,
- resultP, resultC, sizeof(resultC),
- randIV, sizeof(randIV),
- resultT, sizeof(resultT),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- return -8211;
- if (XMEMCMP(p, resultP, sizeof(resultP)))
- return -8212;
- wc_FreeRng(&rng);
- }
- #endif /* WC_NO_RNG HAVE_SELFTEST */
- #endif
- wc_AesFree(&enc);
- return 0;
- }
- #ifdef WOLFSSL_AES_128
- int gmac_test(void)
- {
- Gmac gmac;
- const byte k1[] =
- {
- 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
- 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
- };
- const byte iv1[] =
- {
- 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
- 0xe2, 0x8c, 0x8f, 0x16
- };
- const byte a1[] =
- {
- 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
- 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
- };
- const byte t1[] =
- {
- 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- /* FIPS builds only allow 16-byte auth tags. */
- /* This sample uses a 15-byte auth tag. */
- const byte k2[] =
- {
- 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
- 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
- };
- const byte iv2[] =
- {
- 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
- 0x1a, 0x60, 0x24, 0xa7
- };
- const byte a2[] =
- {
- 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
- 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
- };
- const byte t2[] =
- {
- 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
- 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
- };
- #endif
- byte tag[16];
- XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(&gmac, k1, sizeof(k1));
- wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
- if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
- return -5800;
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(&gmac, k2, sizeof(k2));
- wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
- if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
- return -5801;
- #if !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST))
- {
- const byte badT[] =
- {
- 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- WC_RNG rng;
- byte iv[12];
- #ifndef HAVE_FIPS
- if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0)
- return -8214;
- #else
- if (wc_InitRng(&rng) != 0)
- return -8214;
- #endif
- if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- t1, sizeof(t1)) != 0)
- return -8215;
- if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- badT, sizeof(badT)) != AES_GCM_AUTH_E)
- return -8216;
- if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
- t2, sizeof(t2)) != 0)
- return -8217;
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(iv, 0, sizeof(iv));
- if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag), &rng) != 0)
- return -8218;
- if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag)) != 0)
- return -8219;
- wc_FreeRng(&rng);
- }
- #endif /* WC_NO_RNG HAVE_SELFTEST */
- #endif /* HAVE_FIPS */
- return 0;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AESGCM */
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- int aesccm_test(void)
- {
- Aes enc;
- /* key */
- const byte k[] =
- {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- /* nonce */
- const byte iv[] =
- {
- 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
- 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
- };
- /* plaintext */
- const byte p[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
- };
- const byte a[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- const byte c[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
- };
- const byte t[] =
- {
- 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
- };
- byte t2[sizeof(t)];
- byte p2[sizeof(p)];
- byte c2[sizeof(c)];
- byte iv2[sizeof(iv)];
- int result;
- XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- result = wc_AesCcmSetKey(&enc, k, sizeof(k));
- if (result != 0)
- return -5900;
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result != 0)
- return -5901;
- if (XMEMCMP(c, c2, sizeof(c2)))
- return -5902;
- if (XMEMCMP(t, t2, sizeof(t2)))
- return -5903;
- result = wc_AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result != 0)
- return -5904;
- if (XMEMCMP(p, p2, sizeof(p2)))
- return -5905;
- /* Test the authentication failure */
- t2[0]++; /* Corrupt the authentication tag. */
- result = wc_AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result == 0)
- return -5906;
- /* Clear c2 to compare against p2. p2 should be set to zero in case of
- * authentication fail. */
- XMEMSET(c2, 0, sizeof(c2));
- if (XMEMCMP(p2, c2, sizeof(p2)))
- return -5907;
- XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- XMEMSET(iv2, 0, sizeof(iv2));
- if (wc_AesCcmSetKey(&enc, k, sizeof(k)) != 0)
- return -8220;
- if (wc_AesCcmSetNonce(&enc, iv, sizeof(iv)) != 0)
- return -8221;
- if (wc_AesCcmEncrypt_ex(&enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
- t2, sizeof(t2), a, sizeof(a)) != 0)
- return -8222;
- if (XMEMCMP(iv, iv2, sizeof(iv2)))
- return -8223;
- if (XMEMCMP(c, c2, sizeof(c2)))
- return -8224;
- if (XMEMCMP(t, t2, sizeof(t2)))
- return -8225;
- return 0;
- }
- #endif /* HAVE_AESCCM WOLFSSL_AES_128 */
- #ifdef HAVE_AES_KEYWRAP
- #define MAX_KEYWRAP_TEST_OUTLEN 40
- #define MAX_KEYWRAP_TEST_PLAINLEN 32
- typedef struct keywrapVector {
- const byte* kek;
- const byte* data;
- const byte* verify;
- word32 kekLen;
- word32 dataLen;
- word32 verifyLen;
- } keywrapVector;
- int aeskeywrap_test(void)
- {
- int wrapSz, plainSz, testSz, i;
- /* test vectors from RFC 3394 (kek, data, verify) */
- #ifdef WOLFSSL_AES_128
- /* Wrap 128 bits of Key Data with a 128-bit KEK */
- const byte k1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- const byte d1[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- const byte v1[] = {
- 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
- 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
- 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* Wrap 128 bits of Key Data with a 192-bit KEK */
- const byte k2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- const byte d2[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- const byte v2[] = {
- 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
- 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
- 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 128 bits of Key Data with a 256-bit KEK */
- const byte k3[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- const byte d3[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- const byte v3[] = {
- 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
- 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
- 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
- };
- #endif
- #ifdef WOLFSSL_AES_192
- /* Wrap 192 bits of Key Data with a 192-bit KEK */
- const byte k4[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- const byte d4[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- const byte v4[] = {
- 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
- 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
- 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
- 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 192 bits of Key Data with a 256-bit KEK */
- const byte k5[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- const byte d5[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- const byte v5[] = {
- 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
- 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
- 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
- 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
- };
- /* Wrap 256 bits of Key Data with a 256-bit KEK */
- const byte k6[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- const byte d6[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- const byte v6[] = {
- 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
- 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
- 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
- 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
- 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
- };
- #endif /* WOLFSSL_AES_256 */
- byte output[MAX_KEYWRAP_TEST_OUTLEN];
- byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
- const keywrapVector test_wrap[] =
- {
- #ifdef WOLFSSL_AES_128
- {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
- {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
- #endif
- };
- testSz = sizeof(test_wrap) / sizeof(keywrapVector);
- XMEMSET(output, 0, sizeof(output));
- XMEMSET(plain, 0, sizeof(plain));
- for (i = 0; i < testSz; i++) {
- wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
- test_wrap[i].data, test_wrap[i].dataLen,
- output, sizeof(output), NULL);
- if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
- return -6000;
- if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
- return -6001;
- plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
- output, wrapSz,
- plain, sizeof(plain), NULL);
- if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
- return -6002;
- if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
- return -6003 - i;
- }
- return 0;
- }
- #endif /* HAVE_AES_KEYWRAP */
- #endif /* NO_AES */
- #ifdef HAVE_CAMELLIA
- enum {
- CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
- };
- typedef struct {
- int type;
- const byte* plaintext;
- const byte* iv;
- const byte* ciphertext;
- const byte* key;
- word32 keySz;
- int errorCode;
- } test_vector_t;
- int camellia_test(void)
- {
- /* Camellia ECB Test Plaintext */
- static const byte pte[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- /* Camellia ECB Test Initialization Vector */
- static const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- /* Test 1: Camellia ECB 128-bit key */
- static const byte k1[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- static const byte c1[] =
- {
- 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
- 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
- };
- /* Test 2: Camellia ECB 192-bit key */
- static const byte k2[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- static const byte c2[] =
- {
- 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
- 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
- };
- /* Test 3: Camellia ECB 256-bit key */
- static const byte k3[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- static const byte c3[] =
- {
- 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
- 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
- };
- /* Camellia CBC Test Plaintext */
- static const byte ptc[] =
- {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- /* Camellia CBC Test Initialization Vector */
- static const byte ivc[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- /* Test 4: Camellia-CBC 128-bit key */
- static const byte k4[] =
- {
- 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
- 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
- };
- static const byte c4[] =
- {
- 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
- 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
- };
- /* Test 5: Camellia-CBC 192-bit key */
- static const byte k5[] =
- {
- 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
- 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
- 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
- };
- static const byte c5[] =
- {
- 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
- 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
- };
- /* Test 6: CBC 256-bit key */
- static const byte k6[] =
- {
- 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
- 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
- 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
- 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
- };
- static const byte c6[] =
- {
- 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
- 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
- };
- byte out[CAMELLIA_BLOCK_SIZE];
- Camellia cam;
- int i, testsSz, ret;
- const test_vector_t testVectors[] =
- {
- {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
- {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
- {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
- {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
- {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
- {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
- {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
- {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
- {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
- {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
- {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
- {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
- };
- testsSz = sizeof(testVectors)/sizeof(test_vector_t);
- for (i = 0; i < testsSz; i++) {
- if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
- testVectors[i].iv) != 0)
- return testVectors[i].errorCode;
- switch (testVectors[i].type) {
- case CAM_ECB_ENC:
- ret = wc_CamelliaEncryptDirect(&cam, out,
- testVectors[i].plaintext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_ECB_DEC:
- ret = wc_CamelliaDecryptDirect(&cam, out,
- testVectors[i].ciphertext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_ENC:
- ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_DEC:
- ret = wc_CamelliaCbcDecrypt(&cam, out,
- testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- default:
- break;
- }
- }
- /* Setting the IV and checking it was actually set. */
- ret = wc_CamelliaSetIV(&cam, ivc);
- if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
- return -6100;
- /* Setting the IV to NULL should be same as all zeros IV */
- if (wc_CamelliaSetIV(&cam, NULL) != 0 ||
- XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
- return -6101;
- /* First parameter should never be null */
- if (wc_CamelliaSetIV(NULL, NULL) == 0)
- return -6102;
- /* First parameter should never be null, check it fails */
- if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
- return -6103;
- /* Key should have a size of 16, 24, or 32 */
- if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
- return -6104;
- return 0;
- }
- #endif /* HAVE_CAMELLIA */
- #ifdef HAVE_IDEA
- int idea_test(void)
- {
- int ret;
- word16 i, j;
- Idea idea;
- byte data[IDEA_BLOCK_SIZE];
- /* Project NESSIE test vectors */
- #define IDEA_NB_TESTS 6
- #define IDEA_NB_TESTS_EXTRA 4
- const byte v_key[IDEA_NB_TESTS][IDEA_KEY_SIZE] = {
- { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
- 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
- { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57,
- 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
- { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
- 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
- { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
- 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
- };
- const byte v1_plain[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
- { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
- { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
- { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
- { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
- { 0xDB, 0x2D, 0x4A, 0x92, 0xAA, 0x68, 0x27, 0x3F },
- { 0xF1, 0x29, 0xA6, 0x60, 0x1E, 0xF6, 0x2A, 0x47 },
- };
- byte v1_cipher[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
- { 0x54, 0xCF, 0x21, 0xE3, 0x89, 0xD8, 0x73, 0xEC },
- { 0x85, 0x52, 0x4D, 0x41, 0x0E, 0xB4, 0x28, 0xAE },
- { 0xF5, 0x26, 0xAB, 0x9A, 0x62, 0xC0, 0xD2, 0x58 },
- { 0xC8, 0xFB, 0x51, 0xD3, 0x51, 0x66, 0x27, 0xA8 },
- { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
- { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
- };
- byte v1_cipher_100[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
- { 0x12, 0x46, 0x2F, 0xD0, 0xFB, 0x3A, 0x63, 0x39 },
- { 0x15, 0x61, 0xE8, 0xC9, 0x04, 0x54, 0x8B, 0xE9 },
- { 0x42, 0x12, 0x2A, 0x94, 0xB0, 0xF6, 0xD2, 0x43 },
- { 0x53, 0x4D, 0xCD, 0x48, 0xDD, 0xD5, 0xF5, 0x9C },
- };
- byte v1_cipher_1000[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
- { 0x44, 0x1B, 0x38, 0x5C, 0x77, 0x29, 0x75, 0x34 },
- { 0xF0, 0x4E, 0x58, 0x88, 0x44, 0x99, 0x22, 0x2D },
- { 0xB3, 0x5F, 0x93, 0x7F, 0x6A, 0xA0, 0xCD, 0x1F },
- { 0x9A, 0xEA, 0x46, 0x8F, 0x42, 0x9B, 0xBA, 0x15 },
- };
- /* CBC test */
- const char *message = "International Data Encryption Algorithm";
- byte msg_enc[40], msg_dec[40];
- for (i = 0; i < IDEA_NB_TESTS; i++) {
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- NULL, IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6200;
- }
- /* Data encryption */
- ret = wc_IdeaCipher(&idea, data, v1_plain[i]);
- if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad encryption\n");
- return -6201;
- }
- /* Set decryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- NULL, IDEA_DECRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (dec) failed\n");
- return -6202;
- }
- /* Data decryption */
- ret = wc_IdeaCipher(&idea, data, data);
- if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad decryption\n");
- return -6203;
- }
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- v_key[i], IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6204;
- }
- XMEMSET(msg_enc, 0, sizeof(msg_enc));
- ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
- (word32)XSTRLEN(message)+1);
- if (ret != 0) {
- printf("wc_IdeaCbcEncrypt failed\n");
- return -6205;
- }
- /* Set decryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- v_key[i], IDEA_DECRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (dec) failed\n");
- return -6206;
- }
- XMEMSET(msg_dec, 0, sizeof(msg_dec));
- ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
- (word32)XSTRLEN(message)+1);
- if (ret != 0) {
- printf("wc_IdeaCbcDecrypt failed\n");
- return -6207;
- }
- if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
- printf("Bad CBC decryption\n");
- return -6208;
- }
- }
- for (i = 0; i < IDEA_NB_TESTS_EXTRA; i++) {
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- NULL, IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6209;
- }
- /* 100 times data encryption */
- XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
- for (j = 0; j < 100; j++) {
- ret = wc_IdeaCipher(&idea, data, data);
- if (ret != 0) {
- return -6210;
- }
- }
- if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad encryption (100 times)\n");
- return -6211;
- }
- /* 1000 times data encryption */
- XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
- for (j = 0; j < 1000; j++) {
- ret = wc_IdeaCipher(&idea, data, data);
- if (ret != 0) {
- return -6212;
- }
- }
- if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad encryption (100 times)\n");
- return -6213;
- }
- }
- #ifndef WC_NO_RNG
- /* random test for CBC */
- {
- WC_RNG rng;
- byte key[IDEA_KEY_SIZE], iv[IDEA_BLOCK_SIZE],
- rnd[1000], enc[1000], dec[1000];
- /* random values */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -6214;
- for (i = 0; i < 1000; i++) {
- /* random key */
- ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
- if (ret != 0)
- return -6215;
- /* random iv */
- ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv));
- if (ret != 0)
- return -6216;
- /* random data */
- ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd));
- if (ret != 0)
- return -6217;
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6218;
- }
- /* Data encryption */
- XMEMSET(enc, 0, sizeof(enc));
- ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd));
- if (ret != 0) {
- printf("wc_IdeaCbcEncrypt failed\n");
- return -6219;
- }
- /* Set decryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6220;
- }
- /* Data decryption */
- XMEMSET(dec, 0, sizeof(dec));
- ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc));
- if (ret != 0) {
- printf("wc_IdeaCbcDecrypt failed\n");
- return -6221;
- }
- if (XMEMCMP(rnd, dec, sizeof(rnd))) {
- printf("Bad CBC decryption\n");
- return -6222;
- }
- }
- wc_FreeRng(&rng);
- }
- #endif /* WC_NO_RNG */
- return 0;
- }
- #endif /* HAVE_IDEA */
- #ifndef WC_NO_RNG
- static int random_rng_test(void)
- {
- WC_RNG rng;
- byte block[32];
- int ret, i;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) return -6300;
- XMEMSET(block, 0, sizeof(block));
- ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block));
- if (ret != 0) {
- ret = -6301;
- goto exit;
- }
- /* Check for 0's */
- for (i=0; i<(int)sizeof(block); i++) {
- if (block[i] == 0) {
- ret++;
- }
- }
- /* All zeros count check */
- if (ret >= (int)sizeof(block)) {
- ret = -6302;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(&rng, block);
- if (ret != 0) {
- ret = -6303;
- goto exit;
- }
- /* Parameter validation testing. */
- ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = -6304;
- goto exit;
- }
- ret = wc_RNG_GenerateBlock(&rng, NULL, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = -6305;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(NULL, block);
- if (ret != BAD_FUNC_ARG) {
- ret = -6306;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(&rng, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -6307;
- goto exit;
- }
- ret = 0;
- exit:
- /* Make sure and free RNG */
- wc_FreeRng(&rng);
- return ret;
- }
- #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- int random_test(void)
- {
- const byte test1Entropy[] =
- {
- 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
- 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
- 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
- 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
- };
- const byte test1Output[] =
- {
- 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
- 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
- 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
- 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
- 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
- 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
- 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
- 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
- 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
- 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
- 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
- };
- const byte test2EntropyA[] =
- {
- 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
- 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
- 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
- 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
- };
- const byte test2EntropyB[] =
- {
- 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
- 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
- 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
- };
- const byte test2Output[] =
- {
- 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
- 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
- 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
- 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
- 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
- 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
- 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
- 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
- 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
- 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
- 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
- };
- byte output[WC_SHA256_DIGEST_SIZE * 4];
- int ret;
- ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
- output, sizeof(output));
- if (ret != 0)
- return -6400;
- if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
- return -6401;
- ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
- test2EntropyB, sizeof(test2EntropyB),
- output, sizeof(output));
- if (ret != 0)
- return -6402;
- if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
- return -6403;
- /* Basic RNG generate block test */
- if ((ret = random_rng_test()) != 0)
- return ret;
- return 0;
- }
- #else
- int random_test(void)
- {
- /* Basic RNG generate block test */
- return random_rng_test();
- }
- #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
- #endif /* WC_NO_RNG */
- #ifdef WOLFSSL_STATIC_MEMORY
- int memory_test(void)
- {
- int ret = 0;
- unsigned int i;
- word32 size[] = { WOLFMEM_BUCKETS };
- word32 dist[] = { WOLFMEM_DIST };
- byte buffer[30000]; /* make large enough to involve many bucket sizes */
- int pad = -(int)((wolfssl_word)&(buffer[0])) & (WOLFSSL_STATIC_ALIGN - 1);
- /* pad to account for if head of buffer is not at set memory
- * alignment when tests are ran */
- /* check macro settings */
- if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
- return -6500;
- }
- if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
- return -6501;
- }
- for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
- if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
- /* each element in array should be divisable by alignment size */
- return -6502;
- }
- }
- for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) {
- if (size[i - 1] >= size[i]) {
- return -6503; /* sizes should be in increasing order */
- }
- }
- /* check that padding size returned is possible */
- if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
- return -6504; /* no room for wc_Memory struct */
- }
- if (wolfSSL_MemoryPaddingSz() < 0) {
- return -6505;
- }
- if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
- return -6506; /* not aligned! */
- }
- /* check function to return optimum buffer size (rounded down) */
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
- if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
- return -6507; /* not aligned! */
- }
- if (ret < 0) {
- return -6508;
- }
- if ((unsigned int)ret > sizeof(buffer)) {
- return -6509; /* did not round down as expected */
- }
- if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
- return -6510; /* retrun value changed when using suggested value */
- }
- ret = wolfSSL_MemoryPaddingSz();
- ret += pad; /* add space that is going to be needed if buffer not aligned */
- if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
- (ret + (int)size[0])) {
- return -6511; /* did not round down to nearest bucket value */
- }
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
- if ((ret - pad) < 0) {
- return -6512;
- }
- if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
- return -6513; /* not even chunks of memory for IO size */
- }
- if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
- return -6514; /* memory not aligned */
- }
- /* check for passing bad or unknown argments to functions */
- if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
- return -6515;
- }
- if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
- return -6516; /* should round to 0 since struct + bucket will not fit */
- }
- (void)dist; /* avoid static analysis warning of variable not used */
- return 0;
- }
- #endif /* WOLFSSL_STATIC_MEMORY */
- #ifdef HAVE_NTRU
- byte GetEntropy(ENTROPY_CMD cmd, byte* out);
- byte GetEntropy(ENTROPY_CMD cmd, byte* out)
- {
- static WC_RNG rng;
- if (cmd == INIT)
- return (wc_InitRng(&rng) == 0) ? 1 : 0;
- if (out == NULL)
- return 0;
- if (cmd == GET_BYTE_OF_ENTROPY)
- return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
- if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
- *out = 1;
- return 1;
- }
- return 0;
- }
- #endif /* HAVE_NTRU */
- #ifndef NO_FILESYSTEM
- /* Cert Paths */
- #ifdef FREESCALE_MQX
- #define CERT_PREFIX "a:\\"
- #define CERT_PATH_SEP "\\"
- #elif defined(WOLFSSL_uTKERNEL2)
- #define CERT_PREFIX "/uda/"
- #define CERT_PATH_SEP "/"
- #else
- #define CERT_PREFIX "./"
- #define CERT_PATH_SEP "/"
- #endif
- #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
- /* Generated Test Certs */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(NO_ASN)
- #ifndef NO_RSA
- static const char* clientKey = CERT_ROOT "client-key.der";
- static const char* clientCert = CERT_ROOT "client-cert.der";
- #ifdef WOLFSSL_CERT_EXT
- static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
- #endif
- #ifdef WOLFSSL_CERT_GEN
- static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
- static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
- #ifdef WOLFSSL_ALT_NAMES
- static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
- #endif
- #endif
- #endif /* !NO_RSA */
- #ifndef NO_DH
- static const char* dhKey = CERT_ROOT "dh2048.der";
- #endif
- #ifndef NO_DSA
- static const char* dsaKey = CERT_ROOT "dsa2048.der";
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
- #ifdef HAVE_ECC
- /* cert files to be used in rsa cert gen test, check if RSA enabled */
- #ifdef HAVE_ECC_KEY_IMPORT
- static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
- #endif
- #ifdef WOLFSSL_CERT_GEN
- static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
- static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
- static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- static const char* eccCaKey384File =
- CERT_ROOT "ca-ecc384-key.der";
- static const char* eccCaCert384File =
- CERT_ROOT "ca-ecc384-cert.pem";
- #endif
- #endif
- #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
- static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
- static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
- #endif
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd25519Cert =
- CERT_ROOT "ed25519/server-ed25519.der";
- static const char* caEd25519Cert =
- CERT_ROOT "ed25519/ca-ed25519.der";
- #endif
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #ifndef NO_WRITE_TEMP_FILES
- #ifdef HAVE_ECC
- #ifdef WOLFSSL_CERT_GEN
- static const char* certEccPemFile = CERT_PREFIX "certecc.pem";
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
- static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem";
- static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der";
- #endif
- #ifdef WOLFSSL_KEY_GEN
- static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem";
- static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der";
- static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der";
- static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der";
- #endif
- #if defined(WOLFSSL_CERT_GEN) || \
- (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
- static const char* certEccDerFile = CERT_PREFIX "certecc.der";
- #endif
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- #ifdef WOLFSSL_CERT_GEN
- static const char* otherCertDerFile = CERT_PREFIX "othercert.der";
- static const char* certDerFile = CERT_PREFIX "cert.der";
- #endif
- #ifdef WOLFSSL_CERT_GEN
- static const char* otherCertPemFile = CERT_PREFIX "othercert.pem";
- static const char* certPemFile = CERT_PREFIX "cert.pem";
- #endif
- #ifdef WOLFSSL_CERT_REQ
- static const char* certReqDerFile = CERT_PREFIX "certreq.der";
- static const char* certReqPemFile = CERT_PREFIX "certreq.pem";
- #endif
- #endif /* !NO_RSA */
- #if !defined(NO_RSA) || !defined(NO_DSA)
- #ifdef WOLFSSL_KEY_GEN
- static const char* keyDerFile = CERT_PREFIX "key.der";
- static const char* keyPemFile = CERT_PREFIX "key.pem";
- #endif
- #endif
- #endif /* !NO_WRITE_TEMP_FILES */
- #endif /* !NO_FILESYSTEM */
- #ifdef WOLFSSL_CERT_GEN
- #ifdef WOLFSSL_MULTI_ATTRIB
- static CertName certDefaultName;
- static void initDefaultName(void)
- {
- XMEMCPY(certDefaultName.country, "US", sizeof("US"));
- certDefaultName.countryEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
- certDefaultName.stateEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
- certDefaultName.localityEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
- certDefaultName.surEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
- certDefaultName.orgEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
- certDefaultName.unitEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
- certDefaultName.commonNameEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
- certDefaultName.serialDevEnc = CTC_PRINTABLE;
- #ifdef WOLFSSL_CERT_EXT
- XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
- certDefaultName.busCatEnc = CTC_UTF8;
- #endif
- XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
- #ifdef WOLFSSL_TEST_CERT
- {
- NameAttrib* n;
- /* test having additional OUs and setting DC */
- n = &certDefaultName.name[0];
- n->id = ASN_ORGUNIT_NAME;
- n->type = CTC_UTF8;
- n->sz = sizeof("Development-2");
- XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
- #if CTC_MAX_ATTRIB > 3
- n = &certDefaultName.name[1];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("com");
- XMEMCPY(n->value, "com", sizeof("com"));
- n = &certDefaultName.name[2];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("wolfssl");
- XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
- #endif
- }
- #endif /* WOLFSSL_TEST_CERT */
- }
- #else
- static const CertName certDefaultName = {
- "US", CTC_PRINTABLE, /* country */
- "Oregon", CTC_UTF8, /* state */
- "Portland", CTC_UTF8, /* locality */
- "Test", CTC_UTF8, /* sur */
- "wolfSSL", CTC_UTF8, /* org */
- "Development", CTC_UTF8, /* unit */
- "www.wolfssl.com", CTC_UTF8, /* commonName */
- "wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
- #ifdef WOLFSSL_CERT_EXT
- "Private Organization", CTC_UTF8, /* businessCategory */
- "US", CTC_PRINTABLE, /* jurisdiction country */
- "Oregon", CTC_PRINTABLE, /* jurisdiction state */
- #endif
- "info@wolfssl.com" /* email */
- };
- #endif /* WOLFSSL_MULTI_ATTRIB */
- #ifdef WOLFSSL_CERT_EXT
- #if (defined(HAVE_ED25519) && defined(WOLFSSL_TEST_CERT)) || \
- defined(HAVE_ECC)
- static const char certKeyUsage[] =
- "digitalSignature,nonRepudiation";
- #endif
- #if defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)
- static const char certKeyUsage2[] =
- "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
- #endif
- #endif /* WOLFSSL_CERT_EXT */
- #endif /* WOLFSSL_CERT_GEN */
- #ifndef NO_RSA
- #ifdef WOLFSSL_TEST_CERT
- int cert_test(void)
- {
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- FILE *file;
- int ret;
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return -6600;
- /* Certificate with Name Constraints extension. */
- #ifdef FREESCALE_MQX
- file = fopen(".\\certs\\test\\cert-ext-nc.der", "rb");
- #else
- file = fopen("./certs/test/cert-ext-nc.der", "rb");
- #endif
- if (!file) {
- ERROR_OUT(-6601, done);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-6602, done);
- }
- FreeDecodedCert(&cert);
- /* Certificate with Inhibit Any Policy extension. */
- #ifdef FREESCALE_MQX
- file = fopen(".\\certs\\test\\cert-ext-ia.der", "rb");
- #else
- file = fopen("./certs/test/cert-ext-ia.der", "rb");
- #endif
- if (!file) {
- ERROR_OUT(-6603, done);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-6604, done);
- }
- done:
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)
- int certext_test(void)
- {
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- FILE *file;
- int ret;
- /* created from rsa_test : othercert.der */
- byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- /* created from rsa_test : othercert.der */
- byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
- "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
- #ifdef HAVE_ECC
- /* created from ecc_test_cert_gen : certecc.der */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Authority key id from ./certs/ca-ecc384-cert.pem */
- byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
- "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
- #else
- /* Authority key id from ./certs/ca-ecc-cert.pem */
- byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
- "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
- #endif
- #endif /* HAVE_ECC */
- /* created from rsa_test : cert.der */
- byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return -6700;
- /* load othercert.der (Cert signed by an authority) */
- file = fopen(otherCertDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -6701;
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -6702;
- /* check the SKID from a RSA certificate */
- if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return -6703;
- /* check the AKID from an RSA certificate */
- if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -6704;
- /* check the Key Usage from an RSA certificate */
- if (!cert.extKeyUsageSet)
- return -6705;
- if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
- return -6706;
- /* check the CA Basic Constraints from an RSA certificate */
- if (cert.isCA)
- return -6707;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 1)
- return -6708;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return -6709;
- #endif
- FreeDecodedCert(&cert);
- #ifdef HAVE_ECC
- /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
- file = fopen(certEccDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -6710;
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -6711;
- /* check the SKID from a ECC certificate - generated dynamically */
- /* check the AKID from an ECC certificate */
- if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -6712;
- /* check the Key Usage from an ECC certificate */
- if (!cert.extKeyUsageSet)
- return -6713;
- if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
- return -6714;
- /* check the CA Basic Constraints from an ECC certificate */
- if (cert.isCA)
- return -6715;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return -6716;
- if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
- return -6717;
- if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
- return -6718;
- #endif
- FreeDecodedCert(&cert);
- #endif /* HAVE_ECC */
- /* load cert.der (self signed certificate) */
- file = fopen(certDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -6719;
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -6720;
- /* check the SKID from a CA certificate */
- if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return -6721;
- /* check the AKID from an CA certificate */
- if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -6722;
- /* check the Key Usage from CA certificate */
- if (!cert.extKeyUsageSet)
- return -6723;
- if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
- return -6724;
- /* check the CA Basic Constraints CA certificate */
- if (!cert.isCA)
- return -6725;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return -6726;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return -6727;
- if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
- return -6728;
- #endif
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
- static int rsa_flatten_test(RsaKey* key)
- {
- int ret;
- byte e[256];
- byte n[256];
- word32 eSz = sizeof(e);
- word32 nSz = sizeof(n);
- /* Parameter Validation testing. */
- ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -6729;
- ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -6730;
- ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -6731;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -6732;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -6733;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != 0)
- return -6734;
- eSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #elif defined(HAVE_FIPS) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
- if (ret != 0)
- #else
- if (ret != RSA_BUFFER_E)
- #endif
- return -6735;
- eSz = sizeof(e);
- nSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != RSA_BUFFER_E)
- #endif
- return -6736;
- return 0;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA)
- static int rsa_export_key_test(RsaKey* key)
- {
- int ret;
- byte e[3];
- word32 eSz = sizeof(e);
- byte n[256];
- word32 nSz = sizeof(n);
- byte d[256];
- word32 dSz = sizeof(d);
- byte p[128];
- word32 pSz = sizeof(p);
- byte q[128];
- word32 qSz = sizeof(q);
- word32 zero = 0;
- ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6737;
- ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6738;
- ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6739;
- ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6740;
- ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6741;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6742;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6743;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6744;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6745;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -6746;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
- if (ret != BAD_FUNC_ARG)
- return -6747;
- ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -6748;
- ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -6749;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -6750;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -6751;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
- if (ret != RSA_BUFFER_E)
- return -6752;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != 0)
- return -6753;
- return 0;
- }
- #endif /* !HAVE_FIPS */
- #ifndef NO_SIG_WRAPPER
- static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
- {
- int ret;
- word32 sigSz;
- const byte in[] = "Everyone gets Friday off.";
- const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- const byte hashEnc[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20,
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[256];
- /* Parameter Validation testing. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -6754;
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
- if (ret != BAD_FUNC_ARG)
- return -6755;
- sigSz = (word32)modLen;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -6756;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -6757;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -6758;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, NULL, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -6759;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, NULL, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -6760;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, 0, rng);
- if (ret != BAD_FUNC_ARG)
- return -6761;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, NULL);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
- /* async may not require RNG */
- if (ret != 0 && ret != MISSING_RNG_E)
- #elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \
- !defined(WC_RSA_BLINDING)
- /* FIPS140 implementation does not do blinding */
- if (ret != 0)
- #else
- if (ret != MISSING_RNG_E)
- #endif
- return -6762;
- sigSz = 0;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -6763;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -6764;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -6765;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -6766;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, 0, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -6767;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, NULL, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -6768;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, 0);
- if (ret != BAD_FUNC_ARG)
- return -6769;
- #ifndef HAVE_ECC
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
- if (ret != SIG_TYPE_E)
- return -6770;
- #endif
- /* Use APIs. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
- if (ret != modLen)
- return -6771;
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
- if (ret != modLen)
- return -6772;
- sigSz = (word32)ret;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -6773;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -6774;
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -6775;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -6776;
- /* Wrong signature type. */
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret == 0)
- return -6777;
- /* check hash functions */
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -6778;
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -6779;
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -6780;
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -6781;
- return 0;
- }
- #endif /* !NO_SIG_WRAPPER */
- #ifndef HAVE_USER_RSA
- static int rsa_decode_test(RsaKey* keyPub)
- {
- int ret;
- word32 inSz;
- word32 inOutIdx;
- static const byte n[2] = { 0x00, 0x23 };
- static const byte e[2] = { 0x00, 0x03 };
- static const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
- 0x03 };
- static const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
- 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- static const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00,
- 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- static const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00,
- 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- static const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
- 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- static const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
- 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- static const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03,
- 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- static const byte badNoObj[] = {
- 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
- 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- static const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1,
- 0x03 };
- static const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1,
- 0x03 };
- static const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1,
- 0x03 };
- static const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00,
- 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6782;
- /* Parameter Validation testing. */
- ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = -6783;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = -6784;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -6785;
- goto done;
- }
- /* TODO: probably should fail when length is -1! */
- ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
- if (ret != 0) {
- ret = -6786;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6787;
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
- if (ret != 0) {
- ret = -6788;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6789;
- /* Use API. */
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
- if (ret != 0) {
- ret = -6790;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6791;
- /* Parameter Validation testing. */
- inSz = sizeof(good);
- ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -6792;
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -6793;
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -6794;
- goto done;
- }
- /* Use good data and offest to bad data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -6795;
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -6796;
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId);
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -6797;
- goto done;
- }
- /* Try different bad data. */
- inSz = sizeof(badAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = -6798;
- goto done;
- }
- inSz = sizeof(badNotBitString);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
- if (ret != ASN_BITSTR_E) {
- ret = -6799;
- goto done;
- }
- inSz = sizeof(badBitStringLen);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -6800;
- goto done;
- }
- inSz = sizeof(badNoSeq);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -6801;
- goto done;
- }
- inSz = sizeof(badNoObj);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -6802;
- goto done;
- }
- inSz = sizeof(badIntN);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E) {
- ret = -6803;
- goto done;
- }
- inSz = sizeof(badNotIntE);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E) {
- ret = -6804;
- goto done;
- }
- /* TODO: Shouldn't pass as the sequence length is too small. */
- inSz = sizeof(badLength);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -6805;
- goto done;
- }
- /* TODO: Shouldn't ignore object id's data. */
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6806;
- inSz = sizeof(badBitStrNoZero);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = -6807;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6808;
- /* Valid data cases. */
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -6809;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -6810;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6811;
- inSz = sizeof(goodAlgId);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -6812;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -6813;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -6814;
- inSz = sizeof(goodAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -6815;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -6816;
- goto done;
- }
- done:
- wc_FreeRsaKey(keyPub);
- return ret;
- }
- #endif
- #define RSA_TEST_BYTES 256
- #ifdef WC_RSA_PSS
- static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
- {
- byte digest[WC_MAX_DIGEST_SIZE];
- int ret = 0;
- const char* inStr = "Everyone gets Friday off.";
- word32 inLen = (word32)XSTRLEN((char*)inStr);
- word32 outSz;
- word32 plainSz;
- word32 digestSz;
- int i, j;
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- int k, l;
- #endif
- byte* plain;
- int mgf[] = {
- #ifndef NO_SHA
- WC_MGF1SHA1,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_MGF1SHA224,
- #endif
- WC_MGF1SHA256,
- #ifdef WOLFSSL_SHA384
- WC_MGF1SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_MGF1SHA512
- #endif
- };
- enum wc_HashType hash[] = {
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- WC_HASH_TYPE_SHA256,
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- };
- DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT);
- DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
- /* Test all combinations of hash and MGF. */
- for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
- /* Calculate hash of message. */
- ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
- if (ret != 0)
- ERROR_OUT(-6817, exit_rsa_pss);
- digestSz = wc_HashGetDigestSize(hash[j]);
- for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
- hash[j], mgf[i], -1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-6818, exit_rsa_pss);
- outSz = ret;
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
- mgf[i], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-6819, exit_rsa_pss);
- plainSz = ret;
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1, wc_RsaEncryptSize(key)*8);
- if (ret != 0)
- ERROR_OUT(-6820, exit_rsa_pss);
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
- for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
- if (i == k && j == l)
- continue;
- XMEMCPY(sig, out, outSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
- (byte**)&plain, hash[l], mgf[k], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret >= 0)
- ERROR_OUT(-6821, exit_rsa_pss);
- }
- }
- #endif
- }
- }
- /* Test that a salt length of zero works. */
- digestSz = wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], 0, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-6822, exit_rsa_pss);
- outSz = ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-6823, exit_rsa_pss);
- plainSz = ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-6824, exit_rsa_pss);
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-6825, exit_rsa_pss);
- plainSz = ret;
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- 0, 0);
- if (ret != 0)
- ERROR_OUT(-6826, exit_rsa_pss);
- /* Test bad salt lengths in various APIs. */
- digestSz = wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], -2, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-6827, exit_rsa_pss);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], digestSz + 1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-6828, exit_rsa_pss);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
- mgf[0], -2, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-6829, exit_rsa_pss);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- digestSz + 1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-6830, exit_rsa_pss);
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- -2, 0);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-6831, exit_rsa_pss);
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- digestSz + 1, 0);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-6832, exit_rsa_pss);
- ret = 0;
- exit_rsa_pss:
- FREE_VAR(in, HEAP_HINT);
- FREE_VAR(out, HEAP_HINT);
- return ret;
- }
- #endif
- #ifdef WC_RSA_NO_PADDING
- int rsa_no_pad_test(void)
- {
- WC_RNG rng;
- RsaKey key;
- byte* tmp = NULL;
- size_t bytes;
- int ret;
- word32 inLen = 0;
- word32 idx = 0;
- word32 outSz = RSA_TEST_BYTES;
- word32 plainSz = RSA_TEST_BYTES;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) \
- && !defined(NO_FILESYSTEM)
- FILE *file;
- #endif
- DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- return -6900;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif !defined(NO_FILESYSTEM)
- file = fopen(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-6901, exit_rsa_nopadding);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- #else
- /* No key to use. */
- ERROR_OUT(-6902, exit_rsa_nopadding);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-6903, exit_rsa_nopadding);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-6904, exit_rsa_nopadding);
- }
- /* after loading in key use tmp as the test buffer */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-6905, exit_rsa_nopadding);
- }
- inLen = wc_RsaEncryptSize(&key);
- XMEMSET(tmp, 7, inLen);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(tmp, inLen, out, &outSz, &key,
- RSA_PRIVATE_ENCRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(-6906, exit_rsa_nopadding);
- }
- /* encrypted result should not be the same as input */
- if (XMEMCMP(out, tmp, inLen) == 0) {
- ERROR_OUT(-6907, exit_rsa_nopadding);
- }
- /* decrypt with public key and compare result */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key,
- RSA_PUBLIC_DECRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(-6908, exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(-6909, exit_rsa_nopadding);
- }
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(NULL, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-6910, exit_rsa_nopadding);
- }
- ret = wc_RsaSetRNG(&key, &rng);
- if (ret < 0) {
- ERROR_OUT(-6911, exit_rsa_nopadding);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, &key, &rng,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-6912, exit_rsa_nopadding);
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, &key,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-6913, exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(-6914, exit_rsa_nopadding);
- }
- /* test some bad arguments */
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, -1,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-6915, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-6916, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, NULL, &plainSz, &key, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != LENGTH_ONLY_E || plainSz != inLen) {
- ERROR_OUT(-6917, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, &key,
- RSA_PUBLIC_DECRYPT, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-6918, exit_rsa_nopadding);
- }
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_nopadding:
- wc_FreeRsaKey(&key);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WC_RSA_NO_PADDING */
- #ifdef WOLFSSL_CERT_GEN
- static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
- {
- RsaKey caKey;
- byte* der = NULL;
- byte* pem = NULL;
- int ret;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- FILE* file3;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode;
- #endif
- #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
- struct tm beforeTime;
- struct tm afterTime;
- #endif
- const byte mySerial[8] = {1,2,3,4,5,6,7,8};
- (void)keypub;
- XMEMSET(&caKey, 0, sizeof(caKey));
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-6919, exit_rsa);
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ERROR_OUT(-6920, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(-6921, exit_rsa);
- }
- /* self signed */
- if (wc_InitCert(myCert)) {
- ERROR_OUT(-6922, exit_rsa);
- }
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
- myCert->serialSz = (int)sizeof(mySerial);
- myCert->isCA = 1;
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
- ERROR_OUT(-6923, exit_rsa);
- }
- /* add AKID from the Public Key */
- if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
- ERROR_OUT(-6924, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) {
- ERROR_OUT(-6925, exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- const char unique[] = "2.16.840.1.111111.100.1.10.1";
- if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
- HEAP_HINT) != 0) {
- ERROR_OUT(-6926, exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-6927, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(&decode, der, certSz, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(&decode);
- ERROR_OUT(-6928, exit_rsa);
- }
- FreeDecodedCert(&decode);
- #endif
- ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile,
- certPemFile, CERT_TYPE, -5578);
- if (ret != 0) {
- goto exit_rsa;
- }
- /* Setup Certificate */
- if (wc_InitCert(myCert)) {
- ERROR_OUT(-6929, exit_rsa);
- }
- #ifdef WOLFSSL_ALT_NAMES
- /* Get CA Cert for testing */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- bytes3 = sizeof_ca_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- bytes3 = sizeof_ca_cert_der_2048;
- #else
- file3 = fopen(rsaCaCertDerFile, "rb");
- if (!file3) {
- ERROR_OUT(-6930, exit_rsa);
- }
- bytes3 = fread(tmp, 1, FOURK_BUF, file3);
- fclose(file3);
- #endif /* USE_CERT_BUFFERS */
- #ifndef NO_FILESYSTEM
- ret = wc_SetAltNames(myCert, rsaCaCertFile);
- if (ret != 0) {
- ERROR_OUT(-6931, exit_rsa);
- }
- #endif
- /* get alt names from der */
- ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0) {
- ERROR_OUT(-6932, exit_rsa);
- }
- /* get dates from der */
- ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0) {
- ERROR_OUT(-6933, exit_rsa);
- }
- #ifndef NO_ASN_TIME
- ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
- if (ret < 0) {
- ERROR_OUT(-6934, exit_rsa);
- }
- #endif
- #endif /* WOLFSSL_ALT_NAMES */
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = fopen(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(-6935, exit_rsa);
- }
- bytes3 = fread(tmp, 1, FOURK_BUF, file3);
- fclose(file3);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(&caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-6936, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-6937, exit_rsa);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb =1;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) {
- ERROR_OUT(-6938, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-6939, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) {
- ERROR_OUT(-6940, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-6941, exit_rsa);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
- if (certSz < 0) {
- ERROR_OUT(-6942, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
- &caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-6943, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(&decode, der, certSz, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(&decode);
- ERROR_OUT(-6944, exit_rsa);
- }
- FreeDecodedCert(&decode);
- #endif
- ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile,
- otherCertPemFile, CERT_TYPE, -5598);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- wc_FreeRsaKey(&caKey);
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- myCert = NULL;
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- pem = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- return ret;
- }
- #endif
- #if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
- /* Make Cert / Sign example for ECC cert and RSA CA */
- static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
- {
- RsaKey caKey;
- ecc_key caEccKey;
- ecc_key caEccKeyPub;
- byte* der = NULL;
- byte* pem = NULL;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
- || !defined(USE_CERT_BUFFERS_256)
- FILE* file3;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode;
- #endif
- int ret;
- XMEMSET(&caKey, 0, sizeof(caKey));
- XMEMSET(&caEccKey, 0, sizeof(caEccKey));
- XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub));
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-6945, exit_rsa);
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ERROR_OUT(-6946, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(-6947, exit_rsa);
- }
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = fopen(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(-6948, exit_rsa);
- }
- bytes3 = fread(tmp, 1, FOURK_BUF, file3);
- fclose(file3);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(&caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-6949, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-6950, exit_rsa);
- }
- /* Get Cert Key */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
- bytes3 = sizeof_ecc_key_pub_der_256;
- #else
- file3 = fopen(eccKeyPubFile, "rb");
- if (!file3) {
- ERROR_OUT(-6951, exit_rsa);
- }
- bytes3 = fread(tmp, 1, FOURK_BUF, file3);
- fclose(file3);
- #endif
- ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-6952, exit_rsa);
- }
- idx3 = 0;
- ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-6953, exit_rsa);
- }
- /* Setup Certificate */
- if (wc_InitCert(myCert)) {
- ERROR_OUT(-6954, exit_rsa);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, &caEccKeyPub) != 0) {
- ERROR_OUT(-6955, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-6956, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
- ERROR_OUT(-6957, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-6958, exit_rsa);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, &caEccKeyPub, rng);
- if (certSz < 0) {
- ERROR_OUT(-6959, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, &caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-6960, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(&decode, der, certSz, 0);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(&decode);
- ERROR_OUT(-6961, exit_rsa);
- }
- FreeDecodedCert(&decode);
- #endif
- ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile,
- certEccRsaPemFile, CERT_TYPE, -5616);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- wc_FreeRsaKey(&caKey);
- wc_ecc_free(&caEccKey);
- wc_ecc_free(&caEccKeyPub);
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- myCert = NULL;
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- pem = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
- #ifdef WOLFSSL_KEY_GEN
- static int rsa_keygen_test(WC_RNG* rng)
- {
- RsaKey genKey;
- int ret;
- byte* der = NULL;
- byte* pem = NULL;
- word32 idx = 0;
- int derSz = 0;
- int keySz = 1024;
- XMEMSET(&genKey, 0, sizeof(genKey));
- #ifdef HAVE_FIPS
- keySz = 2048;
- #endif /* HAVE_FIPS */
- ret = wc_InitRsaKey(&genKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-6962, exit_rsa);
- }
- ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, rng);
- if (ret != 0) {
- ERROR_OUT(-6963, exit_rsa);
- }
- /* If not using old FIPS, or not using FAST or USER RSA... */
- #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
- ret = wc_CheckRsaKey(&genKey);
- if (ret != 0) {
- ERROR_OUT(-8228, exit_rsa);
- }
- #endif
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-6964, exit_rsa);
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ERROR_OUT(-6965, exit_rsa);
- }
- derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
- if (derSz < 0) {
- ERROR_OUT(-6966, exit_rsa);
- }
- ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile,
- PRIVATEKEY_TYPE, -5555);
- if (ret != 0) {
- goto exit_rsa;
- }
- wc_FreeRsaKey(&genKey);
- ret = wc_InitRsaKey(&genKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-6967, exit_rsa);
- }
- idx = 0;
- ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz);
- if (ret != 0) {
- ERROR_OUT(-6968, exit_rsa);
- }
- wc_FreeRsaKey(&genKey);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- pem = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- exit_rsa:
- wc_FreeRsaKey(&genKey);
- return ret;
- }
- #endif
- int rsa_test(void)
- {
- int ret;
- byte* tmp = NULL;
- byte* der = NULL;
- byte* pem = NULL;
- size_t bytes;
- WC_RNG rng;
- RsaKey key;
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- RsaKey keypub;
- #endif
- #if defined(HAVE_NTRU)
- RsaKey caKey;
- #endif
- word32 idx = 0;
- byte* res;
- const char* inStr = "Everyone gets Friday off.";
- word32 inLen = (word32)XSTRLEN((char*)inStr);
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) \
- && !defined(NO_FILESYSTEM)
- FILE *file, *file2;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert cert;
- #endif
- DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT);
- DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (in == NULL)
- return MEMORY_E;
- #endif
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- #ifdef WOLFSSL_CERT_EXT
- XMEMSET(&keypub, 0, sizeof(keypub));
- #endif
- #if defined(HAVE_NTRU)
- XMEMSET(&caKey, 0, sizeof(caKey));
- #endif
- #ifndef HAVE_USER_RSA
- ret = rsa_decode_test(&key);
- if (ret != 0)
- return ret;
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- return -7000;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif !defined(NO_FILESYSTEM)
- file = fopen(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7001, exit_rsa);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- #else
- /* No key to use. */
- ERROR_OUT(-7002, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7003, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7004, exit_rsa);
- }
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7005, exit_rsa);
- }
- #ifndef NO_SIG_WRAPPER
- ret = rsa_sig_test(&key, sizeof(RsaKey), wc_RsaEncryptSize(&key), &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, &key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7006, exit_rsa);
- }
- #ifdef WC_RSA_BLINDING
- {
- int tmpret = ret;
- ret = wc_RsaSetRNG(&key, &rng);
- if (ret < 0) {
- ERROR_OUT(-7007, exit_rsa);
- }
- ret = tmpret;
- }
- #endif
- idx = (word32)ret; /* save off encrypted length */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, &key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7008, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7009, exit_rsa);
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline(out, idx, &res, &key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7010, exit_rsa);
- }
- if (ret != (int)inLen) {
- ERROR_OUT(-7011, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(-7012, exit_rsa);
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7013, exit_rsa);
- }
- idx = (word32)ret;
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7014, exit_rsa);
- }
- if (XMEMCMP(plain, in, (size_t)ret)) {
- ERROR_OUT(-7015, exit_rsa);
- }
- #ifndef WC_NO_RSA_OAEP
- /* OAEP padding testing */
- #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
- #ifndef NO_SHA
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7016, exit_rsa);
- }
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7017, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7018, exit_rsa);
- }
- #endif /* NO_SHA */
- #ifndef NO_SHA256
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7019, exit_rsa);
- }
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7020, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7021, exit_rsa);
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7022, exit_rsa);
- }
- if (ret != (int)inLen) {
- ERROR_OUT(-7023, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(-7024, exit_rsa);
- }
- /* check fails if not using the same optional label */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7025, exit_rsa);
- }
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #ifndef HAVE_CAVIUM
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* in this case decrypt should fail */
- ERROR_OUT(-7026, exit_rsa);
- }
- ret = 0;
- #endif /* !HAVE_CAVIUM */
- /* check using optional label with encrypt/decrypt */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7027, exit_rsa);
- }
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7028, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7029, exit_rsa);
- }
- #ifndef NO_SHA
- /* check fail using mismatch hash algorithms */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7030, exit_rsa);
- }
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #ifndef HAVE_CAVIUM
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
- in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* should fail */
- ERROR_OUT(-7031, exit_rsa);
- }
- ret = 0;
- #endif /* !HAVE_CAVIUM */
- #endif /* NO_SHA*/
- #endif /* NO_SHA256 */
- #ifdef WOLFSSL_SHA512
- /* Check valid RSA key size is used while using hash length of SHA512
- If key size is less than (hash length * 2) + 2 then is invalid use
- and test, since OAEP padding requires this.
- BAD_FUNC_ARG is returned when this case is not met */
- if (wc_RsaEncryptSize(&key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7032, exit_rsa);
- }
- idx = ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7033, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7034, exit_rsa);
- }
- }
- #endif /* WOLFSSL_SHA512 */
- /* check using pkcsv15 padding with _ex API */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7035, exit_rsa);
- }
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7036, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7037, exit_rsa);
- }
- #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
- #endif /* WC_NO_RSA_OAEP */
- #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA)
- ret = rsa_export_key_test(&key);
- if (ret != 0)
- return ret;
- #endif
- ret = rsa_flatten_test(&key);
- if (ret != 0)
- return ret;
- #if defined(WOLFSSL_MDK_ARM)
- #define sizeof(s) XSTRLEN((char *)(s))
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif !defined(NO_FILESYSTEM)
- file2 = fopen(clientCert, "rb");
- if (!file2) {
- ERROR_OUT(-7038, exit_rsa);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file2);
- fclose(file2);
- #else
- /* No certificate to use. */
- ERROR_OUT(-7039, exit_rsa);
- #endif
- #ifdef sizeof
- #undef sizeof
- #endif
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(&cert);
- ERROR_OUT(-7040, exit_rsa);
- }
- FreeDecodedCert(&cert);
- #else
- (void)bytes;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- bytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- bytes = sizeof_client_keypub_der_2048;
- #else
- file = fopen(clientKeyPub, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-keyPub.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7041, exit_rsa);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(&keypub, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7042, exit_rsa);
- }
- idx = 0;
- ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7043, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_KEY_GEN
- ret = rsa_keygen_test(&rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef WOLFSSL_CERT_GEN
- /* Make Cert / Sign example for RSA cert and RSA CA */
- ret = rsa_certgen_test(&key, &keypub, &rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #if !defined(NO_RSA) && defined(HAVE_ECC)
- ret = rsa_ecc_certgen_test(&rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef HAVE_NTRU
- {
- Cert myCert;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- FILE* caFile;
- #endif
- FILE* ntruPrivFile;
- int certSz;
- word32 idx3 = 0;
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode;
- #endif
- byte public_key[557]; /* sized for EES401EP2 */
- word16 public_key_len; /* no. of octets in public key */
- byte private_key[607]; /* sized for EES401EP2 */
- word16 private_key_len; /* no. of octets in private key */
- DRBG_HANDLE drbg;
- static uint8_t const pers_str[] = {
- 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
- };
- word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
- sizeof(pers_str), GetEntropy, &drbg);
- if (rc != DRBG_OK) {
- ERROR_OUT(-7044, exit_rsa);
- }
- rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
- &public_key_len, NULL,
- &private_key_len, NULL);
- if (rc != NTRU_OK) {
- ERROR_OUT(-7045, exit_rsa);
- }
- rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
- &public_key_len, public_key,
- &private_key_len, private_key);
- if (rc != NTRU_OK) {
- ERROR_OUT(-7046, exit_rsa);
- }
- rc = ntru_crypto_drbg_uninstantiate(drbg);
- if (rc != NTRU_OK) {
- ERROR_OUT(-7047, exit_rsa);
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes = sizeof_ca_key_der_2048;
- #else
- caFile = fopen(rsaCaKeyFile, "rb");
- if (!caFile) {
- ERROR_OUT(-7048, exit_rsa);
- }
- bytes = fread(tmp, 1, FOURK_BUF, caFile);
- fclose(caFile);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(&caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7049, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7050, exit_rsa);
- }
- if (wc_InitCert(&myCert)) {
- ERROR_OUT(-7051, exit_rsa);
- }
- XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName));
- myCert.daysValid = 1000;
- #ifdef WOLFSSL_CERT_EXT
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key,
- public_key_len) != 0) {
- ERROR_OUT(-7052, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7053, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) {
- ERROR_OUT(-7054, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(&myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-7055, exit_rsa);
- }
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7056, exit_rsa);
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ERROR_OUT(-7057, exit_rsa);
- }
- certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key,
- public_key_len, &rng);
- if (certSz < 0) {
- ERROR_OUT(-7058, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF,
- &caKey, NULL, &rng);
- }
- } while (ret == WC_PENDING_E);
- wc_FreeRsaKey(&caKey);
- if (ret < 0) {
- ERROR_OUT(-7059, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(&decode, der, certSz, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(&decode);
- ERROR_OUT(-7060, exit_rsa);
- }
- FreeDecodedCert(&decode);
- #endif
- ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, "./ntru-cert.der",
- "./ntru-cert.pem", CERT_TYPE, -5637);
- if (ret != 0) {
- goto exit_rsa;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- ntruPrivFile = fopen("./ntru-key.raw", "wb");
- if (!ntruPrivFile) {
- ERROR_OUT(-7061, exit_rsa);
- }
- ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile);
- fclose(ntruPrivFile);
- if (ret != private_key_len) {
- ERROR_OUT(-7062, exit_rsa);
- }
- #endif
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- pem = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif /* HAVE_NTRU */
- #ifdef WOLFSSL_CERT_REQ
- {
- Cert req;
- int derSz;
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7063, exit_rsa);
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ERROR_OUT(-7064, exit_rsa);
- }
- if (wc_InitCert(&req)) {
- ERROR_OUT(-7065, exit_rsa);
- }
- req.version = 0;
- req.isCA = 1;
- XSTRNCPY(req.challengePw, "wolf123", CTC_NAME_SIZE);
- XMEMCPY(&req.subject, &certDefaultName, sizeof(CertName));
- #ifndef NO_SHA256
- req.sigType = CTC_SHA256wRSA;
- #else
- req.sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(&req, &keypub, NULL) != 0) {
- ERROR_OUT(-7066, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(&req, certKeyUsage2) != 0) {
- ERROR_OUT(-7067, exit_rsa);
- }
- /* add Extended Key Usage */
- if (wc_SetExtKeyUsage(&req, "serverAuth,clientAuth,codeSigning,"
- "emailProtection,timeStamping,OCSPSigning") != 0) {
- ERROR_OUT(-7068, exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- const char unique[] = "2.16.840.1.111111.100.1.10.1";
- if (wc_SetExtKeyUsageOID(&req, unique, sizeof(unique), 0,
- HEAP_HINT) != 0) {
- ERROR_OUT(-7069, exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL);
- if (derSz < 0) {
- ERROR_OUT(-7070, exit_rsa);
- }
- #ifdef WOLFSSL_CERT_EXT
- /* Try again with "any" flag set, will override all others */
- if (wc_SetExtKeyUsage(&req, "any") != 0) {
- ERROR_OUT(-7071, exit_rsa);
- }
- derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL);
- if (derSz < 0) {
- ERROR_OUT(-7072, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(req.bodySz, req.sigType, der, FOURK_BUF,
- &key, NULL, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7073, exit_rsa);
- }
- derSz = ret;
- ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, certReqDerFile,
- certReqPemFile, CERTREQ_TYPE, -5650);
- if (ret != 0) {
- goto exit_rsa;
- }
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- pem = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef WC_RSA_PSS
- ret = rsa_pss_test(&rng, &key);
- #endif
- exit_rsa:
- wc_FreeRsaKey(&key);
- #ifdef WOLFSSL_CERT_EXT
- wc_FreeRsaKey(&keypub);
- #endif
- #if defined(HAVE_NTRU)
- wc_FreeRsaKey(&caKey);
- #endif
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- FREE_VAR(in, HEAP_HINT);
- FREE_VAR(out, HEAP_HINT);
- FREE_VAR(plain, HEAP_HINT);
- /* ret can be greater then 0 with certgen but all negative values should
- * be returned and treated as an error */
- if (ret >= 0) {
- return 0;
- }
- else {
- return ret;
- }
- }
- #endif
- #ifndef NO_DH
- static int dh_fips_generate_test(WC_RNG *rng)
- {
- int ret = 0;
- DhKey key;
- static byte p[] = {
- 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
- 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
- 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
- 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
- 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
- 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
- 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
- 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
- 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
- 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
- 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
- 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
- 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
- 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
- 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
- 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
- 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
- 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
- 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
- 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
- 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
- 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
- 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
- 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
- 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
- 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
- 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
- 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
- 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
- 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
- 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
- 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
- };
- static byte g[] = {
- 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
- 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
- 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
- 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
- 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
- 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
- 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
- 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
- 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
- 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
- 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
- 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
- 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
- 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
- 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
- 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
- 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
- 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
- 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
- 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
- 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
- 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
- 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
- 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
- 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
- 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
- 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
- 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
- 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
- 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
- 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
- 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
- };
- static byte q[] = {
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- static byte q0[] = {
- 0x00,
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- byte priv[256];
- byte pub[256];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- /* Parameter Validation testing. */
- ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- return -7074;
- ret = wc_DhGenerateKeyPair(&key, NULL, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- return -7075;
- ret = wc_DhGenerateKeyPair(&key, rng, NULL, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- return -7076;
- ret = wc_DhGenerateKeyPair(&key, rng, priv, NULL, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- return -7077;
- ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, NULL, &pubSz);
- if (ret != BAD_FUNC_ARG)
- return -7078;
- ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, NULL);
- if (ret != BAD_FUNC_ARG)
- return -7079;
- ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return -7080;
- ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
- if (ret != 0) {
- ERROR_OUT(-7081, exit_gen_test);
- }
- wc_FreeDhKey(&key);
- ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return -7082;
- ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
- if (ret != 0) {
- ERROR_OUT(-7083, exit_gen_test);
- }
- /* Use API. */
- ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7084, exit_gen_test);
- }
- ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q0, sizeof(q0));
- if (ret != 0) {
- ERROR_OUT(-7085, exit_gen_test);
- }
- wc_FreeDhKey(&key);
- ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return -7086;
- ret = wc_DhSetKey(&key, p, sizeof(p), g, sizeof(g));
- if (ret != 0) {
- ERROR_OUT(-7087, exit_gen_test);
- }
- ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q, sizeof(q));
- if (ret != 0) {
- ERROR_OUT(-7088, exit_gen_test);
- }
- #ifndef HAVE_SELFTEST
- ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz);
- if (ret != 0) {
- ERROR_OUT(-8229, exit_gen_test);
- }
- /* Taint the public key so the check fails. */
- pub[0]++;
- ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz);
- if (ret != MP_CMP_E) {
- ERROR_OUT(-8230, exit_gen_test);
- }
- #endif /* HAVE_SELFTEST */
- #ifdef WOLFSSL_KEY_GEN
- wc_FreeDhKey(&key);
- ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return -8231;
- ret = wc_DhGenerateParams(rng, 2048, &key);
- if (ret != 0) {
- ERROR_OUT(-8226, exit_gen_test);
- }
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8227, exit_gen_test);
- }
- #endif /* WOLFSSL_KEY_GEN */
- ret = 0;
- exit_gen_test:
- wc_FreeDhKey(&key);
- return ret;
- }
- static int dh_generate_test(WC_RNG *rng)
- {
- int ret = 0;
- DhKey smallKey;
- byte p[2] = { 0, 5 };
- byte g[2] = { 0, 2 };
- #ifndef WOLFSSL_SP_MATH
- #ifdef WOLFSSL_DH_CONST
- /* the table for constant DH lookup will round to the lowest byte size 21 */
- byte priv[21];
- byte pub[21];
- #else
- byte priv[2];
- byte pub[2];
- #endif
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #endif
- ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId);
- if (ret != 0)
- return -7089;
- /* Parameter Validation testing. */
- ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- return -7090;
- wc_FreeDhKey(NULL);
- ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7091, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7092, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7093, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7094, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7095, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g));
- if (ret != 0) {
- ERROR_OUT(-7096, exit_gen_test);
- }
- #ifndef WOLFSSL_SP_MATH
- /* Use API. */
- ret = wc_DhGenerateKeyPair(&smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = -7097;
- }
- #else
- (void)rng;
- ret = 0;
- #endif
- exit_gen_test:
- wc_FreeDhKey(&smallKey);
- return ret;
- }
- int dh_test(void)
- {
- int ret;
- word32 bytes;
- word32 idx = 0, privSz, pubSz, privSz2, pubSz2, agreeSz, agreeSz2;
- byte tmp[1024];
- byte priv[256];
- byte pub[256];
- byte priv2[256];
- byte pub2[256];
- byte agree[256];
- byte agree2[256];
- DhKey key;
- DhKey key2;
- WC_RNG rng;
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
- bytes = (size_t)sizeof_dh_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
- bytes = (size_t)sizeof_dh_key_der_2048;
- #elif defined(NO_ASN)
- /* don't use file, no DER parsing */
- #elif !defined(NO_FILESYSTEM)
- FILE* file = fopen(dhKey, "rb");
- if (!file)
- return -7100;
- bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
- fclose(file);
- #else
- /* No DH key to use. */
- return -7101;
- #endif /* USE_CERT_BUFFERS */
- (void)idx;
- (void)tmp;
- (void)bytes;
- /* Use API for coverage. */
- ret = wc_InitDhKey(&key);
- if (ret != 0) {
- ERROR_OUT(-7102, done);
- }
- wc_FreeDhKey(&key);
- ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7103, done);
- }
- ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7104, done);
- }
- #ifdef NO_ASN
- ret = wc_DhSetKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-7105, done);
- }
- ret = wc_DhSetKey(&key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-7106, done);
- }
- #else
- ret = wc_DhKeyDecode(tmp, &idx, &key, bytes);
- if (ret != 0) {
- ERROR_OUT(-7107, done);
- }
- idx = 0;
- ret = wc_DhKeyDecode(tmp, &idx, &key2, bytes);
- if (ret != 0) {
- ERROR_OUT(-7108, done);
- }
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7109, done);
- }
- ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7110, done);
- }
- ret = wc_DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7111, done);
- }
- ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7112, done);
- }
- ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7113, done);
- }
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(-7114, done);
- }
- ret = dh_generate_test(&rng);
- if (ret == 0)
- ret = dh_fips_generate_test(&rng);
- done:
- wc_FreeDhKey(&key);
- wc_FreeDhKey(&key2);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* NO_DH */
- #ifndef NO_DSA
- int dsa_test(void)
- {
- int ret, answer;
- word32 bytes;
- word32 idx = 0;
- byte tmp[1024];
- DsaKey key;
- WC_RNG rng;
- wc_Sha sha;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte signature[40];
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- FILE* file = fopen(dsaKey, "rb");
- if (!file)
- return -7200;
- bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
- fclose(file);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -7201;
- wc_ShaUpdate(&sha, tmp, bytes);
- wc_ShaFinal(&sha, hash);
- wc_ShaFree(&sha);
- ret = wc_InitDsaKey(&key);
- if (ret != 0) return -7202;
- ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
- if (ret != 0) return -7203;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) return -7204;
- ret = wc_DsaSign(hash, signature, &key, &rng);
- if (ret != 0) return -7205;
- ret = wc_DsaVerify(hash, signature, &key, &answer);
- if (ret != 0) return -7206;
- if (answer != 1) return -7207;
- wc_FreeDsaKey(&key);
- #ifdef WOLFSSL_KEY_GEN
- {
- byte* der;
- byte* pem;
- int derSz = 0;
- DsaKey derIn;
- DsaKey genKey;
- ret = wc_InitDsaKey(&genKey);
- if (ret != 0) return -7208;
- ret = wc_MakeDsaParameters(&rng, 1024, &genKey);
- if (ret != 0) {
- wc_FreeDsaKey(&genKey);
- return -7209;
- }
- ret = wc_MakeDsaKey(&rng, &genKey);
- if (ret != 0) {
- wc_FreeDsaKey(&genKey);
- return -7210;
- }
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- wc_FreeDsaKey(&genKey);
- return -7211;
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(&genKey);
- return -7212;
- }
- derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF);
- if (derSz < 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -7213;
- }
- ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile,
- keyPemFile, DSA_PRIVATEKEY_TYPE, -5814);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(&genKey);
- return ret;
- }
- ret = wc_InitDsaKey(&derIn);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(&genKey);
- return -7214;
- }
- idx = 0;
- ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(&derIn);
- wc_FreeDsaKey(&genKey);
- return -7215;
- }
- wc_FreeDsaKey(&derIn);
- wc_FreeDsaKey(&genKey);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* WOLFSSL_KEY_GEN */
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* NO_DSA */
- #ifdef WOLFCRYPT_HAVE_SRP
- static int generate_random_salt(byte *buf, word32 size)
- {
- int ret = -7216;
- WC_RNG rng;
- if(NULL == buf || !size)
- return -7217;
- if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
- ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
- wc_FreeRng(&rng);
- }
- return ret;
- }
- int srp_test(void)
- {
- Srp cli, srv;
- int r;
- byte clientPubKey[80]; /* A */
- byte serverPubKey[80]; /* B */
- word32 clientPubKeySz = 80;
- word32 serverPubKeySz = 80;
- byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
- byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
- word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
- word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
- byte username[] = "user";
- word32 usernameSz = 4;
- byte password[] = "password";
- word32 passwordSz = 8;
- byte N[] = {
- 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F,
- 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4,
- 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7,
- 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22,
- 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37,
- 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15,
- 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83
- };
- byte g[] = {
- 0x02
- };
- byte salt[10];
- byte verifier[80];
- word32 v_size = sizeof(verifier);
- /* set as 0's so if second init on srv not called SrpTerm is not on
- * garbage values */
- XMEMSET(&srv, 0, sizeof(Srp));
- XMEMSET(&cli, 0, sizeof(Srp));
- /* generating random salt */
- r = generate_random_salt(salt, sizeof(salt));
- /* client knows username and password. */
- /* server knows N, g, salt and verifier. */
- if (!r) r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
- if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz);
- /* loading N, g and salt in advance to generate the verifier. */
- if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
- if (!r) r = wc_SrpGetVerifier(&cli, verifier, &v_size);
- /* client sends username to server */
- if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
- if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz);
- if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetVerifier(&srv, verifier, v_size);
- if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz);
- /* server sends N, g, salt and B to client */
- if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz);
- if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz);
- /* client sends A and M1 to server */
- if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz);
- if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz);
- /* server sends M2 to client */
- if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz);
- wc_SrpTerm(&cli);
- wc_SrpTerm(&srv);
- return r;
- }
- #endif /* WOLFCRYPT_HAVE_SRP */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- static int openssl_aes_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- {
- /* EVP_CipherUpdate test */
- const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- EVP_CIPHER_CTX en;
- EVP_CIPHER_CTX de;
- int outlen ;
- int total = 0;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -7300;
- if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return -7301;
- if (outlen != 0)
- return -7302;
- total += outlen;
- if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return -7303;
- if (outlen != 16)
- return -7304;
- total += outlen;
- if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0)
- return -7305;
- if (outlen != 16)
- return -7306;
- total += outlen;
- if (total != 32)
- return 3408;
- total = 0;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -7307;
- if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -7308;
- if (outlen != 0)
- return -7309;
- total += outlen;
- if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return -7310;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return -7311;
- if (outlen != 16)
- return -7312;
- total += outlen;
- if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0)
- return -7313;
- if (outlen != 2)
- return -7314;
- total += outlen;
- if (total != 18)
- return 3427;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -7315;
- }
- { /* evp_cipher test: EVP_aes_128_cbc */
- EVP_CIPHER_CTX ctx;
- const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
- return -7316;
- if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0)
- return -7317;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -7318;
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
- return -7319;
- if (EVP_Cipher(&ctx, plain, cipher, 16) == 0)
- return -7320;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -7321;
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- EVP_CIPHER_CTX ctx;
- const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
- return -7322;
- if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0)
- return -7323;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -7324;
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
- return -7325;
- if (EVP_Cipher(&ctx, plain, cipher, 16) == 0)
- return -7326;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -7327;
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- AES_KEY enc;
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec;
- #endif
- const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- AES_set_encrypt_key(key, sizeof(key)*8, &enc);
- AES_set_decrypt_key(key, sizeof(key)*8, &dec);
- AES_encrypt(msg, cipher, &enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, &dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -7328;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -7329;
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- #ifdef WOLFSSL_AES_192
- const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- EVP_CIPHER_CTX en;
- EVP_CIPHER_CTX de;
- #ifdef WOLFSSL_AES_128
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7330;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) == 0)
- return -7331;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7332;
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) == 0)
- return -7333;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -7334;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -7335;
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_en == NULL)
- return -7336;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_de == NULL)
- return -7337;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7338;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) == 0)
- return -7339;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7340;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) == 0)
- return -7341;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -7342;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -7343;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7344;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0)
- return -7345;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7346;
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0)
- return -7347;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -7348;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return -7349;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0)
- return -7350;
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0)
- return -7351;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -7352;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return -7353;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -7354;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) == 0)
- return -7355;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -7356;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) == 0)
- return -7357;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return -7358;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return -7359;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -7360;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) == 0)
- return -7361;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -7362;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) == 0)
- return -7363;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return -7364;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return -7365;
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* HAVE_AES_COUNTER */
- #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
- {
- AES_KEY enc;
- AES_KEY dec;
- const byte setIv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- const byte key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
- };
- const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
- };
- byte cipher[AES_BLOCK_SIZE * 2];
- byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
- int num = 0;
- XMEMCPY(iv, setIv, sizeof(setIv));
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &enc);
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &dec);
- wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, &enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
- return -7366;
- if (num != 15) /* should have used 15 of the 16 bytes */
- return -7367;
- wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
- cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, &enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- return -7368;
- if (num != 0)
- return -7369;
- }
- #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
- return 0;
- }
- #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
- int openssl_test(void)
- {
- EVP_MD_CTX md_ctx;
- testVector a, b, c, d, e, f;
- byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
- (void)a;
- (void)b;
- (void)c;
- (void)e;
- (void)f;
- /* test malloc / free , 10 is an arbitrary amount of memory chosen */
- {
- byte* p;
- p = (byte*)CRYPTO_malloc(10, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (p == NULL) {
- return -7400;
- }
- XMEMSET(p, 0, 10);
- CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifndef NO_MD5
- a.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit(&md_ctx, EVP_md5());
- EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
- EVP_DigestFinal(&md_ctx, hash, 0);
- if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
- return -7401;
- #endif /* NO_MD5 */
- #ifndef NO_SHA
- b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit(&md_ctx, EVP_sha1());
- EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
- EVP_DigestFinal(&md_ctx, hash, 0);
- if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0)
- return -7402;
- #endif /* NO_SHA */
- #ifdef WOLFSSL_SHA224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
- "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA224_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit(&md_ctx, EVP_sha224());
- EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- EVP_DigestFinal(&md_ctx, hash, 0);
- if (XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0)
- return -7403;
- #endif /* WOLFSSL_SHA224 */
- d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA256_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit(&md_ctx, EVP_sha256());
- EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
- EVP_DigestFinal(&md_ctx, hash, 0);
- if (XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0)
- return -7404;
- #ifdef WOLFSSL_SHA384
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA384_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit(&md_ctx, EVP_sha384());
- EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- EVP_DigestFinal(&md_ctx, hash, 0);
- if (XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0)
- return -7405;
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit(&md_ctx, EVP_sha512());
- EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
- EVP_DigestFinal(&md_ctx, hash, 0);
- if (XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0)
- return -7406;
- #endif /* WOLFSSL_SHA512 */
- #ifndef NO_MD5
- if (RAND_bytes(hash, sizeof(hash)) != 1)
- return -7407;
- c.input = "what do ya want for nothing?";
- c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
- "\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- HMAC(EVP_md5(),
- "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0);
- if (XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0)
- return -7408;
- #endif /* NO_MD5 */
- #ifndef NO_DES3
- { /* des test */
- const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- const_DES_cblock key =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- DES_cblock iv =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- DES_key_schedule sched;
- const byte verify[] =
- {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- DES_key_sched(&key, &sched);
- DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
- DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
- return -7409;
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return -7410;
- /* test changing iv */
- DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
- DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return -7411;
- } /* end des test */
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- if (openssl_aes_test() != 0)
- return -7412;
- #ifdef WOLFSSL_AES_128
- { /* evp_cipher test: EVP_aes_128_cbc */
- EVP_CIPHER_CTX ctx;
- int idx, cipherSz, plainSz;
- const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
- 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
- };
- const byte verify2[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
- 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
- return -7413;
- if (EVP_CipherUpdate(&ctx, cipher, &idx, (byte*)msg, sizeof(msg)) == 0)
- return -7414;
- cipherSz = idx;
- if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0)
- return -7415;
- cipherSz += idx;
- if ((cipherSz != (int)sizeof(verify)) &&
- XMEMCMP(cipher, verify, cipherSz))
- return -7416;
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
- return -7417;
- if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, cipherSz) == 0)
- return -7418;
- plainSz = idx;
- if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) == 0)
- return -7419;
- plainSz += idx;
- if ((plainSz != sizeof(msg)) || XMEMCMP(plain, msg, sizeof(msg)))
- return -7420;
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
- return -7421;
- if (EVP_CipherUpdate(&ctx, cipher, &idx, msg, AES_BLOCK_SIZE) == 0)
- return -7422;
- cipherSz = idx;
- if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0)
- return -7423;
- cipherSz += idx;
- if ((cipherSz != (int)sizeof(verify2)) ||
- XMEMCMP(cipher, verify2, cipherSz))
- return -7424;
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- EVP_CIPHER_CTX ctx;
- const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key,
- NULL, 1) == 0)
- return -7425;
- if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0)
- return -7426;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -7427;
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key,
- NULL, 0) == 0)
- return -7428;
- if (EVP_Cipher(&ctx, plain, cipher, 16) == 0)
- return -7429;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -7430;
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
- #define OPENSSL_TEST_ERROR (-10000)
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- AES_KEY enc;
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec;
- #endif
- const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- printf("openSSL extra test\n") ;
- AES_set_encrypt_key(key, sizeof(key)*8, &enc);
- AES_set_decrypt_key(key, sizeof(key)*8, &dec);
- AES_encrypt(msg, cipher, &enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, &dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return OPENSSL_TEST_ERROR-60;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return OPENSSL_TEST_ERROR-61;
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- EVP_CIPHER_CTX en;
- EVP_CIPHER_CTX de;
- #ifdef WOLFSSL_AES_128
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7431;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) == 0)
- return -7432;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7433;
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) == 0)
- return -7434;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -7435;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -7436;
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if(p_en == NULL)return -7437;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if(p_de == NULL)return -7438;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7439;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) == 0)
- return -7440;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7441;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) == 0)
- return -7442;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -7443;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -7444;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7445;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0)
- return -7446;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -7447;
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0)
- return -7448;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -7449;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return -7450;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0)
- return -7451;
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0)
- return -7452;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -7453;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return -7454;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -7455;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) == 0)
- return -7456;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -7457;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) == 0)
- return -7458;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return -7459;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return -7460;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -7461;
- if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) == 0)
- return -7462;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -7463;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) == 0)
- return -7464;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return -7465;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return -7466;
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* HAVE_AES_COUNTER */
- #ifdef WOLFSSL_AES_128
- {
- /* EVP_CipherUpdate test */
- const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- EVP_CIPHER_CTX en;
- EVP_CIPHER_CTX de;
- int outlen ;
- int total = 0;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -7467;
- /* openSSL compatibility, if(inlen == 0)return 1; */
- if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 0) != 1)
- return -7468;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_CipherInit(&en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -7469;
- if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return -7470;
- if(outlen != 0)
- return -7471;
- total += outlen;
- if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return -7472;
- if(outlen != 16)
- return -7473;
- total += outlen;
- if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0)
- return -7474;
- if(outlen != 16)
- return -7475;
- total += outlen;
- if(total != 32)
- return -7476;
- total = 0;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_CipherInit(&de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -7477;
- if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -7478;
- if(outlen != 0)
- return -7479;
- total += outlen;
- if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return -7480;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return -7481;
- if(outlen != 16)
- return -7482;
- total += outlen;
- if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0)
- return -7483;
- if(outlen != 2)
- return -7484;
- total += outlen;
- if(total != 18)
- return -7485;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -7486;
- total = 0;
- EVP_CIPHER_CTX_init(&en);
- if (EVP_EncryptInit(&en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -7487;
- if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
- return -7488;
- if(outlen != 0)
- return -7489;
- total += outlen;
- if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
- return -7490;
- if(outlen != 16)
- return -7491;
- total += outlen;
- if (EVP_EncryptFinal(&en, (byte*)&cipher[total], &outlen) == 0)
- return -7492;
- if(outlen != 16)
- return -7493;
- total += outlen;
- if(total != 32)
- return 3438;
- total = 0;
- EVP_CIPHER_CTX_init(&de);
- if (EVP_DecryptInit(&de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -7494;
- if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -7495;
- if(outlen != 0)
- return -7496;
- total += outlen;
- if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
- return -7497;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
- return -7498;
- if(outlen != 16)
- return -7499;
- total += outlen;
- if (EVP_DecryptFinal(&de, (byte*)&plain[total], &outlen) == 0)
- return -7500;
- if(outlen != 2)
- return -7501;
- total += outlen;
- if(total != 18)
- return 3447;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -7502;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* ifndef NO_AES */
- return 0;
- }
- int openSSL_evpMD_test(void)
- {
- int ret = 0;
- #if !defined(NO_SHA256) && !defined(NO_SHA)
- WOLFSSL_EVP_MD_CTX* ctx;
- WOLFSSL_EVP_MD_CTX* ctx2;
- ctx = EVP_MD_CTX_create();
- ctx2 = EVP_MD_CTX_create();
- ret = EVP_DigestInit(ctx, EVP_sha256());
- if (ret != SSL_SUCCESS) {
- ret = -7600;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = -7601;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = -7602;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_DigestInit(ctx, EVP_sha1());
- if (ret != SSL_SUCCESS) {
- ret = -7603;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = -7604;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = -7605;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
- ret = -7606;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
- ret = -7607;
- goto openSSL_evpMD_test_done;
- }
- ret = 0; /* got to success state without jumping to end with a fail */
- openSSL_evpMD_test_done:
- EVP_MD_CTX_destroy(ctx);
- EVP_MD_CTX_destroy(ctx2);
- #endif /* NO_SHA256 */
- return ret;
- }
- #ifdef DEBUG_SIGN
- static void show(const char *title, const char *p, unsigned int s) {
- char* i;
- printf("%s: ", title);
- for (i = p;
- i < p + s;
- printf("%c", *i), i++);
- printf("\n");
- }
- #else
- #define show(a,b,c)
- #endif
- #define FOURK_BUFF 4096
- #define ERR_BASE_PKEY -5000
- int openssl_pkey0_test(void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa = NULL;
- RSA *pubRsa = NULL;
- EVP_PKEY *prvPkey = NULL;
- EVP_PKEY *pubPkey = NULL;
- EVP_PKEY_CTX *enc = NULL;
- EVP_PKEY_CTX *dec = NULL;
- byte in[] = "Everyone gets Friday off.";
- byte out[256];
- size_t outlen;
- size_t keySz;
- byte plain[256];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- FILE *keyFile, *keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return ERR_BASE_PKEY-1;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return ERR_BASE_PKEY-2;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = fopen(cliKey, "rb");
- if (!keyFile) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", ERR_BASE_PKEY-3);
- return ERR_BASE_PKEY-3;
- }
- prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- fclose(keyFile);
- keypubFile = fopen(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", -4);
- return ERR_BASE_PKEY-4;
- }
- pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- fclose(keypubFile);
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- printf("error with RSA_new\n");
- ret = ERR_BASE_PKEY-10;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = ERR_BASE_PKEY-11;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = ERR_BASE_PKEY-12;
- goto openssl_pkey0_test_done;
- }
- keySz = (size_t)RSA_size(pubRsa);
- prvPkey = wolfSSL_PKEY_new();
- pubPkey = wolfSSL_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- printf("error with PKEY_new\n");
- ret = ERR_BASE_PKEY-13;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if(ret != 2){
- printf("error with PKEY_set1_RSA\n");
- ret = ERR_BASE_PKEY-14;
- goto openssl_pkey0_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvPkey, NULL);
- enc = EVP_PKEY_CTX_new(pubPkey, NULL);
- if((dec == NULL)||(enc==NULL)){
- printf("error with EVP_PKEY_CTX_new\n");
- ret = ERR_BASE_PKEY-15;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = ERR_BASE_PKEY-16;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = ERR_BASE_PKEY-17;
- goto openssl_pkey0_test_done;
- }
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = ERR_BASE_PKEY-18;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = ERR_BASE_PKEY-19;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- /* RSA_PKCS1_OAEP_PADDING test */
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = ERR_BASE_PKEY-30;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = ERR_BASE_PKEY-31;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- printf("first set rsa padding error\n");
- ret = ERR_BASE_PKEY-32;
- goto openssl_pkey0_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- printf("second set rsa padding error\n");
- ret = ERR_BASE_PKEY-33;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- printf("third set rsa padding error\n");
- ret = ERR_BASE_PKEY-34;
- goto openssl_pkey0_test_done;
- }
- #endif
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = ERR_BASE_PKEY-35;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = ERR_BASE_PKEY-36;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- ret = 0; /* made it to this point without error then set success */
- openssl_pkey0_test_done:
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- EVP_PKEY_CTX_free(dec);
- EVP_PKEY_CTX_free(enc);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* NO_RSA */
- return ret;
- }
- int openssl_pkey1_test(void)
- {
- int ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
- !defined(NO_SHA) && !defined(USE_CERT_BUFFERS_1024)
- EVP_PKEY_CTX* dec = NULL;
- EVP_PKEY_CTX* enc = NULL;
- EVP_PKEY* pubKey = NULL;
- EVP_PKEY* prvKey = NULL;
- X509* x509 = NULL;
- const unsigned char msg[] = "sugar slapped";
- const unsigned char* clikey;
- unsigned char tmp[FOURK_BUF];
- long cliKeySz;
- unsigned char cipher[256];
- unsigned char plain[256];
- size_t outlen = sizeof(cipher);
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
- cliKeySz = (long)sizeof_client_key_der_2048;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
- sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
- #else
- FILE* f;
- f = fopen(clientKey, "rb");
- if (!f) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -41);
- return -7700;
- }
- cliKeySz = (long)fread(tmp, 1, FOURK_BUF, f);
- fclose(f);
- /* using existing wolfSSL api to get public and private key */
- x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
- #endif /* USE_CERT_BUFFERS */
- clikey = tmp;
- if ((prvKey = EVP_PKEY_new()) == NULL) {
- return -7701;
- }
- EVP_PKEY_free(prvKey);
- prvKey = NULL;
- if (x509 == NULL) {
- ret = -7702;
- goto openssl_pkey1_test_done;
- }
- pubKey = X509_get_pubkey(x509);
- if (pubKey == NULL) {
- ret = -7703;
- goto openssl_pkey1_test_done;
- }
- prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
- if (prvKey == NULL) {
- ret = -7704;
- goto openssl_pkey1_test_done;
- }
- /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
- if (EVP_PKEY_bits(prvKey) != 2048) {
- ret = -7705;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_size(prvKey) != 256) {
- ret = -7706;
- goto openssl_pkey1_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvKey, NULL);
- enc = EVP_PKEY_CTX_new(pubKey, NULL);
- if (dec == NULL || enc == NULL) {
- ret = -7707;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_decrypt_init(dec) != 1) {
- ret = -7708;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_encrypt_init(enc) != 1) {
- ret = -7709;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- ret = -7710;
- goto openssl_pkey1_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- ret = -7711;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- ret = -7712;
- goto openssl_pkey1_test_done;
- }
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
- ret = -7713;
- goto openssl_pkey1_test_done;
- }
- XMEMSET(plain, 0, sizeof(plain));
- if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, sizeof(cipher)) != 1) {
- ret = -7714;
- goto openssl_pkey1_test_done;
- }
- openssl_pkey1_test_done:
- if (pubKey != NULL) {
- EVP_PKEY_free(pubKey);
- }
- if (prvKey != NULL) {
- EVP_PKEY_free(prvKey);
- }
- if (dec != NULL) {
- EVP_PKEY_CTX_free(dec);
- }
- if (enc != NULL) {
- EVP_PKEY_CTX_free(enc);
- }
- if (x509 != NULL) {
- X509_free(x509);
- }
- #endif
- return ret;
- }
- #define ERR_BASE_EVPSIG -5100
- int openssl_evpSig_test(void)
- {
- #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa;
- RSA *pubRsa;
- EVP_PKEY *prvPkey;
- EVP_PKEY *pubPkey;
- EVP_MD_CTX* sign;
- EVP_MD_CTX* verf;
- char msg[] = "see spot run";
- unsigned char sig[256];
- unsigned int sigSz;
- const void* pt;
- unsigned int count;
- int ret, ret1, ret2;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- FILE *keyFile, *keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return ERR_BASE_EVPSIG-1;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ERR_BASE_EVPSIG-2;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = fopen(cliKey, "rb");
- if (!keyFile) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- return ERR_BASE_EVPSIG-3;
- }
- prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- fclose(keyFile);
- keypubFile = fopen(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", -41);
- return ERR_BASE_EVPSIG-4;
- }
- pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- fclose(keypubFile);
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("ERROR with RSA_new", -41);
- return ERR_BASE_EVPSIG-5;
- }
- ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- printf("error with RSA_LoadDer_ex\n");
- return ERR_BASE_EVPSIG-6;
- }
- prvPkey = wolfSSL_PKEY_new();
- pubPkey = wolfSSL_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with KEY_new\n");
- return ERR_BASE_EVPSIG-7;
- }
- ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if((ret1 != 1) || (ret2 != 1)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with EVP_PKEY_set1_RSA\n");
- return ERR_BASE_EVPSIG-8;
- }
- /****************** sign and verify *******************/
- sign = EVP_MD_CTX_create();
- verf = EVP_MD_CTX_create();
- if((sign == NULL)||(verf == NULL)){
- printf("error with EVP_MD_CTX_create\n");
- return ERR_BASE_EVPSIG-10;
- }
- ret = EVP_SignInit(sign, EVP_sha1());
- if(ret != SSL_SUCCESS){
- printf("error with EVP_SignInit\n");
- return ERR_BASE_EVPSIG-11;
- }
- count = sizeof(msg);
- show("message = ", (char *)msg, count);
- /* sign */
- XMEMSET(sig, 0, sizeof(sig));
- pt = (const void*)msg;
- ret1 = EVP_SignUpdate(sign, pt, count);
- ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- printf("error with EVP_MD_CTX_create\n");
- return ERR_BASE_EVPSIG-12;
- }
- show("signature = ", (char *)sig, sigSz);
- /* verify */
- pt = (const void*)msg;
- ret1 = EVP_VerifyInit(verf, EVP_sha1());
- ret2 = EVP_VerifyUpdate(verf, pt, count);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- printf("error with EVP_Verify\n");
- return ERR_BASE_EVPSIG-13;
- }
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with EVP_VerifyFinal\n");
- return ERR_BASE_EVPSIG-14;
- }
- /* expect fail without update */
- EVP_VerifyInit(verf, EVP_sha1());
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("EVP_VerifyInit without update not detected\n");
- return ERR_BASE_EVPSIG-15;
- }
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- #endif /* NO_RSA */
- return 0;
- }
- #endif /* OPENSSL_EXTRA */
- #ifndef NO_PWDBASED
- #ifdef HAVE_SCRYPT
- /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
- int scrypt_test(void)
- {
- int ret;
- byte derived[64];
- const byte verify1[] = {
- 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
- 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
- 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
- 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
- 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
- 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
- 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
- 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
- };
- const byte verify2[] = {
- 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
- 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
- 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
- 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
- 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
- 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
- 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
- 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
- };
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA)
- const byte verify3[] = {
- 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
- 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
- 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
- 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
- 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
- 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
- 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
- 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
- };
- #endif
- #ifdef SCRYPT_TEST_ALL
- /* Test case is very slow.
- * Use for confirmation after code change or new platform.
- */
- const byte verify4[] = {
- 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
- 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
- 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
- 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
- 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
- 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
- 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
- 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
- };
- #endif
- ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
- if (ret != 0)
- return -7800;
- if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
- return -7801;
- ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
- sizeof(verify2));
- if (ret != 0)
- return -7802;
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return -7803;
- /* Don't run these test on embedded, since they use large mallocs */
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA)
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
- if (ret != 0)
- return -7804;
- if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
- return -7805;
- #ifdef SCRYPT_TEST_ALL
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
- if (ret != 0)
- return -7806;
- if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
- return -7807;
- #endif
- #endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */
- return 0;
- }
- #endif
- int pkcs12_test(void)
- {
- const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
- 0x00, 0x00 };
- const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
- const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
- 0x00, 0x67, 0x00, 0x00 };
- const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
- byte derived[64];
- const byte verify[] = {
- 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
- 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
- 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
- };
- const byte verify2[] = {
- 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
- 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
- 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
- };
- int id = 1;
- int kLen = 24;
- int iterations = 1;
- int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return -7900;
- if ( (ret = XMEMCMP(derived, verify, kLen)) != 0)
- return -7901;
- iterations = 1000;
- ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return -7902;
- ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id, HEAP_HINT);
- if (ret < 0)
- return -7903;
- if ( (ret = XMEMCMP(derived, verify2, 24)) != 0)
- return -7904;
- return 0;
- }
- int pbkdf2_test(void)
- {
- char passwd[] = "passwordpassword";
- const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 2048;
- int kLen = 24;
- byte derived[64];
- const byte verify[] = {
- 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
- 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
- };
- int ret = wc_PBKDF2(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt, 8,
- iterations, kLen, WC_SHA256);
- if (ret != 0)
- return ret;
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return -8000;
- return 0;
- }
- #ifndef NO_SHA
- int pbkdf1_test(void)
- {
- char passwd[] = "password";
- const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 1000;
- int kLen = 16;
- byte derived[16];
- const byte verify[] = {
- 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, 0xAF, 0x10, 0xEB, 0xFB,
- 0x4A, 0x3D, 0x2A, 0x20
- };
- wc_PBKDF1(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt, 8, iterations,
- kLen, WC_SHA);
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return -8100;
- return 0;
- }
- #endif
- int pwdbased_test(void)
- {
- int ret = 0;
- #ifndef NO_SHA
- ret = pbkdf1_test();
- if (ret != 0)
- return ret;
- #endif
- ret = pbkdf2_test();
- if (ret != 0)
- return ret;
- ret = pkcs12_test();
- if (ret != 0)
- return ret;
- #ifdef HAVE_SCRYPT
- ret = scrypt_test();
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* NO_PWDBASED */
- #if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256))
- int hkdf_test(void)
- {
- int ret;
- int L = 42;
- byte okm1[42];
- byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
- byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c };
- byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9 };
- byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
- 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
- 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
- 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
- 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
- 0x49, 0x18 };
- byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
- 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
- 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
- 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
- 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
- 0xf8, 0x96 };
- byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
- 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
- 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
- 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
- 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
- 0x96, 0xc8 };
- byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
- 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
- 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
- 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
- 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
- 0x58, 0x65 };
- (void)res1;
- (void)res2;
- (void)res3;
- (void)res4;
- (void)salt1;
- (void)info1;
- #ifndef NO_SHA
- ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
- if (ret != 0)
- return -8200;
- if (XMEMCMP(okm1, res1, L) != 0)
- return -8201;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
- if (ret != 0)
- return -8202;
- if (XMEMCMP(okm1, res2, L) != 0)
- return -8203;
- #endif /* HAVE_FIPS */
- #endif /* NO_SHA */
- #ifndef NO_SHA256
- ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
- if (ret != 0)
- return -8204;
- if (XMEMCMP(okm1, res3, L) != 0)
- return -8205;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
- if (ret != 0)
- return -8206;
- if (XMEMCMP(okm1, res4, L) != 0)
- return -8207;
- #endif /* HAVE_FIPS */
- #endif /* NO_SHA256 */
- return 0;
- }
- #endif /* HAVE_HKDF */
- #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
- int x963kdf_test(void)
- {
- int ret;
- byte kek[128];
- #ifndef NO_SHA
- /* SHA-1, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- const byte Z[] = {
- 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
- 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
- 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
- };
- const byte verify[] = {
- 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
- 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
- };
- #endif
- #ifndef NO_SHA256
- /* SHA-256, COUNT = 3
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- const byte Z2[] = {
- 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
- 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
- 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
- };
- const byte verify2[] = {
- 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
- 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
- };
- #endif
- #ifdef WOLFSSL_SHA512
- /* SHA-512, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- const byte Z3[] = {
- 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
- 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
- 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
- };
- const byte verify3[] = {
- 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
- 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
- };
- /* SHA-512, COUNT = 0
- * shared secret length: 521
- * SharedInfo length: 128
- * key data length: 1024
- */
- const byte Z4[] = {
- 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
- 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
- 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
- 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
- 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
- 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
- 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
- 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
- 0x5a, 0x2d
- };
- const byte info4[] = {
- 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
- 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
- };
- const byte verify4[] = {
- 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
- 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
- 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
- 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
- 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
- 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
- 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
- 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
- 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
- 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
- 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
- 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
- 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
- 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
- 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
- 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
- };
- #endif
- #ifndef NO_SHA
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
- kek, sizeof(verify));
- if (ret != 0)
- return -8300;
- if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
- return -8301;
- #endif
- #ifndef NO_SHA256
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
- kek, sizeof(verify2));
- if (ret != 0)
- return -8302;
- if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
- return -8303;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
- kek, sizeof(verify3));
- if (ret != 0)
- return -8304;
- if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
- return -8305;
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
- sizeof(info4), kek, sizeof(verify4));
- if (ret != 0)
- return -8306;
- if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
- return -8307;
- #endif
- return 0;
- }
- #endif /* HAVE_X963_KDF */
- #ifdef HAVE_ECC
- #ifdef BENCH_EMBEDDED
- #define ECC_SHARED_SIZE 128
- #else
- #define ECC_SHARED_SIZE MAX_ECC_BYTES
- #endif
- #define ECC_DIGEST_SIZE MAX_ECC_BYTES
- #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
- #ifndef NO_ECC_VECTOR_TEST
- #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
- !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
- defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
- #define HAVE_ECC_VECTOR_TEST
- #endif
- #endif
- #ifdef HAVE_ECC_VECTOR_TEST
- typedef struct eccVector {
- const char* msg; /* SHA-1 Encoded Message */
- const char* Qx;
- const char* Qy;
- const char* d; /* Private Key */
- const char* R;
- const char* S;
- const char* curveName;
- word32 msgLen;
- word32 keySize;
- #ifndef NO_ASN
- const byte* r;
- word32 rSz;
- const byte* s;
- word32 sSz;
- #endif
- } eccVector;
- static int ecc_test_vector_item(const eccVector* vector)
- {
- int ret = 0, verify = 0;
- word32 sigSz;
- ecc_key userA;
- DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- word32 sigRawSz;
- DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
- #endif
- ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
- if (ret != 0) {
- FREE_VAR(sig, HEAP_HINT);
- return ret;
- }
- ret = wc_ecc_import_raw(&userA, vector->Qx, vector->Qy,
- vector->d, vector->curveName);
- if (ret != 0)
- goto done;
- XMEMSET(sig, 0, ECC_SIG_SIZE);
- sigSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
- if (ret != 0)
- goto done;
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
- sigRawSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
- sigRaw, &sigRawSz);
- if (ret != 0)
- goto done;
- if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
- ret = -8308;
- goto done;
- }
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
- vector->msgLen, &verify, &userA);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- if (verify != 1)
- ret = -8309;
- done:
- wc_ecc_free(&userA);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- FREE_VAR(sigRaw, HEAP_HINT);
- #endif
- FREE_VAR(sig, HEAP_HINT);
- return ret;
- }
- static int ecc_test_vector(int keySize)
- {
- int ret;
- eccVector vec;
- XMEMSET(&vec, 0, sizeof(vec));
- vec.keySize = (word32)keySize;
- switch(keySize) {
- #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
- case 14:
- return 0;
- #endif /* HAVE_ECC112 */
- #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
- case 16:
- return 0;
- #endif /* HAVE_ECC128 */
- #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
- case 20:
- return 0;
- #endif /* HAVE_ECC160 */
- #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
- case 24:
- /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
- "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
- "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
- "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
- "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
- "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
- "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
- "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
- vec.msgLen = 128;
- #endif
- vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
- vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
- vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
- vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
- vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
- vec.curveName = "SECP192R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
- "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
- vec.rSz = 24;
- vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
- "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
- vec.sSz = 24;
- #endif
- break;
- #endif /* HAVE_ECC192 */
- #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- case 28:
- /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
- "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
- "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
- "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
- "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
- "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
- "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
- "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
- vec.msgLen = 128;
- #endif
- vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
- vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
- vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
- vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
- vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
- vec.curveName = "SECP224R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
- "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
- "\xbc\x16\x71\xa7";
- vec.rSz = 28;
- vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
- "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
- "\x6a\xf3\xad\x5b";
- vec.sSz = 28;
- #endif
- break;
- #endif /* HAVE_ECC224 */
- #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
- case 30:
- return 0;
- #endif /* HAVE_ECC239 */
- #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
- case 32:
- /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
- "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
- "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
- "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
- "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
- "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
- "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
- "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
- vec.msgLen = 128;
- #endif
- vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
- vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
- vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
- vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
- vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
- #ifndef NO_ASN
- vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
- "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
- "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
- vec.rSz = 32;
- vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
- "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
- "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
- vec.sSz = 32;
- #endif
- vec.curveName = "SECP256R1";
- break;
- #endif /* !NO_ECC256 */
- #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
- case 40:
- return 0;
- #endif /* HAVE_ECC320 */
- #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- case 48:
- /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
- "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
- "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
- "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
- "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
- "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
- "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
- "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
- vec.msgLen = 128;
- #endif
- vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
- vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
- vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
- vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
- vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
- vec.curveName = "SECP384R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
- "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
- "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
- "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
- vec.rSz = 48;
- vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
- "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
- "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
- "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
- vec.sSz = 48;
- #endif
- break;
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
- case 64:
- return 0;
- #endif /* HAVE_ECC512 */
- #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
- case 66:
- /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
- "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
- "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
- "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
- "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
- "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
- "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
- "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
- vec.msgLen = 128;
- #endif
- vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
- vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
- vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
- vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
- vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
- vec.curveName = "SECP521R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x00\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77"
- "\x78\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf"
- "\x5b\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c"
- "\x7f\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac"
- "\xb6\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba"
- "\x0a\xa3\xbb\x15\x21\xbe";
- vec.rSz = 66;
- vec.s = (byte*)"\x00\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3"
- "\x23\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd"
- "\xc5\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13"
- "\x4b\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79"
- "\x11\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b"
- "\x6c\x3d\x22\xf2\x48\x0c";
- vec.sSz = 66;
- #endif
- break;
- #endif /* HAVE_ECC521 */
- default:
- return NOT_COMPILED_IN; /* Invalid key size / Not supported */
- }; /* Switch */
- ret = ecc_test_vector_item(&vec);
- if (ret < 0) {
- return ret;
- }
- return 0;
- }
- #ifdef HAVE_ECC_CDH
- static int ecc_test_cdh_vectors(void)
- {
- int ret;
- ecc_key pub_key, priv_key;
- byte sharedA[32] = {0}, sharedB[32] = {0};
- word32 x, z;
- const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
- const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
- const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
- /* setup private and public keys */
- ret = wc_ecc_init(&pub_key);
- if (ret != 0)
- return ret;
- ret = wc_ecc_init(&priv_key);
- if (ret != 0) {
- wc_ecc_free(&pub_key);
- goto done;
- }
- wc_ecc_set_flags(&pub_key, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(&priv_key, WC_ECC_FLAG_COFACTOR);
- ret = wc_ecc_import_raw(&pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(&priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0)
- goto done;
- /* compute ECC Cofactor shared secret */
- x = sizeof(sharedA);
- ret = wc_ecc_shared_secret(&priv_key, &pub_key, sharedA, &x);
- if (ret != 0) {
- goto done;
- }
- /* read in expected Z */
- z = sizeof(sharedB);
- ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
- if (ret != 0)
- goto done;
- /* compare results */
- if (x != z || XMEMCMP(sharedA, sharedB, x)) {
- ERROR_OUT(-8310, done);
- }
- done:
- wc_ecc_free(&priv_key);
- wc_ecc_free(&pub_key);
- return ret;
- }
- #endif /* HAVE_ECC_CDH */
- #endif /* HAVE_ECC_VECTOR_TEST */
- #ifdef HAVE_ECC_KEY_IMPORT
- /* returns 0 on success */
- static int ecc_test_make_pub(WC_RNG* rng)
- {
- ecc_key key;
- unsigned char* exportBuf = NULL;
- unsigned char* tmp = NULL;
- unsigned char msg[] = "test wolfSSL ECC public gen";
- word32 x, tmpSz;
- int ret = 0;
- ecc_point* pubPoint = NULL;
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- ecc_key pub;
- #endif
- #ifdef HAVE_ECC_VERIFY
- int verify = 0;
- #endif
- #ifndef USE_CERT_BUFFERS_256
- FILE* file;
- #endif
- wc_ecc_init(&key);
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- return -8311;
- }
- exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (exportBuf == NULL) {
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -8312;
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
- tmpSz = (size_t)sizeof_ecc_key_der_256;
- #else
- file = fopen(eccKeyDerFile, "rb");
- if (!file) {
- ERROR_OUT(-8313, done);
- }
- tmpSz = (word32)fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- #endif /* USE_CERT_BUFFERS_256 */
- /* import private only then test with */
- ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
- if (ret == 0) {
- ERROR_OUT(-8314, done);
- }
- ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, &key);
- if (ret == 0) {
- ERROR_OUT(-8315, done);
- }
- x = 0;
- ret = wc_EccPrivateKeyDecode(tmp, &x, &key, tmpSz);
- if (ret != 0) {
- ERROR_OUT(-8316, done);
- }
- #ifdef HAVE_ECC_KEY_EXPORT
- x = FOURK_BUF;
- ret = wc_ecc_export_private_only(&key, exportBuf, &x);
- if (ret != 0) {
- ERROR_OUT(-8317, done);
- }
- /* make private only key */
- wc_ecc_free(&key);
- wc_ecc_init(&key);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key);
- if (ret != 0) {
- ERROR_OUT(-8318, done);
- }
- x = FOURK_BUF;
- ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-8319, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- ret = wc_ecc_make_pub(NULL, NULL);
- if (ret == 0) {
- ERROR_OUT(-8320, done);
- }
- pubPoint = wc_ecc_new_point_h(HEAP_HINT);
- if (pubPoint == NULL) {
- ERROR_OUT(-8321, done);
- }
- ret = wc_ecc_make_pub(&key, pubPoint);
- if (ret != 0) {
- ERROR_OUT(-8322, done);
- }
- #ifdef HAVE_ECC_KEY_EXPORT
- /* export should still fail, is private only key */
- x = FOURK_BUF;
- ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-8323, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #ifdef HAVE_ECC_SIGN
- tmpSz = FOURK_BUF;
- ret = wc_ecc_sign_hash(msg, sizeof(msg), tmp, &tmpSz, rng, &key);
- if (ret != 0) {
- ERROR_OUT(-8324, done);
- }
- #ifdef HAVE_ECC_VERIFY
- /* try verify with private only key */
- ret = wc_ecc_verify_hash(tmp, tmpSz, msg, sizeof(msg), &verify, &key);
- if (ret != 0) {
- ERROR_OUT(-8325, done);
- }
- if (verify != 1) {
- ERROR_OUT(-8326, done);
- }
- #ifdef HAVE_ECC_KEY_EXPORT
- /* exporting the public part should now work */
- x = FOURK_BUF;
- ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
- if (ret != 0) {
- ERROR_OUT(-8327, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- /* now test private only key with creating a shared secret */
- x = FOURK_BUF;
- ret = wc_ecc_export_private_only(&key, exportBuf, &x);
- if (ret != 0) {
- ERROR_OUT(-8328, done);
- }
- /* make private only key */
- wc_ecc_free(&key);
- wc_ecc_init(&key);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key);
- if (ret != 0) {
- ERROR_OUT(-8329, done);
- }
- /* check that public export fails with private only key */
- x = FOURK_BUF;
- ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-8330, done);
- }
- /* make public key for shared secret */
- wc_ecc_init(&pub);
- ret = wc_ecc_make_key(rng, 32, &pub);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8331, done);
- }
- x = FOURK_BUF;
- ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x);
- wc_ecc_free(&pub);
- if (ret != 0) {
- ERROR_OUT(-8332, done);
- }
- #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */
- ret = 0;
- done:
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ecc_del_point_h(pubPoint, HEAP_HINT);
- wc_ecc_free(&key);
- return ret;
- }
- #endif /* HAVE_ECC_KEY_IMPORT */
- #ifdef WOLFSSL_KEY_GEN
- static int ecc_test_key_gen(WC_RNG* rng, int keySize)
- {
- int ret = 0;
- int derSz;
- word32 pkcs8Sz;
- byte* der;
- byte* pem;
- ecc_key userA;
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- return -8333;
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -8334;
- }
- ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(rng, keySize, &userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret != 0)
- goto done;
- ret = wc_ecc_check_key(&userA);
- if (ret != 0)
- goto done;
- derSz = wc_EccKeyToDer(&userA, der, FOURK_BUF);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, eccCaKeyTempFile,
- eccCaKeyPemFile, ECC_PRIVATEKEY_TYPE, -6510);
- if (ret != 0) {
- goto done;
- }
- /* test export of public key */
- derSz = wc_EccPublicKeyToDer(&userA, der, FOURK_BUF, 1);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- if (derSz == 0) {
- ERROR_OUT(-8335, done);
- }
- ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile,
- NULL, 0, -6515);
- if (ret != 0) {
- goto done;
- }
- /* test export of PKCS#8 unecrypted private key */
- pkcs8Sz = FOURK_BUF;
- derSz = wc_EccPrivateKeyToPKCS8(&userA, der, &pkcs8Sz);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- if (derSz == 0) {
- ERROR_OUT(-8336, done);
- }
- ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile,
- NULL, 0, -6517);
- if (ret != 0) {
- goto done;
- }
- done:
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ecc_free(&userA);
- return ret;
- }
- #endif /* WOLFSSL_KEY_GEN */
- static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
- int curve_id, const ecc_set_type* dp)
- {
- DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #ifdef HAVE_ECC_KEY_EXPORT
- byte exportBuf[MAX_ECC_BYTES * 2 + 32];
- #endif
- word32 x, y;
- #ifdef HAVE_ECC_SIGN
- DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- int i;
- #ifdef HAVE_ECC_VERIFY
- int verify;
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- int ret;
- ecc_key userA, userB, pubKey;
- int curveSize;
- (void)testVerifyCount;
- (void)dp;
- XMEMSET(&userA, 0, sizeof(ecc_key));
- XMEMSET(&userB, 0, sizeof(ecc_key));
- XMEMSET(&pubKey, 0, sizeof(ecc_key));
- ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(&userA, dp);
- if (ret != 0)
- goto done;
- ret = wc_ecc_set_custom_curve(&userB, dp);
- if (ret != 0)
- goto done;
- }
- #endif
- ret = wc_ecc_make_key_ex(rng, keySize, &userA, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret != 0)
- goto done;
- if (wc_ecc_get_curve_idx(curve_id) != -1) {
- curveSize = wc_ecc_get_curve_size_from_id(userA.dp->id);
- if (curveSize != userA.dp->size) {
- ret = -8337;
- goto done;
- }
- }
- ret = wc_ecc_check_key(&userA);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key_ex(rng, keySize, &userB, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret != 0)
- goto done;
- /* only perform the below tests if the key size matches */
- if (dp == NULL && keySize > 0 && wc_ecc_size(&userA) != keySize) {
- ret = ECC_CURVE_OID_E;
- goto done;
- }
- #ifdef HAVE_ECC_DHE
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- if (y != x)
- ERROR_OUT(-8338, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(-8339, done);
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_ECC_CDH
- /* add cofactor flag */
- wc_ecc_set_flags(&userA, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(&userB, WC_ECC_FLAG_COFACTOR);
- x = sizeof(sharedA);
- ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x);
- if (ret != 0) {
- goto done;
- }
- y = sizeof(sharedB);
- ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- goto done;
- if (y != x)
- ERROR_OUT(-8340, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(-8341, done);
- /* remove cofactor flag */
- wc_ecc_set_flags(&userA, 0);
- wc_ecc_set_flags(&userB, 0);
- #endif /* HAVE_ECC_CDH */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = sizeof(exportBuf);
- ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 0);
- if (ret != 0)
- goto done;
- #ifdef HAVE_ECC_KEY_IMPORT
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(&pubKey, dp);
- if (ret != 0) goto done;
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id);
- if (ret != 0)
- goto done;
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(-8342, done);
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_COMP_KEY
- /* try compressed export / import too */
- x = sizeof(exportBuf);
- ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1);
- if (ret != 0)
- goto done;
- wc_ecc_free(&pubKey);
- ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(&pubKey, dp);
- if (ret != 0) goto done;
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id);
- if (ret != 0)
- goto done;
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(-8343, done);
- #endif /* HAVE_ECC_DHE */
- #endif /* HAVE_COMP_KEY */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #endif /* HAVE_ECC_KEY_EXPORT */
- #ifdef HAVE_ECC_SIGN
- /* ECC w/out Shamir has issue with all 0 digest */
- /* WC_BIGINT doesn't have 0 len well on hardware */
- #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* test DSA sign hash with zeros */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = 0;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- &userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, &userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- if (verify != 1)
- ERROR_OUT(-8344, done);
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */
- /* test DSA sign hash with sequence (0,1,2,3,4,...) */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = (byte)i;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- &userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-8345, done);
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, &userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- if (verify != 1)
- ERROR_OUT(-8346, done);
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = sizeof(exportBuf);
- ret = wc_ecc_export_private_only(&userA, exportBuf, &x);
- if (ret != 0)
- goto done;
- #endif /* HAVE_ECC_KEY_EXPORT */
- done:
- wc_ecc_free(&pubKey);
- wc_ecc_free(&userB);
- wc_ecc_free(&userA);
- FREE_VAR(sharedA, HEAP_HINT);
- FREE_VAR(sharedB, HEAP_HINT);
- #ifdef HAVE_ECC_SIGN
- FREE_VAR(sig, HEAP_HINT);
- FREE_VAR(digest, HEAP_HINT);
- #endif
- return ret;
- }
- #undef ECC_TEST_VERIFY_COUNT
- #define ECC_TEST_VERIFY_COUNT 2
- static int ecc_test_curve(WC_RNG* rng, int keySize)
- {
- int ret;
- ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT,
- ECC_CURVE_DEF, NULL);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- /* some curve sizes are only available with:
- HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
- and HAVE_ECC_KOBLITZ */
- }
- else {
- printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #ifdef HAVE_ECC_VECTOR_TEST
- ret = ecc_test_vector(keySize);
- if (ret < 0) {
- printf("ecc_test_vector %d failed!: %d\n", keySize, ret);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_KEY_GEN
- ret = ecc_test_key_gen(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_gen %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #endif
- return 0;
- }
- #if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \
- defined(HAVE_ECC_KEY_EXPORT)
- static int ecc_point_test(void)
- {
- int ret;
- ecc_point* point;
- ecc_point* point2;
- #ifdef HAVE_COMP_KEY
- ecc_point* point3;
- ecc_point* point4;
- #endif
- word32 outLen;
- byte out[65];
- byte der[] = { 0x04, /* = Uncompressed */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #ifdef HAVE_COMP_KEY
- byte derComp0[] = { 0x02, /* = Compressed, y even */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- byte derComp1[] = { 0x03, /* = Compressed, y odd */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #endif
- byte altDer[] = { 0x04, /* = Uncompressed */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
- int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
- /* if curve P256 is not enabled then test should not fail */
- if (curve_idx == ECC_CURVE_INVALID)
- return 0;
- outLen = sizeof(out);
- point = wc_ecc_new_point();
- if (point == NULL)
- return -8400;
- point2 = wc_ecc_new_point();
- if (point2 == NULL) {
- wc_ecc_del_point(point);
- return -8401;
- }
- #ifdef HAVE_COMP_KEY
- point3 = wc_ecc_new_point();
- if (point3 == NULL) {
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return -8402;
- }
- point4 = wc_ecc_new_point();
- if (point4 == NULL) {
- wc_ecc_del_point(point3);
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return -8403;
- }
- #endif
- /* Parameter Validation testing. */
- wc_ecc_del_point(NULL);
- ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8404;
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8405;
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8406;
- goto done;
- }
- ret = wc_ecc_export_point_der(-1, point, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8407;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8408;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
- if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
- ret = -8409;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8410;
- goto done;
- }
- outLen = 0;
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != BUFFER_E) {
- ret = -8411;
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8412;
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, point2);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8413;
- goto done;
- }
- ret = wc_ecc_copy_point(point, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -8414;
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -8415;
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, point2);
- if (ret != BAD_FUNC_ARG) {
- ret = -8416;
- goto done;
- }
- ret = wc_ecc_cmp_point(point, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -8417;
- goto done;
- }
- /* Use API. */
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
- if (ret != 0) {
- ret = -8418;
- goto done;
- }
- outLen = sizeof(out);
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != 0) {
- ret = -8419;
- goto done;
- }
- if (outLen != sizeof(der)) {
- ret = -8420;
- goto done;
- }
- if (XMEMCMP(out, der, outLen) != 0) {
- ret = -8421;
- goto done;
- }
- ret = wc_ecc_copy_point(point2, point);
- if (ret != MP_OKAY) {
- ret = -8422;
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_EQ) {
- ret = -8423;
- goto done;
- }
- ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
- if (ret != 0) {
- ret = -8424;
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_GT) {
- ret = -8425;
- goto done;
- }
- #ifdef HAVE_COMP_KEY
- ret = wc_ecc_import_point_der(derComp0, sizeof(der), curve_idx, point3);
- if (ret != 0) {
- ret = -8426;
- goto done;
- }
- ret = wc_ecc_import_point_der(derComp1, sizeof(der), curve_idx, point4);
- if (ret != 0) {
- ret = -8427;
- goto done;
- }
- #endif
- done:
- #ifdef HAVE_COMP_KEY
- wc_ecc_del_point(point4);
- wc_ecc_del_point(point3);
- #endif
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return ret;
- }
- #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #ifndef NO_SIG_WRAPPER
- static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
- {
- int ret;
- word32 sigSz;
- int size;
- byte out[ECC_MAX_SIG_SIZE];
- byte in[] = "Everyone gets Friday off.";
- const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- size = wc_ecc_sig_size(key);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
- if (ret != size)
- return -8428;
- sigSz = (word32)ret;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return -8429;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return -8430;
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return -8431;
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return -8432;
- return 0;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
- static int ecc_exp_imp_test(ecc_key* key)
- {
- int ret;
- int curve_id;
- ecc_key keyImp;
- byte priv[32];
- word32 privLen;
- byte pub[65];
- word32 pubLen, pubLenX, pubLenY;
- const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
- "ce46cbc947616d0cbaa82323818a793d";
- const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
- "922f8b30ea6e8811742ac7238fe87308";
- const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
- "2e7a493ec1153b3a95feb8a4873f8d08";
- wc_ecc_init(&keyImp);
- privLen = sizeof(priv);
- ret = wc_ecc_export_private_only(key, priv, &privLen);
- if (ret != 0) {
- ret = -8433;
- goto done;
- }
- pubLen = sizeof(pub);
- ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
- if (ret != 0) {
- ret = -8434;
- goto done;
- }
- ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, &keyImp);
- if (ret != 0) {
- ret = -8435;
- goto done;
- }
- wc_ecc_free(&keyImp);
- wc_ecc_init(&keyImp);
- ret = wc_ecc_import_raw_ex(&keyImp, qx, qy, d, ECC_SECP256R1);
- if (ret != 0) {
- ret = -8436;
- goto done;
- }
- wc_ecc_free(&keyImp);
- wc_ecc_init(&keyImp);
- curve_id = wc_ecc_get_curve_id(key->idx);
- if (curve_id < 0) {
- ret = -8437;
- goto done;
- }
- /* test import private only */
- ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, &keyImp,
- curve_id);
- if (ret != 0) {
- ret = -8438;
- goto done;
- }
- wc_ecc_free(&keyImp);
- wc_ecc_init(&keyImp);
- /* test export public raw */
- pubLenX = pubLenY = 32;
- ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
- if (ret != 0) {
- ret = -8439;
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of public */
- ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
- if (ret != 0) {
- ret = -8440;
- goto done;
- }
- #endif
- wc_ecc_free(&keyImp);
- wc_ecc_init(&keyImp);
- /* test export private and public raw */
- pubLenX = pubLenY = privLen = 32;
- ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
- priv, &privLen);
- if (ret != 0) {
- ret = -8441;
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of private and public */
- ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], priv, ECC_SECP256R1);
- if (ret != 0) {
- ret = -8442;
- goto done;
- }
- #endif
- done:
- wc_ecc_free(&keyImp);
- return ret;
- }
- #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #ifndef WOLFSSL_ATECC508A
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
- static int ecc_mulmod_test(ecc_key* key1)
- {
- int ret;
- ecc_key key2;
- ecc_key key3;
- wc_ecc_init(&key2);
- wc_ecc_init(&key3);
- /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
- /* Need base point (Gx,Gy) and parameter A - load them as the public and
- * private key in key2.
- */
- ret = wc_ecc_import_raw_ex(&key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
- ECC_SECP256R1);
- if (ret != 0)
- goto done;
- /* Need a point (Gx,Gy) and prime - load them as the public and private key
- * in key3.
- */
- ret = wc_ecc_import_raw_ex(&key3, key1->dp->Gx, key1->dp->Gy,
- key1->dp->prime, ECC_SECP256R1);
- if (ret != 0)
- goto done;
- ret = wc_ecc_mulmod(&key1->k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k,
- 1);
- if (ret != 0) {
- ret = -8443;
- goto done;
- }
- done:
- wc_ecc_free(&key3);
- wc_ecc_free(&key2);
- return ret;
- }
- #endif
- static int ecc_ssh_test(ecc_key* key)
- {
- int ret;
- byte out[128];
- word32 outLen = sizeof(out);
- /* Parameter Validation testing. */
- ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -8444;
- ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -8445;
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -8446;
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -8447;
- /* Use API. */
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
- if (ret != 0)
- return -8448;
- return 0;
- }
- #endif
- static int ecc_def_curve_test(WC_RNG *rng)
- {
- int ret;
- ecc_key key;
- wc_ecc_init(&key);
- /* Use API */
- ret = wc_ecc_set_flags(NULL, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = -8449;
- goto done;
- }
- ret = wc_ecc_set_flags(&key, 0);
- if (ret != 0) {
- ret = -8450;
- goto done;
- }
- ret = wc_ecc_make_key(rng, 32, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret != 0) {
- ret = -8451;
- goto done;
- }
- #ifndef NO_SIG_WRAPPER
- ret = ecc_sig_test(rng, &key);
- if (ret < 0)
- goto done;
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
- ret = ecc_exp_imp_test(&key);
- if (ret < 0)
- goto done;
- #endif
- #ifndef WOLFSSL_ATECC508A
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
- ret = ecc_mulmod_test(&key);
- if (ret < 0)
- goto done;
- #endif
- ret = ecc_ssh_test(&key);
- if (ret < 0)
- goto done;
- #endif /* WOLFSSL_ATECC508A */
- done:
- wc_ecc_free(&key);
- return ret;
- }
- #ifdef WOLFSSL_CERT_EXT
- static int ecc_decode_test(void)
- {
- int ret;
- word32 inSz;
- word32 inOutIdx;
- ecc_key key;
- /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
- static const byte good[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
- 0x00, 0x04, 0x01, 0x01 };
- static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
- 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- static const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
- 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- static const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- static const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
- static const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
- static const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x04, 0x01, 0x01 };
- static const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x00, 0x04, 0x01 };
- XMEMSET(&key, 0, sizeof(key));
- wc_ecc_init(&key);
- inSz = sizeof(good);
- ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, &key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -8500;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, NULL, &key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -8501;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -8502;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = -8503;
- goto done;
- }
- /* Change offset to produce bad input data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -8504;
- goto done;
- }
- inOutIdx = 4;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -8505;
- goto done;
- }
- /* Bad data. */
- inSz = sizeof(badNoObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, &key, inSz);
- if (ret != ASN_OBJECT_ID_E) {
- ret = -8506;
- goto done;
- }
- inSz = sizeof(badOneObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, &key, inSz);
- if (ret != ASN_OBJECT_ID_E) {
- ret = -8507;
- goto done;
- }
- inSz = sizeof(badObjId1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, &key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -8508;
- goto done;
- }
- inSz = sizeof(badObj2d1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, &key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -8509;
- goto done;
- }
- inSz = sizeof(badNotBitStr);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, &key, inSz);
- if (ret != ASN_BITSTR_E) {
- ret = -8510;
- goto done;
- }
- inSz = sizeof(badBitStrLen);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, &key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -8511;
- goto done;
- }
- inSz = sizeof(badNoBitStrZero);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, &key, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = -8512;
- goto done;
- }
- inSz = sizeof(badPoint);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, &key, inSz);
- if (ret != ASN_ECC_KEY_E) {
- ret = -8513;
- goto done;
- }
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz);
- if (ret != 0) {
- ret = -8514;
- goto done;
- }
- done:
- wc_ecc_free(&key);
- return ret;
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_CUSTOM_CURVES
- static const byte eccKeyExplicitCurve[] = {
- 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
- 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
- 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
- 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
- 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
- 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
- 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
- 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
- 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
- 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
- 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
- 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
- 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
- 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
- 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
- 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
- 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
- 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
- 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
- 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
- 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
- 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
- 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
- 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
- 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
- };
- static int ecc_test_custom_curves(WC_RNG* rng)
- {
- int ret;
- word32 inOutIdx;
- ecc_key key;
- /* test use of custom curve - using BRAINPOOLP256R1 for test */
- const word32 ecc_oid_brainpoolp256r1_sum = 104;
- const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
- };
- const ecc_set_type ecc_dp_brainpool256r1 = {
- 32, /* size/bytes */
- ECC_CURVE_CUSTOM, /* ID */
- "BRAINPOOLP256R1", /* curve name */
- "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
- "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
- "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
- "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
- "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
- "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
- ecc_oid_brainpoolp256r1, /* oid/oidSz */
- sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t),
- ecc_oid_brainpoolp256r1_sum, /* oid sum */
- 1, /* cofactor */
- };
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
- &ecc_dp_brainpool256r1);
- if (ret != 0) {
- printf("ECC test for custom curve failed! %d\n", ret);
- return ret;
- }
- #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
- {
- int curve_id;
- #ifdef HAVE_ECC_BRAINPOOL
- curve_id = ECC_BRAINPOOLP256R1;
- #else
- curve_id = ECC_SECP256K1;
- #endif
- /* Test and demonstrate use of non-SECP curve */
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
- if (ret < 0) {
- printf("ECC test for curve_id %d failed! %d\n", curve_id, ret);
- return ret;
- }
- }
- #endif
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return -8515;
- }
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, &key,
- sizeof(eccKeyExplicitCurve));
- if (ret != 0)
- return -8516;
- wc_ecc_free(&key);
- return ret;
- }
- #endif /* WOLFSSL_CUSTOM_CURVES */
- #ifdef WOLFSSL_CERT_GEN
- /* Make Cert / Sign example for ECC cert and ECC CA */
- static int ecc_test_cert_gen(WC_RNG* rng)
- {
- int ret;
- Cert myCert;
- int certSz;
- size_t bytes;
- word32 idx = 0;
- #ifndef USE_CERT_BUFFERS_256
- FILE* file;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode;
- #endif
- byte* der = NULL;
- byte* pem = NULL;
- ecc_key caEccKey;
- ecc_key certPubKey;
- XMEMSET(&caEccKey, 0, sizeof(caEccKey));
- XMEMSET(&certPubKey, 0, sizeof(certPubKey));
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-8517, exit);
- }
- pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ERROR_OUT(-8518, exit);
- }
- /* Get cert private key */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Get Cert Key 384 */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
- bytes = sizeof_ca_ecc_key_der_384;
- #else
- file = fopen(eccCaKey384File, "rb");
- if (!file) {
- ERROR_OUT(-8519, exit);
- }
- bytes = fread(der, 1, FOURK_BUF, file);
- fclose(file);
- (void)eccCaKeyFile;
- #endif /* USE_CERT_BUFFERS_256 */
- #else
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
- bytes = sizeof_ca_ecc_key_der_256;
- #else
- file = fopen(eccCaKeyFile, "rb");
- if (!file) {
- ERROR_OUT(-8520, exit);
- }
- bytes = fread(der, 1, FOURK_BUF, file);
- fclose(file);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaKey384File;
- #endif
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- /* Get CA Key */
- ret = wc_ecc_init_ex(&caEccKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8521, exit);
- }
- ret = wc_EccPrivateKeyDecode(der, &idx, &caEccKey, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-8522, exit);
- }
- /* Make a public key */
- ret = wc_ecc_init_ex(&certPubKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8523, exit);
- }
- ret = wc_ecc_make_key(rng, 32, &certPubKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8524, exit);
- }
- /* Setup Certificate */
- if (wc_InitCert(&myCert)) {
- ERROR_OUT(-8525, exit);
- }
- #ifndef NO_SHA256
- myCert.sigType = CTC_SHA256wECDSA;
- #else
- myCert.sigType = CTC_SHAwECDSA;
- #endif
- XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert.certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert.certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert.certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &certPubKey) != 0) {
- ERROR_OUT(-8526, exit);
- }
- /* add AKID from the Public Key */
- if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caEccKey) != 0) {
- ERROR_OUT(-8527, exit);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) {
- ERROR_OUT(-8528, exit);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_384,
- sizeof_ca_ecc_cert_der_384);
- #else
- ret = wc_SetIssuer(&myCert, eccCaCert384File);
- (void)eccCaCertFile;
- #endif
- #else
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_256,
- sizeof_ca_ecc_cert_der_256);
- #else
- ret = wc_SetIssuer(&myCert, eccCaCertFile);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaCert384File;
- #endif
- #endif
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- if (ret < 0) {
- ERROR_OUT(-8529, exit);
- }
- certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &certPubKey, rng);
- if (certSz < 0) {
- ERROR_OUT(-8530, exit);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert.bodySz, myCert.sigType, der,
- FOURK_BUF, NULL, &caEccKey, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-8531, exit);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(&decode, der, certSz, 0);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(&decode);
- ERROR_OUT(-8532, exit);
- }
- FreeDecodedCert(&decode);
- #endif
- ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccDerFile,
- certEccPemFile, CERT_TYPE, -6735);
- if (ret != 0) {
- goto exit;
- }
- exit:
- wc_ecc_free(&certPubKey);
- wc_ecc_free(&caEccKey);
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN */
- int ecc_test(void)
- {
- int ret;
- WC_RNG rng;
- #ifdef WOLFSSL_CERT_EXT
- ret = ecc_decode_test();
- if (ret < 0)
- return ret;
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -8600;
- #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 14);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC112 */
- #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 16);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC128 */
- #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 20);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC160 */
- #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 24);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC192 */
- #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 28);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC224 */
- #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 30);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC239 */
- #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 32);
- if (ret < 0) {
- goto done;
- }
- #if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \
- defined(HAVE_ECC_KEY_EXPORT)
- ret = ecc_point_test();
- if (ret < 0) {
- goto done;
- }
- #endif
- ret = ecc_def_curve_test(&rng);
- if (ret < 0) {
- goto done;
- }
- #endif /* !NO_ECC256 */
- #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 40);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC320 */
- #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 48);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 64);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC512 */
- #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
- ret = ecc_test_curve(&rng, 66);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC521 */
- #if defined(WOLFSSL_CUSTOM_CURVES)
- ret = ecc_test_custom_curves(&rng);
- if (ret != 0) {
- goto done;
- }
- #endif
- #ifdef HAVE_ECC_CDH
- ret = ecc_test_cdh_vectors();
- if (ret != 0) {
- printf("ecc_test_cdh_vectors failed! %d\n", ret);
- goto done;
- }
- #endif
- ret = ecc_test_make_pub(&rng);
- if (ret != 0) {
- printf("ecc_test_make_pub failed!: %d\n", ret);
- goto done;
- }
- #ifdef WOLFSSL_CERT_GEN
- ret = ecc_test_cert_gen(&rng);
- if (ret != 0) {
- printf("ecc_test_cert_gen failed!: %d\n", ret);
- goto done;
- }
- #endif
- done:
- wc_FreeRng(&rng);
- return ret;
- }
- #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
- int ecc_encrypt_test(void)
- {
- WC_RNG rng;
- int ret = 0;
- ecc_key userA, userB;
- byte msg[48];
- byte plain[48];
- byte out[80];
- word32 outSz = sizeof(out);
- word32 plainSz = sizeof(plain);
- int i;
- ecEncCtx* cliCtx = NULL;
- ecEncCtx* srvCtx = NULL;
- byte cliSalt[EXCHANGE_SALT_SZ];
- byte srvSalt[EXCHANGE_SALT_SZ];
- const byte* tmpSalt;
- byte msg2[48];
- byte plain2[48];
- byte out2[80];
- word32 outSz2 = sizeof(out2);
- word32 plainSz2 = sizeof(plain2);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -8700;
- XMEMSET(&userA, 0, sizeof(userA));
- XMEMSET(&userB, 0, sizeof(userB));
- ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(&rng, 32, &userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = -8701; goto done;
- }
- ret = wc_ecc_make_key(&rng, 32, &userB);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = -8702; goto done;
- }
- /* set message to incrementing 0,1,2,etc... */
- for (i = 0; i < (int)sizeof(msg); i++)
- msg[i] = i;
- /* encrypt msg to B */
- ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL);
- if (ret != 0) {
- ret = -8703; goto done;
- }
- /* decrypt msg from A */
- ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL);
- if (ret != 0) {
- ret = -8704; goto done;
- }
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -8705; goto done;
- }
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = -8706; goto done;
- }
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = -8707; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = -8708; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz,cliCtx);
- if (ret != 0)
- goto done;
- /* B decrypts msg (request) from A */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -8709; goto done;
- }
- /* msg2 (response) from B to A */
- for (i = 0; i < (int)sizeof(msg2); i++)
- msg2[i] = i + sizeof(msg2);
- /* get encrypted msg (response) to send to B */
- ret = wc_ecc_encrypt(&userB, &userA, msg2, sizeof(msg2), out2,
- &outSz2, srvCtx);
- if (ret != 0)
- goto done;
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(&userA, &userB, out2, outSz2, plain2, &plainSz2,
- cliCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
- ret = -8710; goto done;
- }
- done:
- /* cleanup */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- wc_ecc_free(&userB);
- wc_ecc_free(&userA);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* HAVE_ECC_ENCRYPT */
- #ifdef USE_CERT_BUFFERS_256
- int ecc_test_buffers(void) {
- size_t bytes;
- ecc_key cliKey;
- ecc_key servKey;
- WC_RNG rng;
- word32 idx = 0;
- int ret;
- /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[256];
- byte plain[256];
- int verify = 0;
- word32 x;
- ret = wc_ecc_init_ex(&cliKey, HEAP_HINT, devId);
- if (ret != 0)
- return -8721;
- ret = wc_ecc_init_ex(&servKey, HEAP_HINT, devId);
- if (ret != 0)
- return -8722;
- bytes = (size_t)sizeof_ecc_clikey_der_256;
- /* place client key into ecc_key struct cliKey */
- ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey,
- (word32)bytes);
- if (ret != 0)
- return -8711;
- idx = 0;
- bytes = (size_t)sizeof_ecc_key_der_256;
- /* place server key into ecc_key struct servKey */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey,
- (word32)bytes);
- if (ret != 0)
- return -8712;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -8713;
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF)
- {
- word32 y;
- /* test encrypt and decrypt if they're available */
- x = sizeof(out);
- ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL);
- if (ret < 0)
- return -8714;
- y = sizeof(plain);
- ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL);
- if (ret < 0)
- return -8715;
- if (XMEMCMP(plain, in, inLen))
- return -8716;
- }
- #endif
- x = sizeof(out);
- ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey);
- if (ret < 0)
- return -8717;
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, &cliKey);
- if (ret < 0)
- return -8718;
- if (XMEMCMP(plain, in, (word32)ret))
- return -8719;
- #ifdef WOLFSSL_CERT_EXT
- idx = 0;
- bytes = sizeof_ecc_clikeypub_der_256;
- ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey,
- (word32) bytes);
- if (ret != 0)
- return -8720;
- #endif
- wc_ecc_free(&cliKey);
- wc_ecc_free(&servKey);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- #define X25519_TEST_CNT 5
- #else
- #define X25519_TEST_CNT 1
- #endif
- static int curve25519_overflow_test(void)
- {
- /* secret key for party a */
- byte sa[X25519_TEST_CNT][32] = {
- {
- 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
- 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
- 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
- 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
- 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
- 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
- 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- }
- #endif
- };
- /* public key for party b */
- byte pb[X25519_TEST_CNT][32] = {
- {
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- /* 0xff first byte in original - invalid! */
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- {
- 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
- 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
- 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
- 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
- },
- {
- 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
- 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
- 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
- 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
- },
- {
- 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
- 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
- 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
- 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
- }
- #endif
- };
- /* expected shared key */
- byte ss[X25519_TEST_CNT][32] = {
- {
- 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
- 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
- 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
- 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
- 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
- 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
- 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
- }
- #endif
- };
- int i;
- word32 y;
- byte shared[32];
- curve25519_key userA;
- wc_curve25519_init(&userA);
- for (i = 0; i < X25519_TEST_CNT; i++) {
- if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
- sizeof(pb[i]), &userA) != 0)
- return -8750 - i;
- /* test against known test vector */
- XMEMSET(shared, 0, sizeof(shared));
- y = sizeof(shared);
- if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0)
- return -8755 - i;
- if (XMEMCMP(ss[i], shared, y))
- return -8760 - i;
- }
- return 0;
- }
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- int curve25519_test(void)
- {
- WC_RNG rng;
- int ret;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- byte sharedA[32];
- byte sharedB[32];
- word32 y;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- byte exportBuf[32];
- #endif
- word32 x;
- curve25519_key userA, userB, pubKey;
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
- */
- /* secret key for party a */
- byte sa[] = {
- 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
- 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
- 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
- 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
- };
- /* public key for party a */
- byte pa[] = {
- 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
- 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
- 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
- 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
- };
- /* secret key for party b */
- byte sb[] = {
- 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
- 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
- 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
- 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
- };
- /* public key for party b */
- byte pb[] = {
- 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
- 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
- 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
- 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
- };
- /* expected shared key */
- byte ss[] = {
- 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
- 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
- 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
- 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
- };
- #endif /* HAVE_CURVE25519_SHARED_SECRET */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -8800;
- wc_curve25519_init(&userA);
- wc_curve25519_init(&userB);
- wc_curve25519_init(&pubKey);
- /* make curve25519 keys */
- if (wc_curve25519_make_key(&rng, 32, &userA) != 0)
- return -8801;
- if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
- return -8802;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -8803;
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -8804;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -8805;
- if (XMEMCMP(sharedA, sharedB, x))
- return -8806;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0)
- return -8807;
- #ifdef HAVE_CURVE25519_KEY_IMPORT
- if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0)
- return -8808;
- #endif
- #endif
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
- return -8809;
- if (XMEMCMP(sharedA, sharedB, y))
- return -8810;
- /* import RFC test vectors and compare shared key */
- if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -8811;
- if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
- != 0)
- return -8812;
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
- return -8813;
- if (XMEMCMP(ss, sharedB, y))
- return -8814;
- /* test swaping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -8815;
- if (XMEMCMP(ss, sharedB, y))
- return -8816;
- /* test with 1 generated key and 1 from known test vector */
- if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -8817;
- if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
- return -8818;
- x = sizeof(sharedA);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -8819;
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -8820;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -8821;
- if (XMEMCMP(sharedA, sharedB, x))
- return -8822;
- ret = curve25519_overflow_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- /* clean up keys when done */
- wc_curve25519_free(&pubKey);
- wc_curve25519_free(&userB);
- wc_curve25519_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE25519 */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static int ed25519_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED25519_VERIFY
- ed25519_key key;
- ed25519_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- int ret;
- byte* tmp;
- size_t bytes;
- FILE* file;
- tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-8823, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
- bytes = sizeof_ca_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = fopen(caEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-8824, done);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-8825, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-8826, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
- bytes = sizeof_server_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = fopen(serverEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-8827, done);
- }
- bytes = fread(tmp, 1, FOURK_BUF, file);
- fclose(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-8828, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-8829, done);
- }
- #ifdef HAVE_ED25519_VERIFY
- ret = wc_ed25519_init(&key);
- if (ret < 0) {
- ERROR_OUT(-8830, done);
- }
- pubKey = &key;
- ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
- pubKey);
- if (ret < 0) {
- ERROR_OUT(-8831, done);
- }
- if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey) < 0 || verify != 1) {
- ERROR_OUT(-8832, done);
- }
- #endif /* HAVE_ED25519_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED25519_VERIFY
- wc_ed25519_free(pubKey);
- #endif /* HAVE_ED25519_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static int ed25519_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed25519_key key;
- ed25519_key* privKey = NULL;
- int ret = 0;
- byte* tmp = NULL;
- wc_InitCert(&cert);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -8833;
- wc_ed25519_init(&key);
- privKey = &key;
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0) {
- ERROR_OUT(-8834, done);
- }
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-8835, done);
- }
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-8836, done);
- }
- #endif
- tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-8837, done);
- }
- cert.sigType = CTC_ED25519;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-8838, done);
- }
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
- ED25519_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-8839, done);
- }
- InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0) {
- ERROR_OUT(-8840, done);
- }
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed25519_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- int ed25519_test(void)
- {
- int ret;
- WC_RNG rng;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- byte out[ED25519_SIG_SIZE];
- byte exportPKey[ED25519_KEY_SIZE];
- byte exportSKey[ED25519_KEY_SIZE];
- word32 exportPSz;
- word32 exportSSz;
- int i;
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- word32 keySz, sigSz;
- ed25519_key key;
- ed25519_key key2;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
- */
- static const byte sKey1[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- static const byte sKey2[] = {
- 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
- 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
- 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
- 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
- };
- static const byte sKey3[] = {
- 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
- 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
- 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
- 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
- };
- /* uncompressed test */
- static const byte sKey4[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- /* compressed prefix test */
- static const byte sKey5[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- static const byte sKey6[] = {
- 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
- 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
- 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
- 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
- };
- static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- static const byte pKey1[] = {
- 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- static const byte pKey2[] = {
- 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
- 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
- 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
- 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
- };
- static const byte pKey3[] = {
- 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
- 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
- 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
- 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
- };
- /* uncompressed test */
- static const byte pKey4[] = {
- 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
- 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
- 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
- 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
- 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
- 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
- 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
- 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
- 0xd7
- };
- /* compressed prefix */
- static const byte pKey5[] = {
- 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- static const byte pKey6[] = {
- 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
- 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
- 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
- 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
- };
- static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- static const byte sig1[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- static const byte sig2[] = {
- 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
- 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
- 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
- 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
- 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
- 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
- 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
- 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
- };
- static const byte sig3[] = {
- 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
- 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
- 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
- 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
- 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
- 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
- 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
- 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
- };
- /* uncompressed test */
- static const byte sig4[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- /* compressed prefix */
- static const byte sig5[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- static const byte sig6[] = {
- 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
- 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
- 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
- 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
- 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
- 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
- 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
- 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
- };
- static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- static const byte msg1[] = {0x0 };
- static const byte msg2[] = {0x72};
- static const byte msg3[] = {0xAF,0x82};
- /* test of a 1024 byte long message */
- static const byte msg4[] = {
- 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
- 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
- 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
- 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
- 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
- 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
- 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
- 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
- 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
- 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
- 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
- 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
- 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
- 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
- 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
- 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
- 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
- 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
- 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
- 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
- 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
- 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
- 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
- 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
- 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
- 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
- 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
- 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
- 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
- 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
- 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
- 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
- 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
- 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
- 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
- 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
- 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
- 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
- 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
- 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
- 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
- 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
- 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
- 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
- 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
- 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
- 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
- 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
- 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
- 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
- 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
- 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
- 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
- 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
- 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
- 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
- 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
- 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
- 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
- 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
- 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
- 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
- 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
- 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
- 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
- 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
- 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
- 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
- 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
- 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
- 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
- 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
- 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
- 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
- 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
- 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
- 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
- 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
- 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
- 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
- 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
- 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
- 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
- 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
- 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
- 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
- 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
- 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
- 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
- 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
- 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
- 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
- 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
- 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
- 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
- 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
- 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
- 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
- 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
- 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
- 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
- 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
- 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
- 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
- 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
- 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
- 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
- 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
- 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
- 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
- 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
- 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
- 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
- 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
- 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
- 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
- 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
- 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
- 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
- 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
- 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
- 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
- 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
- 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
- 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
- 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
- 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
- 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
- };
- static const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- static const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static byte privateEd25519[] = {
- 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- static byte publicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a
- };
- static byte privPubEd25519[] = {
- 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a
- };
- word32 idx;
- ed25519_key key3;
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- /* create ed25519 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -8900;
- wc_ed25519_init(&key);
- wc_ed25519_init(&key2);
- #ifndef NO_ASN
- wc_ed25519_init(&key3);
- #endif
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
- /* helper functions for signature and key size */
- keySz = wc_ed25519_size(&key);
- sigSz = wc_ed25519_sig_size(&key);
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
- pKeySz[i], &key) != 0)
- return -8901 - i;
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
- return -8911 - i;
- if (XMEMCMP(out, sigs[i], 64))
- return -8921 - i;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) != 0 || verify != 1)
- return -8931 - i;
- /* test verify on bad msg */
- out[outlen-1] = out[outlen-1] + 1;
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) == 0 || verify == 1)
- return -8941 - i;
- #endif /* HAVE_ED25519_VERIFY */
- /* test api for import/exporting keys */
- exportPSz = sizeof(exportPKey);
- exportSSz = sizeof(exportSKey);
- if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
- return -8951 - i;
- if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0)
- return -8961 - i;
- if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
- return -8971 - i;
- if (wc_ed25519_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, &key2) != 0)
- return -8981 - i;
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
- return -8991 - i;
- #if defined(HAVE_ED25519_VERIFY)
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key2) != 0 || verify != 1)
- return -9001 - i;
- if (XMEMCMP(out, sigs[i], 64))
- return -9011 - i;
- #endif /* HAVE_ED25519_VERIFY */
- }
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
- sizeof(privateEd25519)) != 0)
- return -7230 - i;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
- != BAD_FUNC_ARG)
- return -7231 - i;
- idx = 0;
- if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
- sizeof(publicEd25519)) != 0)
- return -7232 - i;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
- return -7233 - i;
- if (XMEMCMP(out, sigs[0], 64))
- return -7234 - i;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
- != 0 || verify != 1)
- return -7233 - i;
- #endif /* HAVE_ED25519_VERIFY */
- wc_ed25519_free(&key3);
- wc_ed25519_init(&key3);
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
- sizeof(privPubEd25519)) != 0)
- return -7230 - i;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
- return -7233 - i;
- if (XMEMCMP(out, sigs[0], 64))
- return -7234 - i;
- wc_ed25519_free(&key3);
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- /* clean up keys when done */
- wc_ed25519_free(&key);
- wc_ed25519_free(&key2);
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed25519_test_cert();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_CERT_GEN
- ret = ed25519_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED25519 */
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- typedef struct CMAC_Test_Case {
- int type;
- int partial;
- const byte* m;
- word32 mSz;
- const byte* k;
- word32 kSz;
- const byte* t;
- word32 tSz;
- } CMAC_Test_Case;
- int cmac_test(void)
- {
- #ifdef WOLFSSL_AES_128
- const byte k128[] =
- {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- #define KLEN_128 (sizeof(k128))
- #endif
- #ifdef WOLFSSL_AES_192
- const byte k192[] =
- {
- 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
- 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
- 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
- };
- #define KLEN_192 (sizeof(k192))
- #endif
- #ifdef WOLFSSL_AES_256
- const byte k256[] =
- {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
- #define KLEN_256 (sizeof(k256))
- #endif
- const byte m[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
- };
- #define MLEN_0 (0)
- #define MLEN_128 (128/8)
- #define MLEN_320 (320/8)
- #define MLEN_319 (MLEN_320 - 1)
- #define MLEN_512 (512/8)
- #ifdef WOLFSSL_AES_128
- const byte t128_0[] =
- {
- 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
- 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
- };
- const byte t128_128[] =
- {
- 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
- 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
- };
- const byte t128_319[] =
- {
- 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
- 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
- };
- const byte t128_320[] =
- {
- 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
- 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
- };
- const byte t128_512[] =
- {
- 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
- 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_192
- const byte t192_0[] =
- {
- 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
- 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
- };
- const byte t192_128[] =
- {
- 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
- 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
- };
- const byte t192_320[] =
- {
- 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
- 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
- };
- const byte t192_512[] =
- {
- 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
- 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
- };
- #endif
- #ifdef WOLFSSL_AES_256
- const byte t256_0[] =
- {
- 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
- 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
- };
- const byte t256_128[] =
- {
- 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
- 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
- };
- const byte t256_320[] =
- {
- 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
- 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
- };
- const byte t256_512[] =
- {
- 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
- 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
- };
- #endif
- const CMAC_Test_Case testCases[] =
- {
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_192
- {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_256
- {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
- #endif
- };
- Cmac cmac;
- byte tag[AES_BLOCK_SIZE];
- const CMAC_Test_Case* tc;
- word32 i, tagSz;
- for (i = 0, tc = testCases;
- i < sizeof(testCases)/sizeof(CMAC_Test_Case);
- i++, tc++) {
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = AES_BLOCK_SIZE;
- if (wc_InitCmac(&cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
- return -9100;
- if (tc->partial) {
- if (wc_CmacUpdate(&cmac, tc->m,
- tc->mSz/2 - tc->partial) != 0)
- return -9101;
- if (wc_CmacUpdate(&cmac, tc->m + tc->mSz/2 - tc->partial,
- tc->mSz/2 + tc->partial) != 0)
- return -9102;
- }
- else {
- if (wc_CmacUpdate(&cmac, tc->m, tc->mSz) != 0)
- return -9103;
- }
- if (wc_CmacFinal(&cmac, tag, &tagSz) != 0)
- return -9104;
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- return -9105;
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = sizeof(tag);
- if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
- tc->k, tc->kSz) != 0)
- return -9106;
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- return -9107;
- if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
- tc->k, tc->kSz) != 0)
- return -9108;
- }
- return 0;
- }
- #endif /* NO_AES && WOLFSSL_CMAC */
- #ifdef HAVE_LIBZ
- const byte sample_text[] =
- "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
- "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
- "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
- "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
- "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
- "small batch meggings kogi dolore food truck bespoke gastropub.\n"
- "\n"
- "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
- "four loko you probably haven't heard of them high life. Messenger bag\n"
- "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
- "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
- "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
- "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
- "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
- "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
- "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
- "four loko whatever street art yr farm-to-table.\n"
- "\n"
- "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
- "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
- "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
- "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
- "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
- "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
- "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
- "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
- "locavore.\n"
- "\n"
- "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
- "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
- "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
- "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
- "small batch american apparel. Put a bird on it cosby sweater before they\n"
- "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
- "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
- "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
- "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
- "neutra PBR selvage.\n"
- "\n"
- "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
- "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
- "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
- "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
- "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
- "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
- "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
- "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
- "mollit magna, sriracha sartorial helvetica.\n"
- "\n"
- "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
- "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
- "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
- "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
- "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
- "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
- "Veniam sunt food truck leggings, sint vinyl fap.\n"
- "\n"
- "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
- "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
- "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
- "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
- "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
- "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
- "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
- "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
- "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
- "\n"
- "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
- "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
- "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
- "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
- "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
- "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
- "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
- "bag dolor terry richardson sapiente.\n";
- int compress_test(void)
- {
- int ret = 0;
- word32 dSz = sizeof(sample_text);
- word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
- byte *c = NULL;
- byte *d = NULL;
- c = XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- d = XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (c == NULL || d == NULL) {
- ERROR_OUT(-9200, exit);
- }
- /* follow calloc and initialize to 0 */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
- ERROR_OUT(-9201, exit);
- }
- cSz = (word32)ret;
- if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
- ERROR_OUT(-9202, exit);
- }
- if (XMEMCMP(d, sample_text, dSz)) {
- ERROR_OUT(-9203, exit);
- }
- ret = 0;
- exit:
- if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_LIBZ */
- #ifdef HAVE_PKCS7
- /* External Debugging/Testing Note:
- *
- * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
- * additional testing. To dump bundles to files DER encoded files, please
- * define:
- *
- * #define PKCS7_OUTPUT_TEST_BUNDLES
- */
- /* Loads certs and keys for use with PKCS7 tests, from either files
- * or buffers.
- *
- * rsaCert - output buffer for RSA cert
- * rsaCertSz - IN/OUT size of output buffer, size of RSA cert
- * rsaPrivKey - output buffer for RSA private key
- * rsaPrivKeySz - IN/OUT size of output buffer, size of RSA key
- * eccCert - output buffer for ECC cert
- * eccCertSz - IN/OUT size of output buffer, size of ECC cert
- * eccPrivKey - output buffer for ECC private key
- * eccPrivKeySz - IN/OUT size of output buffer, size of ECC private key
- *
- * Returns 0 on success, negative on error
- */
- static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz,
- byte* rsaPrivKey, word32* rsaPrivKeySz,
- byte* eccCert, word32* eccCertSz,
- byte* eccPrivKey, word32* eccPrivKeySz)
- {
- #ifndef NO_FILESYSTEM
- FILE* certFile;
- FILE* keyFile;
- #endif
- #ifndef NO_RSA
- if (rsaCert == NULL || rsaCertSz == NULL ||
- rsaPrivKey == NULL || rsaPrivKeySz == NULL)
- return BAD_FUNC_ARG;
- #endif
- #ifdef HAVE_ECC
- if (eccCert == NULL || eccCertSz == NULL ||
- eccPrivKey == NULL || eccPrivKeySz == NULL)
- return BAD_FUNC_ARG;
- #endif
- /* RSA */
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaCertSz < (word32)sizeof_client_cert_der_1024)
- return -9204;
- XMEMCPY(rsaCert, client_cert_der_1024, sizeof_client_cert_der_1024);
- *rsaCertSz = sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaCertSz < (word32)sizeof_client_cert_der_2048)
- return -9205;
- XMEMCPY(rsaCert, client_cert_der_2048, sizeof_client_cert_der_2048);
- *rsaCertSz = sizeof_client_cert_der_2048;
- #else
- certFile = fopen(clientCert, "rb");
- if (!certFile)
- return -9206;
- *rsaCertSz = (word32)fread(rsaCert, 1, *rsaCertSz, certFile);
- fclose(certFile);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaPrivKeySz < (word32)sizeof_client_key_der_1024)
- return -9207;
- XMEMCPY(rsaPrivKey, client_key_der_1024, sizeof_client_key_der_1024);
- *rsaPrivKeySz = sizeof_client_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaPrivKeySz < (word32)sizeof_client_key_der_2048)
- return -9208;
- XMEMCPY(rsaPrivKey, client_key_der_2048, sizeof_client_key_der_2048);
- *rsaPrivKeySz = sizeof_client_key_der_2048;
- #else
- keyFile = fopen(clientKey, "rb");
- if (!keyFile)
- return -9209;
- *rsaPrivKeySz = (word32)fread(rsaPrivKey, 1, *rsaPrivKeySz, keyFile);
- fclose(keyFile);
- #endif /* USE_CERT_BUFFERS */
- #endif /* NO_RSA */
- /* ECC */
- #ifdef HAVE_ECC
- #ifdef USE_CERT_BUFFERS_256
- if (*eccCertSz < (word32)sizeof_cliecc_cert_der_256)
- return -9210;
- XMEMCPY(eccCert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- *eccCertSz = sizeof_cliecc_cert_der_256;
- #else
- certFile = fopen(eccClientCert, "rb");
- if (!certFile)
- return -9211;
- *eccCertSz = (word32)fread(eccCert, 1, *eccCertSz, certFile);
- fclose(certFile);
- #endif /* USE_CERT_BUFFERS_256 */
- #ifdef USE_CERT_BUFFERS_256
- if (*eccPrivKeySz < (word32)sizeof_ecc_clikey_der_256)
- return -9212;
- XMEMCPY(eccPrivKey, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- *eccPrivKeySz = sizeof_ecc_clikey_der_256;
- #else
- keyFile = fopen(eccClientKey, "rb");
- if (!keyFile)
- return -9213;
- *eccPrivKeySz = (word32)fread(eccPrivKey, 1, *eccPrivKeySz, keyFile);
- fclose(keyFile);
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* HAVE_ECC */
- #ifdef NO_RSA
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif
- #ifndef HAVE_ECC
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- #endif
- #ifndef NO_FILESYSTEM
- (void)certFile;
- (void)keyFile;
- #endif
- return 0;
- }
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- byte* optionalUkm;
- word32 optionalUkmSz;
- const char* outFileName;
- } pkcs7EnvelopedVector;
- static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- int ret, testSz, i;
- int envelopedSz, decodedSz;
- byte enveloped[2048];
- byte decoded[2048];
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- FILE* pkcs7File;
- #endif
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
- defined(WOLFSSL_SHA512)
- byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- const pkcs7EnvelopedVector testVectors[] =
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataDES3.der"},
- #endif
- #ifndef NO_AES
- #ifdef WOLFSSL_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataAES128CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataAES192CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataAES256CBC.der"},
- #endif
- #endif /* NO_AES */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #ifndef NO_AES
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0,
- "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"},
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"},
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der"},
- /* with optional user keying material (ukm) */
- {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, optionalUkm, sizeof(optionalUkm),
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"},
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* NO_AES */
- #endif
- };
- testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL)
- return -9214;
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return -9215;
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
- sizeof(enveloped));
- if (envelopedSz <= 0) {
- printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz);
- wc_PKCS7_Free(pkcs7);
- return -9216;
- }
- /* decode envelopedData */
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
- decoded, sizeof(decoded));
- if (decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- return -9217;
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- return -9218;
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = fopen(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- return -9219;
- }
- ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File);
- fclose(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- return -9220;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #if !defined(HAVE_ECC) || defined(NO_AES)
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- #endif
- #ifdef NO_RSA
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif
- return 0;
- }
- int pkcs7enveloped_test(void)
- {
- int ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return -9300;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -9301;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -9302;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -9303;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- byte* encryptionKey;
- word32 encryptionKeySz;
- PKCS7Attrib* attribs;
- word32 attribsSz;
- const char* outFileName;
- } pkcs7EncryptedVector;
- int pkcs7encrypted_test(void)
- {
- int ret = 0;
- int i, testSz;
- int encryptedSz, decodedSz, attribIdx;
- PKCS7* pkcs7;
- byte encrypted[2048];
- byte decoded[2048];
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- FILE* pkcs7File;
- #endif
- PKCS7Attrib* expectedAttrib;
- PKCS7DecodedAttrib* decodedAttrib;
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_DES3
- byte desKey[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- byte des3Key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- #endif
- #ifndef NO_AES
- #ifdef WOLFSSL_AES_128
- byte aes128Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte aes192Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Attribute example from RFC 4134, Section 7.2
- * OID = 1.2.5555
- * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
- static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
- static byte genAttr[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
- static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
- static byte genAttr2[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
- PKCS7Attrib attribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
- };
- PKCS7Attrib multiAttribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
- { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
- };
- #endif
- #endif /* NO_AES */
- const pkcs7EncryptedVector testVectors[] =
- {
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
- NULL, 0, "pkcs7encryptedDataDES3.der"},
- {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
- NULL, 0, "pkcs7encryptedDataDES.der"},
- #endif /* NO_DES3 */
- #ifndef NO_AES
- #ifdef WOLFSSL_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
- sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
- sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
- /* test with optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_attribs.der"},
- /* test with multiple optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), multiAttribs,
- (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
- #endif
- #endif /* NO_AES */
- };
- testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- return -9400;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->encryptionKey = testVectors[i].encryptionKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
- pkcs7->unprotectedAttribs = testVectors[i].attribs;
- pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
- /* encode encryptedData */
- encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted));
- if (encryptedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- return -9401;
- }
- /* decode encryptedData */
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, sizeof(decoded));
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- return -9402;
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- wc_PKCS7_Free(pkcs7);
- return -9403;
- }
- /* verify decoded unprotected attributes */
- if (pkcs7->decodedAttrib != NULL) {
- decodedAttrib = pkcs7->decodedAttrib;
- attribIdx = 1;
- while (decodedAttrib != NULL) {
- /* expected attribute, stored list is reversed */
- expectedAttrib = &(pkcs7->unprotectedAttribs
- [pkcs7->unprotectedAttribsSz - attribIdx]);
- /* verify oid */
- if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
- decodedAttrib->oidSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- return -9404;
- }
- /* verify value */
- if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
- decodedAttrib->valueSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- return -9405;
- }
- decodedAttrib = decodedAttrib->next;
- attribIdx++;
- }
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = fopen(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- return -9406;
- }
- ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File);
- fclose(pkcs7File);
- if (ret > 0)
- ret = 0;
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- return ret;
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- typedef struct {
- const byte* content;
- word32 contentSz;
- int hashOID;
- int encryptOID;
- byte* privateKey;
- word32 privateKeySz;
- byte* cert;
- size_t certSz;
- PKCS7Attrib* signedAttribs;
- word32 signedAttribsSz;
- const char* outFileName;
- } pkcs7SignedVector;
- static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- int ret, testSz, i;
- int encodedSz;
- byte* out;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- FILE* file;
- #endif
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- static byte transIdOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x07 };
- static byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- #ifndef NO_SHA
- static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- static byte messageType[] = { 0x13, 2, '1', '9' };
- static byte senderNonce[PKCS7_NONCE_SZ + 2];
- PKCS7Attrib attribs[] =
- {
- { transIdOid, sizeof(transIdOid), transId,
- sizeof(transId) - 1 }, /* take off the null */
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- const pkcs7SignedVector testVectors[] =
- {
- #ifndef NO_RSA
- #ifndef NO_SHA
- /* RSA with SHA */
- {data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz,
- rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA.der"},
- /* RSA with SHA, no signed attributes */
- {data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz,
- rsaCert, rsaCertSz, NULL, 0,
- "pkcs7signedData_RSA_SHA_noattr.der"},
- #endif
- #ifdef WOLFSSL_SHA224
- /* RSA with SHA224 */
- {data, (word32)sizeof(data), SHA224h, RSAk, rsaPrivKey, rsaPrivKeySz,
- rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA224.der"},
- #endif
- #ifndef NO_SHA256
- /* RSA with SHA256 */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz,
- rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256.der"},
- #endif
- #if defined(WOLFSSL_SHA384)
- /* RSA with SHA384 */
- {data, (word32)sizeof(data), SHA384h, RSAk, rsaPrivKey, rsaPrivKeySz,
- rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA384.der"},
- #endif
- #if defined(WOLFSSL_SHA512)
- /* RSA with SHA512 */
- {data, (word32)sizeof(data), SHA512h, RSAk, rsaPrivKey, rsaPrivKeySz,
- rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA512.der"},
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- /* ECDSA with SHA */
- {data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz,
- eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA.der"},
- /* ECDSA with SHA, no signed attributes */
- {data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz,
- eccCert, eccCertSz, NULL, 0,
- "pkcs7signedData_ECDSA_SHA_noattr.der"},
- #endif
- #ifdef WOLFSSL_SHA224
- /* ECDSA with SHA224 */
- {data, (word32)sizeof(data), SHA224h, ECDSAk, eccPrivKey, eccPrivKeySz,
- eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA224.der"},
- #endif
- #ifndef NO_SHA256
- /* ECDSA with SHA256 */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz,
- eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256.der"},
- #endif
- #ifdef WOLFSSL_SHA384
- /* ECDSA with SHA384 */
- {data, (word32)sizeof(data), SHA384h, ECDSAk, eccPrivKey, eccPrivKeySz,
- eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA384.der"},
- #endif
- #ifdef WOLFSSL_SHA512
- /* ECDSA with SHA512 */
- {data, (word32)sizeof(data), SHA512h, ECDSAk, eccPrivKey, eccPrivKeySz,
- eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA512.der"},
- #endif
- #endif /* HAVE_ECC */
- };
- testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector);
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- return -9407;
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -9408;
- }
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -9409;
- }
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
- if (pkcs7 == NULL)
- return -9410;
- pkcs7->heap = HEAP_HINT;
- pkcs7->devId = INVALID_DEVID;
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9410;
- }
- pkcs7->rng = &rng;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->hashOID = testVectors[i].hashOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->signedAttribs = testVectors[i].signedAttribs;
- pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
- /* generate senderNonce */
- {
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9411;
- }
- }
- /* generate transactionID (used with SCEP) */
- {
- #ifndef NO_SHA
- wc_Sha sha;
- byte digest[WC_SHA_DIGEST_SIZE];
- #else
- wc_Sha256 sha;
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- int j,k;
- transId[0] = 0x13;
- transId[1] = sizeof(digest) * 2;
- #ifndef NO_SHA
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9412;
- }
- wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_ShaFinal(&sha, digest);
- wc_ShaFree(&sha);
- #else
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9413;
- }
- wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_Sha256Final(&sha, digest);
- wc_Sha256Free(&sha);
- #endif
- for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
- XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
- }
- }
- encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
- if (encodedSz < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9414;
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = fopen(testVectors[i].outFileName, "wb");
- if (!file) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9415;
- }
- ret = (int)fwrite(out, 1, encodedSz, file);
- fclose(file);
- if (ret != (int)encodedSz) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9416;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
- if (pkcs7 == NULL)
- return -9410;
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9417;
- }
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9418;
- }
- {
- /* check getting signed attributes */
- #ifndef NO_SHA
- byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- byte* oidPt = transIdOid + 2; /* skip object id tag and size */
- int oidSz = (int)sizeof(transIdOid) - 2;
- int bufSz = 0;
- if (testVectors[i].signedAttribs != NULL &&
- wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
- NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9419;
- }
- if (bufSz > (int)sizeof(buf)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9420;
- }
- bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
- buf, (word32*)&bufSz);
- if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
- (testVectors[i].signedAttribs == NULL && bufSz > 0)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9421;
- }
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- file = fopen("./pkcs7cert.der", "wb");
- if (!file) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -9422;
- }
- ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
- fclose(file);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- }
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- #ifndef HAVE_ECC
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- #endif
- #ifdef NO_RSA
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif
- return ret;
- }
- int pkcs7signed_test(void)
- {
- int ret = 0;
- byte* rsaCert = NULL;
- byte* eccCert = NULL;
- byte* rsaPrivKey = NULL;
- byte* eccPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 eccCertSz = 0;
- word32 rsaPrivKeySz = 0;
- word32 eccPrivKeySz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return -9500;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -9501;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -9502;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -9503;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- ret = pkcs7signed_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_PKCS7 */
- #ifdef HAVE_VALGRIND
- /* Need a static build to have access to symbols. */
- /* Maximum number of bytes in a number to test. */
- #define MP_MAX_TEST_BYTE_LEN 16
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
- {
- byte d[MP_MAX_TEST_BYTE_LEN];
- int ret;
- (void)heap;
- do {
- ret = wc_RNG_GenerateBlock(rng, d, len);
- if (ret != 0)
- return ret;
- ret = mp_read_unsigned_bin(n, d, len);
- if (ret != 0)
- return ret;
- } while (mp_iszero(n));
- return 0;
- }
- #endif
- int mp_test(void)
- {
- WC_RNG rng;
- int ret;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- int i, j, k;
- mp_digit d;
- #endif
- mp_int a, b, r1, r2, p;
- ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL);
- if (ret != 0)
- return -9600;
- mp_init_copy(&p, &a);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- goto done;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- mp_set_int(&a, 0);
- if (a.used != 0 || a.dp[0] != 0)
- return -9601;
- for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
- for (i = 0; i < 4 * j; i++) {
- /* New values to use. */
- ret = randNum(&p, j, &rng, NULL);
- if (ret != 0)
- return -9602;
- ret = randNum(&a, j, &rng, NULL);
- if (ret != 0)
- return -9603;
- ret = randNum(&b, j, &rng, NULL);
- if (ret != 0)
- return -9604;
- ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
- if (ret != 0)
- return -9605;
- d &= MP_MASK;
- /* Ensure sqrmod produce same result as mulmod. */
- ret = mp_sqrmod(&a, &p, &r1);
- if (ret != 0)
- return -9606;
- ret = mp_mulmod(&a, &a, &p, &r2);
- if (ret != 0)
- return -9607;
- if (mp_cmp(&r1, &r2) != 0)
- return -9608;
- /* Ensure add with mod produce same result as sub with mod. */
- ret = mp_addmod(&a, &b, &p, &r1);
- if (ret != 0)
- return -9609;
- b.sign ^= 1;
- ret = mp_submod(&a, &b, &p, &r2);
- if (ret != 0)
- return -9610;
- if (mp_cmp(&r1, &r2) != 0)
- return -9611;
- /* Ensure add digit produce same result as sub digit. */
- ret = mp_add_d(&a, d, &r1);
- if (ret != 0)
- return -9612;
- ret = mp_sub_d(&r1, d, &r2);
- if (ret != 0)
- return -9613;
- if (mp_cmp(&a, &r2) != 0)
- return -9614;
- /* Invert - if p is even it will use the slow impl.
- * - if p and a are even it will fail.
- */
- ret = mp_invmod(&a, &p, &r1);
- if (ret != 0 && ret != MP_VAL)
- return -9615;
- ret = 0;
- /* Shift up and down number all bits in a digit. */
- for (k = 0; k < DIGIT_BIT; k++) {
- mp_mul_2d(&a, k, &r1);
- mp_div_2d(&r1, k, &r2, &p);
- if (mp_cmp(&a, &r2) != 0)
- return -9616;
- if (!mp_iszero(&p))
- return -9617;
- mp_rshb(&r1, k);
- if (mp_cmp(&a, &r1) != 0)
- return -9618;
- }
- }
- }
- /* Check that setting a 32-bit digit works. */
- d &= 0xffffffff;
- mp_set_int(&a, d);
- if (a.used != 1 || a.dp[0] != d)
- return -9619;
- /* Check setting a bit and testing a bit works. */
- for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
- mp_zero(&a);
- mp_set_bit(&a, i);
- if (!mp_is_bit_set(&a, i))
- return -9620;
- }
- #endif
- done:
- mp_clear(&p);
- mp_clear(&r2);
- mp_clear(&r1);
- mp_clear(&b);
- mp_clear(&a);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- typedef struct pairs_t {
- const unsigned char* coeff;
- int coeffSz;
- int exp;
- } pairs_t;
- /*
- n =p1p2p3, where pi = ki(p1−1)+1 with (k2,k3) = (173,293)
- p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
- + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
- */
- static const unsigned char c192a[] =
- {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
- 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
- 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
- };
- static const unsigned char c0a[] =
- {
- 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
- 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
- 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
- };
- static const pairs_t ecPairsA[] =
- {
- {c192a, sizeof(c192a), 192},
- {c0a, sizeof(c0a), 0}
- };
- static const int kA[] = {173, 293};
- static const unsigned char controlPrime[] = {
- 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
- 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
- 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
- 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
- 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
- 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
- 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
- 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
- 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
- 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
- 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
- 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
- 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
- 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
- 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
- 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
- };
- static int GenerateNextP(mp_int* p1, mp_int* p2, int k)
- {
- int ret;
- ret = mp_sub_d(p1, 1, p2);
- if (ret == 0)
- ret = mp_mul_d(p2, k, p2);
- if (ret == 0)
- ret = mp_add_d(p2, 1, p2);
- return ret;
- }
- static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
- const pairs_t* ecPairs, int ecPairsSz,
- const int* k)
- {
- mp_int x,y;
- int ret, i;
- ret = mp_init(&x);
- if (ret == 0) {
- ret = mp_init(&y);
- if (ret != 0) {
- mp_clear(&x);
- return MP_MEM;
- }
- }
- for (i = 0; ret == 0 && i < ecPairsSz; i++) {
- ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz);
- /* p1 = 2^exp */
- if (ret == 0)
- ret = mp_2expt(&y, ecPairs[i].exp);
- /* p1 = p1 * m */
- if (ret == 0)
- ret = mp_mul(&x, &y, &x);
- /* p1 += */
- if (ret == 0)
- ret = mp_add(p1, &x, p1);
- mp_zero(&x);
- mp_zero(&y);
- }
- mp_clear(&x);
- mp_clear(&y);
- if (ret == 0)
- ret = GenerateNextP(p1, p2, k[0]);
- if (ret == 0)
- ret = GenerateNextP(p1, p3, k[1]);
- return ret;
- }
- int prime_test(void)
- {
- mp_int n, p1, p2, p3;
- int ret, isPrime = 0;
- WC_RNG rng;
- ret = wc_InitRng(&rng);
- if (ret == 0)
- ret = mp_init_multi(&n, &p1, &p2, &p3, NULL, NULL);
- if (ret == 0)
- ret = GenerateP(&p1, &p2, &p3,
- ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
- if (ret == 0)
- ret = mp_mul(&p1, &p2, &n);
- if (ret == 0)
- ret = mp_mul(&n, &p3, &n);
- if (ret != 0)
- return -9650;
- /* Check the old prime test using the number that false positives.
- * This test result should indicate as not prime. */
- ret = mp_prime_is_prime(&n, 40, &isPrime);
- if (ret != 0)
- return -9651;
- if (isPrime)
- return -9652;
- /* This test result should fail. It should indicate the value as prime. */
- ret = mp_prime_is_prime(&n, 8, &isPrime);
- if (ret != 0)
- return -9653;
- if (!isPrime)
- return -9654;
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng);
- if (ret != 0)
- return -9655;
- if (isPrime)
- return -9656;
- ret = mp_read_unsigned_bin(&n, controlPrime, sizeof(controlPrime));
- if (ret != 0)
- return -9657;
- /* This test result should indicate the value as prime. */
- ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng);
- if (ret != 0)
- return -9658;
- if (!isPrime)
- return -9659;
- /* This test result should indicate the value as prime. */
- isPrime = -1;
- ret = mp_prime_is_prime(&n, 8, &isPrime);
- if (ret != 0)
- return -9660;
- if (!isPrime)
- return -9661;
- mp_clear(&p3);
- mp_clear(&p2);
- mp_clear(&p1);
- mp_clear(&n);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* WOLFSSL_PUBLIC_MP */
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
- typedef struct berDerTestData {
- const byte *in;
- word32 inSz;
- const byte *out;
- word32 outSz;
- } berDerTestData;
- int berder_test(void)
- {
- int ret;
- int i;
- word32 len = 0, l;
- byte out[32];
- static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
- static const byte good1_out[] = { 0x30, 0x00 };
- static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
- static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- static const byte good3_in[] = {
- 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
- };
- static const byte good3_out[] = { 0x04, 0x1, 0x01 };
- static const byte good4_in[] = {
- 0x30, 0x80,
- 0x02, 0x01, 0x01,
- 0x30, 0x80,
- 0x24, 0x80,
- 0x04, 0x01, 0x01,
- 0x04, 0x02, 0x02, 0x03,
- 0x00, 0x00,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x31, 0x80,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x00, 0x00,
- };
- static const byte good4_out[] = {
- 0x30, 0x0d,
- 0x02, 0x01, 0x01,
- 0x30, 0x08,
- 0x04, 0x03, 0x01, 0x02, 0x03,
- 0x06, 0x01, 0x01,
- 0x31, 0x03,
- 0x06, 0x01, 0x01
- };
- berDerTestData testData[] = {
- { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
- { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
- { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
- { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
- };
- for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -9700 - i;
- if (len != testData[i].outSz)
- return -9710 - i;
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
- if (ret != 0)
- return -9720 - i;
- if (XMEMCMP(out, testData[i].out, len) != 0)
- return -9730 - i;
- for (l = 1; l < testData[i].inSz; l++) {
- ret = wc_BerToDer(testData[i].in, l, NULL, &len);
- if (ret != ASN_PARSE_E)
- return -9740;
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, l, out, &len);
- if (ret != ASN_PARSE_E)
- return -9741;
- }
- }
- ret = wc_BerToDer(NULL, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -9742;
- ret = wc_BerToDer(out, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -9743;
- ret = wc_BerToDer(NULL, 4, NULL, &len);
- if (ret != BAD_FUNC_ARG)
- return -9744;
- ret = wc_BerToDer(NULL, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -9745;
- ret = wc_BerToDer(out, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -9746;
- ret = wc_BerToDer(NULL, 4, out, &len);
- if (ret != BAD_FUNC_ARG)
- return -9747;
- for (l = 1; l < sizeof(good4_out); l++) {
- len = l;
- ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
- if (ret != BUFFER_E)
- return -9748;
- }
- return 0;
- }
- #endif
- #ifdef DEBUG_WOLFSSL
- static THREAD_LS_T int log_cnt = 0;
- static void my_Logging_cb(const int logLevel, const char *const logMessage)
- {
- (void)logLevel;
- (void)logMessage;
- log_cnt++;
- }
- #endif /* DEBUG_WOLFSSL */
- int logging_test(void)
- {
- #ifdef DEBUG_WOLFSSL
- const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
- byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
- byte b[256];
- int i;
- for (i = 0; i < (int)sizeof(b); i++)
- b[i] = i;
- if (wolfSSL_Debugging_ON() != 0)
- return -9800;
- if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0)
- return -9801;
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* turn off logs */
- wolfSSL_Debugging_OFF();
- /* capture log count */
- i = log_cnt;
- /* validate no logs are output when disabled */
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* check the logs were disabled */
- if (i != log_cnt)
- return -9802;
- /* restore callback and leave logging enabled */
- wolfSSL_SetLoggingCb(NULL);
- wolfSSL_Debugging_ON();
- /* suppress unused args */
- (void)a;
- (void)b;
- #else
- if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN)
- return -9803;
- wolfSSL_Debugging_OFF();
- if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN)
- return -9804;
- #endif /* DEBUG_WOLFSSL */
- return 0;
- }
- int mutex_test(void)
- {
- #ifdef WOLFSSL_PTHREADS
- wolfSSL_Mutex m;
- #endif
- wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
- if (mm == NULL)
- return -9900;
- wc_FreeMutex(mm);
- XFREE(mm, NULL, DYNAMIC_TYPE_MUTEX);
- #ifdef WOLFSSL_PTHREADS
- if (wc_InitMutex(&m) != 0)
- return -9901;
- if (wc_LockMutex(&m) != 0)
- return -9902;
- if (wc_FreeMutex(&m) != BAD_MUTEX_E)
- return -9903;
- if (wc_UnLockMutex(&m) != 0)
- return -9904;
- if (wc_FreeMutex(&m) != 0)
- return -9905;
- if (wc_LockMutex(&m) != BAD_MUTEX_E)
- return -9906;
- if (wc_UnLockMutex(&m) != BAD_MUTEX_E)
- return -9907;
- #endif
- return 0;
- }
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- static int malloc_cnt = 0;
- static int realloc_cnt = 0;
- static int free_cnt = 0;
- static void *my_Malloc_cb(size_t size)
- {
- malloc_cnt++;
- return malloc(size);
- }
- static void my_Free_cb(void *ptr)
- {
- free_cnt++;
- free(ptr);
- }
- static void *my_Realloc_cb(void *ptr, size_t size)
- {
- realloc_cnt++;
- return realloc(ptr, size);
- }
- int memcb_test(void)
- {
- int ret = 0;
- byte* b = NULL;
- wolfSSL_Malloc_cb mc;
- wolfSSL_Free_cb fc;
- wolfSSL_Realloc_cb rc;
- /* Save existing memory callbacks */
- if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0)
- return -10000;
- /* test realloc */
- b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- ERROR_OUT(-10001, exit_memcb);
- }
- XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- b = NULL;
- /* Use API. */
- if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)(void*)&my_Malloc_cb,
- (wolfSSL_Free_cb)(void*)&my_Free_cb,
- (wolfSSL_Realloc_cb)(void*)&my_Realloc_cb) != 0) {
- ERROR_OUT(-10005, exit_memcb);
- }
- b = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef WOLFSSL_STATIC_MEMORY
- if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
- #else
- if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
- #endif
- ret = -10006;
- exit_memcb:
- /* restore memory callbacks */
- wolfSSL_SetAllocators(mc, fc, rc);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- int blob_test(void)
- {
- int ret = 0;
- byte out[112];
- byte blob[112];
- word32 outSz;
- const byte iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- const byte text[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-10100, exit_blob);
- }
- blob[outSz - 2] += 1;
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret == 0) { /* should fail with altered blob */
- ERROR_OUT(-10101, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-10102, exit_blob);
- }
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0) {
- ERROR_OUT(-10103, exit_blob);
- }
- if (XMEMCMP(out, iv, sizeof(iv))) {
- ERROR_OUT(-10104, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-10105, exit_blob);
- }
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0) {
- ERROR_OUT(-10106, exit_blob);
- }
- if (XMEMCMP(out, text, sizeof(text))) {
- ERROR_OUT(-10107, exit_blob);
- }
- exit_blob:
- return ret;
- }
- #endif /* WOLFSSL_IMX6_CAAM_BLOB */
- #ifdef WOLF_CRYPTO_DEV
- /* Example custom context for crypto callback */
- typedef struct {
- int exampleVar; /* example, not used */
- } myCryptoDevCtx;
- /* Example crypto dev callback function that calls software version */
- static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
- {
- int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
- myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
- if (info == NULL)
- return BAD_FUNC_ARG;
- if (info->algo_type == WC_ALGO_TYPE_PK) {
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
- #endif
- #ifndef NO_RSA
- if (info->pk.type == WC_PK_TYPE_RSA) {
- /* set devId to invalid, so software is used */
- info->pk.rsa.key->devId = INVALID_DEVID;
- switch (info->pk.rsa.type) {
- case RSA_PUBLIC_ENCRYPT:
- case RSA_PUBLIC_DECRYPT:
- /* perform software based RSA public op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- case RSA_PRIVATE_ENCRYPT:
- case RSA_PRIVATE_DECRYPT:
- /* perform software based RSA private op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- }
- /* reset devId */
- info->pk.rsa.key->devId = devIdArg;
- }
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.eccsign.key->devId = INVALID_DEVID;
- ret = wc_ecc_sign_hash(
- info->pk.eccsign.in, info->pk.eccsign.inlen,
- info->pk.eccsign.out, info->pk.eccsign.outlen,
- info->pk.eccsign.rng, info->pk.eccsign.key);
- /* reset devId */
- info->pk.eccsign.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.eccverify.key->devId = INVALID_DEVID;
- ret = wc_ecc_verify_hash(
- info->pk.eccverify.sig, info->pk.eccverify.siglen,
- info->pk.eccverify.hash, info->pk.eccverify.hashlen,
- info->pk.eccverify.res, info->pk.eccverify.key);
- /* reset devId */
- info->pk.eccverify.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDH) {
- /* set devId to invalid, so software is used */
- info->pk.ecdh.private_key->devId = INVALID_DEVID;
- ret = wc_ecc_shared_secret(
- info->pk.ecdh.private_key, info->pk.ecdh.public_key,
- info->pk.ecdh.out, info->pk.ecdh.outlen);
- /* reset devId */
- info->pk.ecdh.private_key->devId = devIdArg;
- }
- #endif /* HAVE_ECC */
- }
- (void)myCtx;
- return ret;
- }
- int cryptodev_test(void)
- {
- int ret = 0;
- myCryptoDevCtx myCtx;
- /* example data for callback */
- myCtx.exampleVar = 1;
- /* set devId to something other than INVALID_DEVID */
- devId = 1;
- ret = wc_CryptoDev_RegisterDevice(devId, myCryptoDevCb, &myCtx);
- #ifndef NO_RSA
- if (ret == 0)
- ret = rsa_test();
- #endif
- #ifdef HAVE_ECC
- if (ret == 0)
- ret = ecc_test();
- #endif
- /* reset devId */
- devId = INVALID_DEVID;
- return ret;
- }
- #endif /* WOLF_CRYPTO_DEV */
- #undef ERROR_OUT
- #else
- #ifndef NO_MAIN_DRIVER
- int main() { return 0; }
- #endif
- #endif /* NO_CRYPT_TEST */
|