/* api.c API unit tests * * Copyright (C) 2006-2021 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* For AES-CBC, input lengths can optionally be validated to be a * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS, * also available via the configure option --enable-aescbc-length-checks. */ /*----------------------------------------------------------------------------* | Includes *----------------------------------------------------------------------------*/ #ifdef HAVE_CONFIG_H #include #endif #include #ifndef FOURK_BUF #define FOURK_BUF 4096 #endif #ifndef TWOK_BUF #define TWOK_BUF 2048 #endif #ifndef ONEK_BUF #define ONEK_BUF 1024 #endif #if defined(WOLFSSL_STATIC_MEMORY) #include #endif /* WOLFSSL_STATIC_MEMORY */ #ifndef HEAP_HINT #define HEAP_HINT NULL #endif /* WOLFSSL_STAIC_MEMORY */ #ifdef WOLFSSL_ASNC_CRYPT #include #endif #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ #ifndef ECC_ASN963_MAX_BUF_SZ #define ECC_ASN963_MAX_BUF_SZ 133 #endif #ifndef ECC_PRIV_KEY_BUF #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ #endif /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ /* logic to choose right key ECC size */ #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 #define KEY14 14 #else #define KEY14 32 #endif #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 #define KEY16 16 #else #define KEY16 32 #endif #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 #define KEY20 20 #else #define KEY20 32 #endif #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 #define KEY24 24 #else #define KEY24 32 #endif #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) #define KEY28 28 #else #define KEY28 32 #endif #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) #define KEY30 30 #else #define KEY30 32 #endif #define KEY32 32 #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) #define KEY40 40 #else #define KEY40 32 #endif #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) #define KEY48 48 #else #define KEY48 32 #endif #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) #define KEY64 64 #else #define KEY64 32 #endif #if !defined(HAVE_COMP_KEY) #if !defined(NOCOMP) #define NOCOMP 0 #endif #else #if !defined(COMP) #define COMP 1 #endif #endif #if !defined(DER_SZ) #define DER_SZ(ks) (ks * 2 + 1) #endif #endif #ifndef NO_ASN #include #endif #include #include #include /* compatibility layer */ #include #include #include "examples/server/server.h" /* for testing compatibility layer callbacks */ #ifndef NO_MD5 #include #endif #ifndef NO_SHA #include #endif #ifndef NO_SHA256 #include #endif #ifdef WOLFSSL_SHA512 #include #endif #ifdef WOLFSSL_SHA384 #include #endif #ifdef WOLFSSL_SHA3 #include #ifndef HEAP_HINT #define HEAP_HINT NULL #endif #endif #ifndef NO_AES #include #ifdef HAVE_AES_DECRYPT #include #endif #endif #ifdef WOLFSSL_RIPEMD #include #endif #ifdef HAVE_IDEA #include #endif #ifndef NO_DES3 #include #include #endif #ifdef WC_RC2 #include #endif #ifndef NO_HMAC #include #endif #ifdef HAVE_CHACHA #include #endif #ifdef HAVE_POLY1305 #include #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #include #endif #ifdef HAVE_CAMELLIA #include #endif #ifndef NO_RABBIT #include #endif #ifndef NO_RC4 #include #endif #ifdef HAVE_BLAKE2 #include #endif #include #ifndef NO_RSA #include #define FOURK_BUF 4096 #define GEN_BUF 294 #ifndef USER_CRYPTO_ERROR #define USER_CRYPTO_ERROR -101 /* error returned by IPP lib. */ #endif #endif #ifndef NO_SIG_WRAPPER #include #endif #ifdef HAVE_AESCCM #include #endif #ifdef HAVE_HC128 #include #endif #ifdef HAVE_PKCS7 #include #include #ifdef HAVE_LIBZ #include #endif #endif #ifdef WOLFSSL_SMALL_CERT_VERIFY #include #endif #ifndef NO_DSA #include #ifndef ONEK_BUF #define ONEK_BUF 1024 #endif #ifndef TWOK_BUF #define TWOK_BUF 2048 #endif #ifndef FOURK_BUF #define FOURK_BUF 4096 #endif #ifndef DSA_SIG_SIZE #define DSA_SIG_SIZE 40 #endif #ifndef MAX_DSA_PARAM_SIZE #define MAX_DSA_PARAM_SIZE 256 #endif #endif #ifdef WOLFSSL_CMAC #include #endif #ifdef HAVE_ED25519 #include #endif #ifdef HAVE_CURVE25519 #include #endif #ifdef HAVE_ED448 #include #endif #ifdef HAVE_CURVE448 #include #endif #ifdef HAVE_PKCS12 #include #endif #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)) #include #ifndef NO_ASN /* for ASN_COMMON_NAME DN_tags enum */ #include #endif #ifdef HAVE_OCSP #include #endif #endif #ifdef OPENSSL_EXTRA #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef OPENSSL_ALL #include #include #endif #ifndef NO_AES #include #endif #ifndef NO_DES3 #include #endif #ifdef HAVE_ECC #include #endif #ifdef HAVE_PKCS7 #include #endif #ifdef HAVE_ED25519 #include #endif #ifdef HAVE_ED448 #include #endif #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(RC_NO_RNG) #include #endif #if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \ defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \ !defined(WOLFSSL_ASN_TEMPLATE)) /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT, * or for setting authKeyIdSrc in WOLFSSL_X509 */ #include "wolfssl/internal.h" #endif /* force enable test buffers */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 #endif #ifndef USE_CERT_BUFFERS_256 #define USE_CERT_BUFFERS_256 #endif #include typedef struct testVector { const char* input; const char* output; size_t inLen; size_t outLen; } testVector; #if defined(HAVE_PKCS7) typedef struct { const byte* content; word32 contentSz; int contentOID; int encryptOID; int keyWrapOID; int keyAgreeOID; byte* cert; size_t certSz; byte* privateKey; word32 privateKeySz; } pkcs7EnvelopedVector; #ifndef NO_PKCS7_ENCRYPTED_DATA typedef struct { const byte* content; word32 contentSz; int contentOID; int encryptOID; byte* encryptionKey; word32 encryptionKeySz; } pkcs7EncryptedVector; #endif #endif /* HAVE_PKCS7 */ /*----------------------------------------------------------------------------* | Constants *----------------------------------------------------------------------------*/ #define TEST_SUCCESS (1) #define TEST_FAIL (0) #define testingFmt " %s:" #define resultFmt " %s\n" static const char* passed = "passed"; static const char* failed = "failed"; #define TEST_STRING "Everyone gets Friday off." #define TEST_STRING_SZ 25 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) #define TEST_RSA_BITS 1024 #else #define TEST_RSA_BITS 2048 #endif #define TEST_RSA_BYTES (TEST_RSA_BITS/8) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) static const char* bogusFile = #ifdef _WIN32 "NUL" #else "/dev/null" #endif ; #endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */ enum { TESTING_RSA = 1, TESTING_ECC = 2 }; #ifdef WOLFSSL_QNX_CAAM #include static int devId = WOLFSSL_CAAM_DEVID; #else static int devId = INVALID_DEVID; #endif /*----------------------------------------------------------------------------* | Setup *----------------------------------------------------------------------------*/ static int test_wolfSSL_Init(void) { int result; printf(testingFmt, "wolfSSL_Init()"); result = wolfSSL_Init(); printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed); return result; } static int test_wolfSSL_Cleanup(void) { int result; printf(testingFmt, "wolfSSL_Cleanup()"); result = wolfSSL_Cleanup(); printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed); return result; } /* Initialize the wolfCrypt state. * POST: 0 success. */ static int test_wolfCrypt_Init(void) { int result; printf(testingFmt, "wolfCrypt_Init()"); result = wolfCrypt_Init(); printf(resultFmt, result == 0 ? passed : failed); return result; } /* END test_wolfCrypt_Init */ /*----------------------------------------------------------------------------* | Platform dependent function test *----------------------------------------------------------------------------*/ static int test_fileAccess(void) { #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM) const char *fname[] = { svrCertFile, svrKeyFile, caCertFile, eccCertFile, eccKeyFile, eccRsaCertFile, cliCertFile, cliCertDerFile, cliKeyFile, dhParamFile, cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile, cliEdCertFile, cliEdKeyFile, caEdCertFile, NULL }; const char derfile[] = "./certs/server-cert.der"; XFILE f; size_t sz; byte *buff; int i; printf(testingFmt, "test_fileAccess()"); AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE); for(i=0; fname[i] != NULL ; i++){ AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE); XFCLOSE(f); } AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE); AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); sz = (size_t) XFTELL(f); XREWIND(f); AssertTrue(sz == sizeof_server_cert_der_2048); AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ; AssertTrue(XFREAD(buff, 1, sz, f) == sz); XMEMCMP(server_cert_der_2048, buff, sz); printf(resultFmt, passed); #endif return WOLFSSL_SUCCESS; } /*----------------------------------------------------------------------------* | Method Allocators *----------------------------------------------------------------------------*/ static void test_wolfSSL_Method_Allocators(void) { #define TEST_METHOD_ALLOCATOR(allocator, condition) \ do { \ WOLFSSL_METHOD *method; \ condition(method = allocator()); \ XFREE(method, 0, DYNAMIC_TYPE_METHOD); \ } while(0) #define TEST_VALID_METHOD_ALLOCATOR(a) \ TEST_METHOD_ALLOCATOR(a, AssertNotNull) #define TEST_INVALID_METHOD_ALLOCATOR(a) \ TEST_METHOD_ALLOCATOR(a, AssertNull) #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); #endif #endif #ifdef WOLFSSL_ALLOW_TLSV10 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); #endif #endif #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); #endif #endif /* !NO_OLD_TLS */ #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); #endif #endif /* !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_TLS13 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method); #endif #endif /* WOLFSSL_TLS13 */ #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method); #endif #ifdef WOLFSSL_DTLS #ifndef NO_OLD_TLS #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method); #endif #endif #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method); #endif #endif #endif /* WOLFSSL_DTLS */ #if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA) /* Stubs */ #ifndef NO_WOLFSSL_SERVER TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method); #endif #endif /* Test Either Method (client or server) */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method); #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_TLSV10 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method); #endif TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method); #endif /* !NO_OLD_TLS */ #ifndef WOLFSSL_NO_TLS12 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method); #endif /* !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_TLS13 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method); #endif /* WOLFSSL_TLS13 */ #ifdef WOLFSSL_DTLS TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method); #ifndef NO_OLD_TLS TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method); #endif /* !NO_OLD_TLS */ #ifndef WOLFSSL_NO_TLS12 TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method); #endif /* !WOLFSSL_NO_TLS12 */ #endif /* WOLFSSL_DTLS */ #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ } /*----------------------------------------------------------------------------* | Context *----------------------------------------------------------------------------*/ #ifndef NO_WOLFSSL_SERVER static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method) { WOLFSSL_CTX *ctx; AssertNull(ctx = wolfSSL_CTX_new(NULL)); AssertNotNull(method); AssertNotNull(ctx = wolfSSL_CTX_new(method)); wolfSSL_CTX_free(ctx); } #endif #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) static void test_for_double_Free(void) { WOLFSSL_CTX* ctx; WOLFSSL* ssl; int skipTest = 0; const char* testCertFile; const char* testKeyFile; char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA" ":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM" "-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:" "DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-" "AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE" "-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-" "8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-" "NULL-SHA:HC128-MD5:HC128-SHA:RABBIT-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-" "AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-" "SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R" "SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA" ":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-" "RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA" ":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3" "-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES" "256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E" "CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25" "6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC" "M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL" "LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH" "E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD" "H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD" "SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA" "CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R" "SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO" "LY1305-OLD:IDEA-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A" "ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA" "CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S" "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-" "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384"; #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else skipTest = 1; #endif if (skipTest != 1) { #ifndef NO_WOLFSSL_SERVER ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* First test freeing SSL, then CTX */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* Next test freeing CTX then SSL */ wolfSSL_CTX_free(ctx); wolfSSL_free(ssl); #ifndef NO_WOLFSSL_SERVER ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif /* Test setting ciphers at ctx level */ AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers)); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) /* only update TLSv13 suites */ AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384")); #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ defined(WOLFSSL_AES_128) && !defined(NO_RSA) /* only update pre-TLSv13 suites */ AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256")); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_CTX_free(ctx); wolfSSL_free(ssl); #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* test setting ciphers at SSL level */ AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers)); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) /* only update TLSv13 suites */ AssertTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384")); #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ defined(WOLFSSL_AES_128) && !defined(NO_RSA) /* only update pre-TLSv13 suites */ AssertTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256")); #endif wolfSSL_CTX_free(ctx); wolfSSL_free(ssl); } } #endif static void test_wolfSSL_CTX_use_certificate_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile, WOLFSSL_FILETYPE_PEM)); /* invalid cert file */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); /* invalid cert type */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999)); #ifdef NO_RSA /* rsa needed */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM)); #else /* success */ AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); #endif } #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) static int test_wolfSSL_CTX_use_certificate_ASN1(void) { #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) WOLFSSL_CTX* ctx; int ret; printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048, server_cert_der_2048); printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed); wolfSSL_CTX_free(ctx); return ret; #else return WOLFSSL_SUCCESS; #endif } #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */ /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into * context using buffer. * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with * --enable-testcert flag. */ static int test_wolfSSL_CTX_use_certificate_buffer(void) { #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \ !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; int ret; printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1); printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed); wolfSSL_CTX_free(ctx); return ret; #else return WOLFSSL_SUCCESS; #endif } /*END test_wolfSSL_CTX_use_certificate_buffer*/ static void test_wolfSSL_CTX_use_PrivateKey_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM)); /* invalid key file */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); /* invalid key type */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999)); /* success */ #ifdef NO_RSA /* rsa needed */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #else /* success */ AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); #endif } /* test both file and buffer versions along with unloading trusted peer certs */ static void test_wolfSSL_CTX_trust_peer_cert(void) { #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \ !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #if !defined(NO_FILESYSTEM) /* invalid file */ assert(wolfSSL_CTX_trust_peer_cert(ctx, NULL, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS); assert(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS); assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS); /* success */ assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) == WOLFSSL_SUCCESS); /* unload cert */ assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS); assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS); #endif /* Test of loading certs from buffers */ /* invalid buffer */ assert(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS); /* success */ #ifdef USE_CERT_BUFFERS_1024 assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024, sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS); #endif #ifdef USE_CERT_BUFFERS_2048 assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS); #endif /* unload cert */ assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS); assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_load_verify_locations(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; #ifndef NO_RSA WOLFSSL_CERT_MANAGER* cm; #ifdef PERSIST_CERT_CACHE int cacheSz; #endif #endif #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) const char* load_certs_path = "./certs/external"; const char* load_no_certs_path = "./examples"; const char* load_expired_path = "./certs/test/expired"; #endif AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); /* invalid arguments */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE); /* invalid ca file */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE)); #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ (defined(WOLFSSL_QT) && \ !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) /* invalid path */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE)); #endif /* load ca cert */ #ifdef NO_RSA AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE)); #else /* Skip the following test without RSA certs. */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Get cert cache size */ cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx); #endif /* Test unloading CA's */ AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Verify no certs (result is less than cacheSz) */ AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); #endif /* load ca cert again */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); /* Test getting CERT_MANAGER */ AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx)); /* Test unloading CA's using CM */ AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Verify no certs (result is less than cacheSz) */ AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); #endif #endif #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) /* Test loading CA certificates using a path */ #ifdef NO_RSA /* failure here okay since certs in external directory are RSA */ AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #endif /* Test loading path with no files */ AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE); /* Test loading expired CA certificates */ #ifdef NO_RSA AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #endif /* Test loading CA certificates and ignoring all errors */ #ifdef NO_RSA AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS); #endif #endif wolfSSL_CTX_free(ctx); #endif } #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type) { int ret; WOLFSSL_CERT_MANAGER* cm; cm = wolfSSL_CertManagerNew(); if (cm == NULL) { printf("test_cm_load_ca failed\n"); return -1; } ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type); wolfSSL_CertManagerFree(cm); return ret; } static int test_cm_load_ca_file(const char* ca_cert_file) { int ret = 0; byte* cert_buf = NULL; size_t cert_sz = 0; #if defined(WOLFSSL_PEM_TO_DER) DerBuffer* pDer = NULL; #endif ret = load_file(ca_cert_file, &cert_buf, &cert_sz); if (ret == 0) { /* normal test */ ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM); if (ret == WOLFSSL_SUCCESS) { /* test including null terminator in length */ byte* tmp = (byte*)realloc(cert_buf, cert_sz+1); if (tmp == NULL) { ret = MEMORY_E; } else { cert_buf = tmp; cert_buf[cert_sz] = '\0'; ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, WOLFSSL_FILETYPE_PEM); } } #if defined(WOLFSSL_PEM_TO_DER) if (ret == WOLFSSL_SUCCESS) { /* test loading DER */ ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL); if (ret == 0 && pDer != NULL) { ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length, WOLFSSL_FILETYPE_ASN1); wc_FreeDer(&pDer); } } #endif } free(cert_buf); return ret; } #endif /* !NO_FILESYSTEM && !NO_CERTS */ static void test_wolfSSL_CertManagerCheckOCSPResponse(void) { #if defined(HAVE_OCSP) && !defined(NO_RSA) /* Need one of these for wolfSSL_OCSP_REQUEST_new. */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ defined(HAVE_LIGHTY) WOLFSSL_CERT_MANAGER* cm = NULL; /* Raw OCSP response bytes captured using the following setup: * - Run responder with * openssl ocsp -port 9999 -ndays 9999 * -index certs/ocsp/index-intermediate1-ca-issued-certs.txt * -rsigner certs/ocsp/ocsp-responder-cert.pem * -rkey certs/ocsp/ocsp-responder-key.pem * -CA certs/ocsp/intermediate1-ca-cert.pem * - Run client with * openssl ocsp -host 127.0.0.1:9999 -respout resp.out * -issuer certs/ocsp/intermediate1-ca-cert.pem * -cert certs/ocsp/server1-cert.pem * -CAfile certs/ocsp/root-ca-cert.pem -noverify * - Copy raw response from Wireshark. */ byte response[] = { 0x30, 0x82, 0x07, 0x40, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, 0x82, 0x07, 0x35, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x07, 0x26, 0x30, 0x82, 0x07, 0x22, 0x30, 0x82, 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0x30, 0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x34, 0x38, 0x30, 0x39, 0x31, 0x37, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa1, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, 0x04, 0x10, 0x38, 0x31, 0x60, 0x99, 0xc8, 0x05, 0x09, 0x68, 0x1c, 0x33, 0x49, 0xea, 0x45, 0x26, 0x2f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0x58, 0xcc, 0x69, 0x42, 0xe2, 0x9e, 0x64, 0xf6, 0x57, 0xce, 0xcb, 0x5f, 0x14, 0xaf, 0x08, 0x6c, 0xc1, 0x52, 0x7a, 0x40, 0x0a, 0xfd, 0xb6, 0xce, 0xbb, 0x40, 0xf4, 0xb9, 0xa5, 0x88, 0xc7, 0xf3, 0x42, 0x9f, 0xa9, 0x94, 0xbe, 0x6e, 0x7e, 0x09, 0x30, 0x9d, 0x0e, 0x10, 0x6f, 0x9c, 0xd9, 0x4c, 0x71, 0x81, 0x41, 0x64, 0x95, 0xf5, 0x85, 0x77, 0x94, 0x81, 0x61, 0x88, 0xc8, 0x0b, 0x50, 0xbb, 0x37, 0xc8, 0x86, 0x76, 0xd8, 0xa2, 0xed, 0x66, 0x34, 0xfb, 0xe4, 0xe7, 0x09, 0x8c, 0xf5, 0xb5, 0x85, 0xd0, 0x4b, 0xb5, 0xe6, 0x23, 0x62, 0xc3, 0xd0, 0xef, 0xf7, 0x42, 0x89, 0x02, 0x80, 0x64, 0xc9, 0xed, 0xdd, 0x7c, 0x8f, 0x0d, 0xe7, 0x43, 0x9b, 0x88, 0x1f, 0xb0, 0xfd, 0x24, 0x01, 0xc7, 0x55, 0xc3, 0x73, 0x12, 0x84, 0x09, 0x7c, 0x57, 0xa8, 0x5d, 0xab, 0x75, 0x29, 0x5c, 0x36, 0x97, 0x64, 0x40, 0x0b, 0x55, 0x34, 0x0a, 0x5d, 0xb1, 0x1b, 0x61, 0x1b, 0xdc, 0xe5, 0x89, 0xdd, 0x92, 0x62, 0x57, 0xa7, 0x52, 0xb4, 0x38, 0x9a, 0x48, 0xc8, 0x3a, 0x14, 0xde, 0x69, 0x42, 0xe9, 0x37, 0xa4, 0xe7, 0x2d, 0x00, 0xa7, 0x0b, 0x29, 0x18, 0xd5, 0xce, 0xd9, 0x0d, 0xdd, 0xfe, 0xae, 0x86, 0xb3, 0x32, 0x1c, 0xc9, 0x33, 0xb0, 0x2b, 0xb7, 0x3c, 0x0d, 0x43, 0xd8, 0x6c, 0xf2, 0xb7, 0xcd, 0x7b, 0xd5, 0x7d, 0xf0, 0xde, 0x34, 0x9f, 0x6d, 0x83, 0xb9, 0xd5, 0xed, 0xe3, 0xda, 0x96, 0x40, 0x9e, 0xd6, 0xa6, 0xfd, 0x70, 0x80, 0x70, 0x87, 0x61, 0x0f, 0xc5, 0x9f, 0x75, 0xfe, 0x11, 0x78, 0x34, 0xc9, 0x42, 0x16, 0x73, 0x46, 0x7b, 0x05, 0x53, 0x28, 0x43, 0xbe, 0xee, 0x88, 0x67, 0x1d, 0xcc, 0x74, 0xa7, 0xb6, 0x58, 0x7b, 0x29, 0x68, 0x40, 0xcf, 0xce, 0x7b, 0x19, 0x33, 0x68, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x07, 0xca, 0xa6, 0xa1, 0x9f, 0xbf, 0xaf, 0x92, 0x41, 0x35, 0x66, 0x51, 0xac, 0xbc, 0x2c, 0xec, 0xe7, 0x8d, 0x65, 0x7e, 0xe9, 0x40, 0xfe, 0x5a, 0xab, 0x8a, 0x1d, 0x3d, 0x13, 0xdb, 0xb4, 0x43, 0x2c, 0x9a, 0x36, 0x98, 0x21, 0xa5, 0xe8, 0xca, 0xa9, 0x4d, 0xfc, 0xe3, 0xf7, 0x45, 0x88, 0xcd, 0x33, 0xbf, 0x8a, 0x62, 0x10, 0x2f, 0xb2, 0xb7, 0x04, 0xef, 0x26, 0x43, 0x51, 0x1d, 0x43, 0x62, 0x7d, 0x1e, 0x50, 0xc8, 0xd5, 0x98, 0x94, 0x71, 0x8f, 0x3b, 0x23, 0x26, 0xf1, 0x71, 0x8e, 0x1e, 0x3d, 0x3f, 0x21, 0xfd, 0xb7, 0x2d, 0x65, 0xe4, 0x07, 0x65, 0xac, 0x3c, 0xfc, 0xc0, 0x47, 0xa9, 0x32, 0xf6, 0xda, 0x26, 0x93, 0x10, 0xb2, 0xd1, 0x6d, 0xc8, 0x81, 0x31, 0x7c, 0xb0, 0x6b, 0xc5, 0x22, 0x8d, 0xb3, 0xfa, 0xbe, 0x82, 0xea, 0x41, 0x42, 0xc4, 0xc0, 0xef, 0xe3, 0x84, 0x0f, 0x6f, 0x9a, 0x03, 0x63, 0xb3, 0x30, 0xe0, 0x31, 0x81, 0x2a, 0x16, 0xb3, 0x47, 0xd9, 0x5b, 0x38, 0x93, 0x07, 0xd0, 0x6e, 0x79, 0x52, 0x2c, 0xe5, 0x50, 0x84, 0x79, 0x10, 0xe7, 0xf6, 0x31, 0x7a, 0x3e, 0x48, 0xa2, 0x38, 0x21, 0x90, 0x7a, 0xf2, 0x5f, 0x48, 0xa4, 0x46, 0x93, 0x87, 0xdd, 0x5c, 0x83, 0x64, 0xea, 0xb5, 0x99, 0xa2, 0xe9, 0x01, 0x40, 0xfe, 0xf0, 0x48, 0x66, 0x4f, 0x96, 0xf7, 0x83, 0x52, 0xf8, 0x6d, 0xf8, 0x5f, 0xed, 0x0c, 0xbb, 0xbe, 0xd0, 0x69, 0x10, 0x4b, 0x99, 0x8f, 0xf8, 0x61, 0x53, 0x9d, 0x12, 0xca, 0x86, 0xaa, 0xb1, 0x80, 0xb4, 0xa6, 0xc1, 0xcb, 0xb7, 0x48, 0xf7, 0x9f, 0x55, 0xb4, 0x6e, 0xab, 0xd3, 0xa1, 0xaa, 0x4b, 0xa7, 0x21, 0x6e, 0x16, 0x7f, 0xad, 0xbb, 0xea, 0x0f, 0x41, 0x80, 0x9b, 0x7f, 0xd6, 0x46, 0xa2, 0xc0, 0x61, 0x72, 0x59, 0x59, 0xa0, 0x07 }; OcspEntry entry[1]; CertStatus status[1]; OcspRequest* request; byte serial[] = {0x05}; byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04}; byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e}; printf(testingFmt, "wolfSSL_CertManagerCheckOCSPResponse()"); XMEMSET(entry, 0, sizeof(OcspEntry)); XMEMSET(status, 0, sizeof(CertStatus)); AssertNotNull(request = wolfSSL_OCSP_REQUEST_new()); request->serial = (byte*)XMALLOC(sizeof(serial), NULL, DYNAMIC_TYPE_OCSP_REQUEST); AssertNotNull(request->serial); request->serialSz = sizeof(serial); XMEMCPY(request->serial, serial, sizeof(serial)); XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS); /* Response should be valid. */ AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response, sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); /* Flip a byte in the request serial number, response should be invalid * now. */ request->serial[0] ^= request->serial[0]; AssertIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response, sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); wolfSSL_OCSP_REQUEST_free(request); wolfSSL_CertManagerFree(cm); printf(resultFmt, passed); #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */ #endif /* HAVE_OCSP */ } static int test_wolfSSL_CertManagerLoadCABuffer(void) { int ret = 0; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; ret = test_cm_load_ca_file(ca_cert); #ifdef NO_RSA AssertIntEQ(ret, ASN_UNKNOWN_OID_E); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif ret = test_cm_load_ca_file(ca_expired_cert); #ifdef NO_RSA AssertIntEQ(ret, ASN_UNKNOWN_OID_E); #else #if !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ !defined(OPENSSL_COMPATIBLE_DEFAULTS) AssertIntEQ(ret, ASN_AFTER_DATE_E); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif #endif #endif return ret; } static void test_wolfSSL_CertManagerGetCerts(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) WOLFSSL_CERT_MANAGER* cm = NULL; WOLFSSL_STACK* sk = NULL; X509* x509 = NULL; X509* cert1 = NULL; FILE* file1 = NULL; #ifdef DEBUG_WOLFSSL_VERBOSE WOLFSSL_BIO* bio = NULL; #endif int i = 0; printf(testingFmt, "wolfSSL_CertManagerGetCerts()"); AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb")); AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); fclose(file1); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertNull(sk = wolfSSL_CertManagerGetCerts(cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL)); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm)); for (i = 0; i < sk_X509_num(sk); i++) { x509 = sk_X509_value(sk, i); AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1)); #ifdef DEBUG_WOLFSSL_VERBOSE bio = BIO_new(wolfSSL_BIO_s_file()); if (bio != NULL) { BIO_set_fp(bio, stdout, BIO_NOCLOSE); X509_print(bio, x509); BIO_free(bio); } #endif /* DEBUG_WOLFSSL_VERBOSE */ } wolfSSL_X509_free(cert1); sk_X509_pop_free(sk, NULL); wolfSSL_CertManagerFree(cm); printf(resultFmt, passed); #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) */ } static int test_wolfSSL_CertManagerSetVerify(void) { int ret = 0; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) WOLFSSL_CERT_MANAGER* cm; int tmp = myVerifyAction; const char* ca_cert = "./certs/ca-cert.pem"; const char* expiredCert = "./certs/test/expired/expired-cert.pem"; cm = wolfSSL_CertManagerNew(); AssertNotNull(cm); wolfSSL_CertManagerSetVerify(cm, myVerify); ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL); AssertIntEQ(ret, WOLFSSL_SUCCESS); /* Use the test CB that always accepts certs */ myVerifyAction = VERIFY_OVERRIDE_ERROR; ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM); AssertIntEQ(ret, WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALWAYS_VERIFY_CB { const char* verifyCert = "./certs/server-cert.pem"; /* Use the test CB that always fails certs */ myVerifyAction = VERIFY_FORCE_FAIL; ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM); AssertIntEQ(ret, VERIFY_CERT_ERROR); } #endif wolfSSL_CertManagerFree(cm); myVerifyAction = tmp; #endif return ret; } #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_UNIT_TEST_CERTS) /* used when debugging name constraint tests */ static void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName) { BIO* out = BIO_new(BIO_s_file()); if (out != NULL) { FILE* f = fopen(fileName, "wb"); BIO_set_fp(out, f, BIO_CLOSE); PEM_write_bio_X509(out, x509); BIO_free(out); } } static void DEBUG_WRITE_CERT_DER(const byte* der, int derSz, const char* fileName) { BIO* out = BIO_new(BIO_s_file()); if (out != NULL) { FILE* f = fopen(fileName, "wb"); BIO_set_fp(out, f, BIO_CLOSE); BIO_write(out, der, derSz); BIO_free(out); } } #else #define DEBUG_WRITE_CERT_X509(x509, fileName) #define DEBUG_WRITE_CERT_DER(der, derSz, fileName) #endif static void test_wolfSSL_CertManagerNameConstraint(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-nc.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; int i = 0; static const byte extNameConsOid[] = {85, 29, 30}; RsaKey key; WC_RNG rng; byte *der; int derSz; word32 idx = 0; byte *pt; WOLFSSL_X509 *x509, *ca; wc_InitRng(&rng); /* load in CA private key for signing */ AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, devId), 0); AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, sizeof_server_key_der_2048), 0); /* get ca certificate then alter it */ AssertNotNull(der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); XMEMCPY(der, pt, derSz); /* find the name constraint extension and alter it */ pt = der; for (i = 0; i < derSz - 3; i++) { if (XMEMCMP(pt, extNameConsOid, 3) == 0) { pt += 3; break; } pt++; } AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */ /* go to the length value and set it to 0 */ while (i < derSz && *pt != 0x81) { pt++; i++; } AssertIntNE(i, derSz); /* did not place to alter */ pt++; *pt = 0x00; /* resign the altered certificate */ AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der, FOURK_BUF, &key, NULL, &rng)), 0); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); wolfSSL_CertManagerFree(cm); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_X509_free(x509); wc_FreeRsaKey(&key); wc_FreeRng(&rng); /* add email alt name to satisfy constraint */ pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_CERT_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* Good cert test with proper alt email name */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* Cert with bad alt name list */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); #endif } static void test_wolfSSL_CertManagerNameConstraint2(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) const char* ca_cert = "./certs/test/cert-ext-ndir.der"; const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der"; const char* server_cert = "./certs/server-cert.pem"; WOLFSSL_CERT_MANAGER* cm; WOLFSSL_X509 *x509, *ca; const unsigned char *der; const unsigned char *pt; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; int derSz; /* C=US*/ char altName[] = { 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53 }; /* C=ID */ char altNameFail[] = { 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44 }; /* C=US ST=California*/ char altNameExc[] = { 0x30, 0x22, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61 }; /* load in CA private key for signing */ pt = ca_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, sizeof_ca_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* add in matching DIR alt name and resign */ wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check verify fail */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); /* add in miss matching DIR alt name and resign */ wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* check that it still fails if one bad altname and one good altname is in * the certificate */ wolfSSL_X509_free(x509); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* check it fails with switching position of bad altname */ wolfSSL_X509_free(x509); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); /* now test with excluded name constraint */ AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc), ASN_DIR_TYPE); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); #endif } static void test_wolfSSL_CertManagerNameConstraint3(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-mnc.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; byte *der; int derSz; byte *pt; WOLFSSL_X509 *x509, *ca; pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_CERT_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying .wolfssl.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check satisfying .random.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check fail case when neither constraint is matched */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); #endif } static void test_wolfSSL_CertManagerNameConstraint4(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-ncdns.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; byte *der; int derSz; byte *pt; WOLFSSL_X509 *x509, *ca; pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_CERT_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying wolfssl.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check satisfying example.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"example.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check satisfying wolfssl.com constraint passes with list of DNS's */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check fail when one DNS in the list is bad */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* check fail case when neither constraint is matched */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"common", 6, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); #endif } static void test_wolfSSL_CertManagerNameConstraint5(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-ncmixed.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; byte *der; int derSz; byte *pt; WOLFSSL_X509 *x509, *ca; pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_CERT_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying wolfssl.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"example", 7, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* fail with DNS check because of common name */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* fail on permitted DNS name constraint */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* fail on permitted email name constraint */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* success with empty email name */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); #endif } static void test_wolfSSL_CertManagerCRL(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ !defined(NO_RSA) const char* ca_cert = "./certs/ca-cert.pem"; const char* crl1 = "./certs/crl/crl.pem"; const char* crl2 = "./certs/crl/crl2.pem"; WOLFSSL_CERT_MANAGER* cm = NULL; AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); wolfSSL_CertManagerFreeCRL(cm); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); wolfSSL_CertManagerFree(cm); #endif } static void test_wolfSSL_CTX_load_verify_locations_ex(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx; const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); /* test good CA */ AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL, WOLFSSL_LOAD_FLAG_NONE)); /* test expired CA */ #ifndef OPENSSL_COMPATIBLE_DEFAULTS AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_load_verify_buffer_ex(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ defined(USE_CERT_BUFFERS_2048) WOLFSSL_CTX* ctx; const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der"; byte ca_expired_cert[TWOK_BUF]; word32 sizeof_ca_expired_cert; XFILE fp; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #endif AssertNotNull(ctx); /* test good CA */ AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE)); /* load expired CA */ XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert)); fp = XFOPEN(ca_expired_cert_file, "rb"); AssertTrue(fp != XBADFILE); sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1, sizeof(ca_expired_cert), fp); XFCLOSE(fp); /* test expired CA failure */ #ifndef OPENSSL_COMPATIBLE_DEFAULTS AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #endif /* test expired CA success */ AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) WOLFSSL_CTX* ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format(ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_add1_chain_cert(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \ defined(KEEP_OUR_CERT) WOLFSSL_CTX* ctx; WOLFSSL* ssl; const char *certChain[] = { "./certs/intermediate/client-int-cert.pem", "./certs/intermediate/ca-int2-cert.pem", "./certs/intermediate/ca-int-cert.pem", "./certs/ca-cert.pem", NULL }; const char** cert; WOLFSSL_X509* x509; WOLF_STACK_OF(X509)* chain = NULL; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ssl = wolfSSL_new(ctx)); for (cert = certChain; *cert != NULL; cert++) { x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); X509_free(x509); } for (cert = certChain; *cert != NULL; cert++) { x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ(SSL_add1_chain_cert(ssl, x509), 1); X509_free(x509); } AssertIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1); AssertIntEQ(sk_X509_num(chain), 3); AssertIntEQ(SSL_get0_chain_certs(ssl, &chain), 1); AssertIntEQ(sk_X509_num(chain), 3); SSL_free(ssl); SSL_CTX_free(ctx); #endif } static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) { int ret = 0; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) const char* server_chain_der = "./certs/server-cert-chain.der"; WOLFSSL_CTX* ctx; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif return ret; } static void test_wolfSSL_CTX_SetTmpDH_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) WOLFSSL_CTX *ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* invalid context */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParamFile, WOLFSSL_FILETYPE_PEM)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, NULL, WOLFSSL_FILETYPE_PEM)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_SetTmpDH_buffer(void) { #if !defined(NO_CERTS) && !defined(NO_DH) WOLFSSL_CTX *ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* invalid context */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) { #if !defined(NO_CERTS) && !defined(NO_DH) WOLFSSL_CTX *ctx; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_der_load_verify_locations(void) { #ifdef WOLFSSL_DER_LOAD WOLFSSL_CTX* ctx = NULL; const char* derCert = "./certs/server-cert.der"; const char* nullPath = NULL; const char* invalidPath = "./certs/this-cert-does-not-exist.der"; const char* emptyPath = ""; /* der load Case 1 ctx NULL */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* Case 2 filePath NULL */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); /* Case 3 invalid format */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); /* Case 4 filePath not valid */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); /* Case 5 filePath empty */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); #ifndef NO_RSA /* Case 6 success case */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_enable_disable(void) { #ifndef NO_CERTS WOLFSSL_CTX* ctx = NULL; #ifdef HAVE_CRL AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG); #endif #ifdef HAVE_OCSP AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG); #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT #ifdef HAVE_EXTENDED_MASTER AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG); #endif ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #ifdef HAVE_EXTENDED_MASTER AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS); #endif #elif !defined(NO_WOLFSSL_SERVER) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else return; #endif #ifdef HAVE_CRL AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS); #endif #ifdef HAVE_OCSP AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL), WOLFSSL_SUCCESS); #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); #endif wolfSSL_CTX_free(ctx); #endif /* NO_CERTS */ } static void test_wolfSSL_CTX_ticket_API(void) { #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx = NULL; void *userCtx = (void*)"this is my ctx"; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx)); AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx)); wolfSSL_CTX_free(ctx); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx)); AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL)); #endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */ } static void test_wolfSSL_set_minmax_proto_version(void) { #ifdef OPENSSL_EXTRA WOLFSSL_CTX *ctx; WOLFSSL *ssl; int ret; (void)ret; (void)ssl; printf(testingFmt, "test_wolfSSL_set_minmax_proto_version"); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif printf(resultFmt, passed); #endif } /*----------------------------------------------------------------------------* | SSL *----------------------------------------------------------------------------*/ static void test_server_wolfSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); #if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && !defined(OPENSSL_EXTRA) AssertNull(ssl = wolfSSL_new(ctx_nocert)); #endif /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); #endif } static void test_client_wolfSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx_nocert)); wolfSSL_free(ssl); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); #endif } static void test_wolfSSL_SetTmpDH_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL *ssl; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #ifndef NO_RSA AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ECC) AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ED25519) AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ED448) AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, WOLFSSL_FILETYPE_PEM)); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); /* invalid ssl */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL, dhParamFile, WOLFSSL_FILETYPE_PEM)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, NULL, WOLFSSL_FILETYPE_PEM)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, bogusFile, WOLFSSL_FILETYPE_PEM)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_SetTmpDH_buffer(void) { #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL *ssl; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(ssl = wolfSSL_new(ctx)); /* invalid ssl */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_SetMinMaxDhKey_Sz(void) { #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx, *ctx2; WOLFSSL *ssl, *ssl2; ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx2); AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); ssl2 = wolfSSL_new(ctx2); AssertNotNull(ssl2); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_free(ssl2); wolfSSL_CTX_free(ctx2); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } /* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version * allowed. * POST: return 1 on success. */ static int test_wolfSSL_SetMinVersion(void) { int failFlag = WOLFSSL_SUCCESS; #ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* ctx; WOLFSSL* ssl; int itr; #ifndef NO_OLD_TLS const int versions[] = { #ifdef WOLFSSL_ALLOW_TLSV10 WOLFSSL_TLSV1, #endif WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2}; #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; #else const int versions[] = { WOLFSSL_TLSV1_3 }; #endif ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_SetMinVersion()"); for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){ if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS){ failFlag = WOLFSSL_FAILURE; } } printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif return failFlag; } /* END test_wolfSSL_SetMinVersion */ /*----------------------------------------------------------------------------* | EC *----------------------------------------------------------------------------*/ /* Test function for EC_POINT_new, EC_POINT_mul, EC_POINT_free, EC_GROUP_new_by_curve_name, EC_GROUP_order_bits */ # if defined(OPENSSL_EXTRA) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) static void test_wolfSSL_EC(void) { #if defined(HAVE_ECC) BN_CTX *ctx; EC_GROUP *group; EC_GROUP *group2; EC_POINT *Gxy, *new_point, *set_point; BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL; BIGNUM *X, *Y; BIGNUM *set_point_bn; char* hexStr; int group_bits; const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0"; /* NISTP256R1 Gx/Gy */ const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"; #ifndef HAVE_SELFTEST EC_POINT *tmp; size_t bin_len; unsigned char* buf = NULL; const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"; const unsigned char binUncompG[] = { 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, }; #ifdef HAVE_COMP_KEY const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; const unsigned char binCompG[] = { 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, }; #endif #endif AssertNotNull(ctx = BN_CTX_new()); AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(group2 = EC_GROUP_dup(group)); AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256); AssertNotNull(Gxy = EC_POINT_new(group)); AssertNotNull(new_point = EC_POINT_new(group)); AssertNotNull(set_point = EC_POINT_new(group)); AssertNotNull(X = BN_new()); AssertNotNull(Y = BN_new()); AssertNotNull(set_point_bn = BN_new()); /* load test values */ AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS); AssertIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS); AssertIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS); AssertIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS); /* populate coordinates for input point */ Gxy->X = Gx; Gxy->Y = Gy; Gxy->Z = Gz; #ifndef HAVE_SELFTEST /* perform point multiplication */ AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), WOLFSSL_SUCCESS); AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), WOLFSSL_SUCCESS); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), WOLFSSL_SUCCESS); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), WOLFSSL_SUCCESS); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); #else AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), WOLFSSL_SUCCESS); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); #endif /* check if point X coordinate is zero */ AssertIntEQ(BN_is_zero(new_point->X), 0); #ifdef USE_ECC_B_PARAM AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1); #endif /* USE_ECC_B_PARAM */ /* Force non-affine coordinates */ AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one()), 1); new_point->inSet = 0; /* extract the coordinates from point */ AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS); /* check if point X coordinate is zero */ AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE); /* set the same X and Y points in another object */ AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS); /* compare points as they should be the same */ AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0); /* Test copying */ AssertIntEQ(EC_POINT_copy(new_point, set_point), 1); /* Test inverting */ AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1); AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED, set_point_bn, ctx), set_point_bn); /* check bn2hex */ hexStr = BN_bn2hex(k); AssertStrEQ(hexStr, kTest); #ifndef NO_FILESYSTEM BN_print_fp(stdout, k); printf("\n"); #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); hexStr = BN_bn2hex(Gx); AssertStrEQ(hexStr, kGx); #ifndef NO_FILESYSTEM BN_print_fp(stdout, Gx); printf("\n"); #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); hexStr = BN_bn2hex(Gy); AssertStrEQ(hexStr, kGy); #ifndef NO_FILESYSTEM BN_print_fp(stdout, Gy); printf("\n"); #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); #ifndef HAVE_SELFTEST hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx); AssertStrEQ(hexStr, uncompG); XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); #ifdef HAVE_COMP_KEY hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx); AssertStrEQ(hexStr, compG); XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); #endif bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx); AssertIntEQ(bin_len, sizeof(binUncompG)); AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC)); AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf, bin_len, ctx), bin_len); AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0); XFREE(buf, NULL, DYNAMIC_TYPE_ECC); #ifdef HAVE_COMP_KEY bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx); AssertIntEQ(bin_len, sizeof(binCompG)); AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC)); AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf, bin_len, ctx), bin_len); AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0); XFREE(buf, NULL, DYNAMIC_TYPE_ECC); #endif AssertNotNull(tmp = EC_POINT_new(group)); AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1); AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); EC_POINT_free(tmp); #ifdef HAVE_COMP_KEY AssertNotNull(tmp = EC_POINT_new(group)); AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1); AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); EC_POINT_free(tmp); #endif #endif /* test BN_mod_add */ AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1); AssertIntEQ(BN_is_zero(new_point->Z), 1); /* cleanup */ BN_free(X); BN_free(Y); BN_free(k); BN_free(set_point_bn); EC_POINT_free(new_point); EC_POINT_free(set_point); EC_POINT_free(Gxy); EC_GROUP_free(group); EC_GROUP_free(group2); BN_CTX_free(ctx); #endif /* HAVE_ECC */ } #endif /* OPENSSL_EXTRA && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */ #ifndef NO_BIO static void test_wolfSSL_PEM_read_bio_ECPKParameters(void) { #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) EC_GROUP *group; BIO* bio; AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS); AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1); EC_GROUP_free(group); BIO_free(bio); #endif /* HAVE_ECC */ } #endif /* !NO_BIO */ # if defined(OPENSSL_EXTRA) static void test_wolfSSL_ECDSA_SIG(void) { #ifdef HAVE_ECC WOLFSSL_ECDSA_SIG* sig = NULL; WOLFSSL_ECDSA_SIG* sig2 = NULL; const unsigned char* cp; unsigned char* p; unsigned char outSig[8]; unsigned char sigData[8] = { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 }; sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData)); AssertNull(sig); cp = sigData; AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData)))); AssertIntEQ((cp == sigData + 8), 1); cp = sigData; AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData))); AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData)))); AssertIntEQ((sig == sig2), 1); cp = outSig; p = outSig; AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0); AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0); AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8); AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData)); AssertIntEQ((p == outSig + 8), 1); AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0); wolfSSL_ECDSA_SIG_free(sig); #endif /* HAVE_ECC */ } static void test_EC_i2d(void) { #if defined(HAVE_ECC) && !defined(HAVE_FIPS) EC_KEY *key; EC_KEY *copy; int len; unsigned char *buf = NULL; const unsigned char *tmp = NULL; AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertIntEQ(EC_KEY_generate_key(key), 1); AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0); AssertIntEQ(i2d_EC_PUBKEY(key, &buf), len); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); buf = NULL; AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0); AssertIntEQ(i2d_ECPrivateKey(key, &buf), len); tmp = buf; AssertNotNull(d2i_ECPrivateKey(©, &tmp, len)); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); buf = NULL; AssertIntGT((len = i2o_ECPublicKey(key, &buf)), 0); tmp = buf; AssertNotNull(o2i_ECPublicKey(©, &tmp, len)); AssertIntEQ(EC_KEY_check_key(key), 1); XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); EC_KEY_free(key); EC_KEY_free(copy); #endif /* HAVE_ECC */ } static void test_ECDSA_size_sign(void) { #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) EC_KEY *key; int id; byte hash[WC_MAX_DIGEST_SIZE]; byte sig[ECC_MAX_SIG_SIZE]; unsigned int sigSz = sizeof(sig); XMEMSET(hash, 123, sizeof(hash)); id = wc_ecc_get_curve_id_from_name("SECP256R1"); AssertIntEQ(id, ECC_SECP256R1); AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertIntEQ(EC_KEY_generate_key(key), 1); AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1); AssertIntGE(ECDSA_size(key), sigSz); AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1); EC_KEY_free(key); #endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */ } static void test_ED25519(void) { #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ defined(WOLFSSL_KEY_GEN) byte priv[ED25519_PRV_KEY_SIZE]; unsigned int privSz = (unsigned int)sizeof(priv); byte pub[ED25519_PUB_KEY_SIZE]; unsigned int pubSz = (unsigned int)sizeof(pub); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) const char* msg = TEST_STRING; unsigned int msglen = (unsigned int)TEST_STRING_SZ; byte sig[ED25519_SIG_SIZE]; unsigned int sigSz = (unsigned int)sizeof(sig); #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), WOLFSSL_SUCCESS); AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE); AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, &sigSz), WOLFSSL_SUCCESS); AssertIntEQ(sigSz, ED25519_SIG_SIZE); #ifdef HAVE_ED25519_VERIFY AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, sigSz), WOLFSSL_SUCCESS); #endif /* HAVE_ED25519_VERIFY */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */ } static void test_ED448(void) { #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ defined(WOLFSSL_KEY_GEN) byte priv[ED448_PRV_KEY_SIZE]; unsigned int privSz = (unsigned int)sizeof(priv); byte pub[ED448_PUB_KEY_SIZE]; unsigned int pubSz = (unsigned int)sizeof(pub); #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) const char* msg = TEST_STRING; unsigned int msglen = (unsigned int)TEST_STRING_SZ; byte sig[ED448_SIG_SIZE]; unsigned int sigSz = (unsigned int)sizeof(sig); #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), WOLFSSL_SUCCESS); AssertIntEQ(privSz, ED448_PRV_KEY_SIZE); AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE); #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, &sigSz), WOLFSSL_SUCCESS); AssertIntEQ(sigSz, ED448_SIG_SIZE); #ifdef HAVE_ED448_VERIFY AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, sigSz), WOLFSSL_SUCCESS); #endif /* HAVE_ED448_VERIFY */ #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */ } #endif /* OPENSSL_EXTRA */ #include /*----------------------------------------------------------------------------* | EVP *----------------------------------------------------------------------------*/ static void test_wolfSSL_EVP_PKEY_print_public(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) WOLFSSL_BIO* rbio = NULL; WOLFSSL_BIO* wbio = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; char line[256] = { 0 }; char line1[256] = { 0 }; int i; printf(testingFmt, "EVP_PKEY_print_public()"); /* test error cases */ AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); /* * test RSA public key print * in this test, pass '3' for indent */ #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) rbio = BIO_new_mem_buf( client_keypub_der_1024, sizeof_client_keypub_der_1024); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " RSA Public-Key: (1024 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " Modulus:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of modulus element*/ for( i = 0; i < 8 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " Exponent: 65537 (0x010001)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ /* * test DSA public key print */ #if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) rbio = BIO_new_mem_buf( dsa_pub_key_der_2048, sizeof_dsa_pub_key_der_2048); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "DSA Public-Key: (2048 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "pub:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of pub element*/ for( i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "P:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of P element*/ for( i = 0; i < 18 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "Q:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of Q element*/ for( i = 0; i < 3 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "G:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of G element*/ for( i = 0; i < 18 ;i++) { BIO_gets(wbio, line, sizeof(line)); } /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ /* * test ECC public key print */ #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) rbio = BIO_new_mem_buf( ecc_clikeypub_der_256, sizeof_ecc_clikeypub_der_256); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "Public-Key: (256 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "pub:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of pub element*/ for( i = 0; i < 4 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "ASN1 OID: prime256v1\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "NIST CURVE: P-256\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ /* * test DH public key print */ #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) rbio = BIO_new_mem_buf( dh_pub_key_der_2048, sizeof_dh_pub_key_der_2048); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "DH Public-Key: (2048 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "public-key:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of public-key element*/ for( i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "prime:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of prime element*/ for( i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "generator: 2 (0x02)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ /* to prevent "unused variable" warning */ (void)pkey; (void)wbio; (void)rbio; (void)line; (void)line1; (void)i; printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } /* Test functions for base64 encode/decode */ static void test_wolfSSL_EVP_ENCODE_CTX_new(void) { #if defined(OPENSSL_EXTRA) && \ ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) printf(testingFmt, "EVP_ENCODE_CTX_new()"); EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); EVP_ENCODE_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/ } static void test_wolfSSL_EVP_ENCODE_CTX_free(void) { #if defined(OPENSSL_EXTRA) && \ ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) printf(testingFmt, "EVP_ENCODE_CTX_free()"); EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); EVP_ENCODE_CTX_free(ctx); printf(resultFmt, passed); #endif /*OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/ } static void test_wolfSSL_EVP_EncodeInit(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) printf(testingFmt, "EVP_EncodeInit()"); EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); /* make ctx dirty */ ctx->remaining = 10; XMEMSET( ctx->data, 0x77, sizeof(ctx->data)); EVP_EncodeInit(ctx); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); EVP_ENCODE_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ } static void test_wolfSSL_EVP_EncodeUpdate(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) printf(testingFmt, "EVP_EncodeUpdate()"); int outl; int total; const unsigned char plain0[] = {"Th"}; const unsigned char plain1[] = {"This is a base64 encodeing test."}; const unsigned char plain2[] = {"This is additional data."}; const unsigned char enc0[] = {"VGg=\n"}; /* expected encoded result for the first output 64 chars plus trailing LF*/ const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"}; const unsigned char enc2[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"}; unsigned char encOutBuff[300]; EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); EVP_EncodeInit(ctx); /* illegal parameter test */ AssertIntEQ( EVP_EncodeUpdate( NULL, /* pass NULL as ctx */ encOutBuff, &outl, plain1, sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); AssertIntEQ( EVP_EncodeUpdate( ctx, NULL, /* pass NULL as out buff */ &outl, plain1, sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, NULL, /* pass NULL as outl */ plain1, sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, &outl, NULL, /* pass NULL as in */ sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); /* meaningless parameter test */ AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, &outl, plain1, 0), /* pass zero input */ 1 /* expected result code 1: success */ ); /* very small data encoding test */ EVP_EncodeInit(ctx); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, &outl, plain0, sizeof(plain0)-1), 1 /* expected result code 1: success */ ); AssertIntEQ(outl,0); EVP_EncodeFinal( ctx, encOutBuff + outl, &outl); AssertIntEQ( outl, sizeof(enc0)-1); AssertIntEQ( XSTRNCMP( (const char*)encOutBuff, (const char*)enc0,sizeof(enc0) ), 0); /* pass small size( < 48bytes ) input, then make sure they are not * encoded and just stored in ctx */ EVP_EncodeInit(ctx); total = 0; outl = 0; XMEMSET( encOutBuff,0, sizeof(encOutBuff)); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, /* buffer for output */ &outl, /* size of output */ plain1, /* input */ sizeof(plain1)-1), /* size of input */ 1); /* expected result code 1:success */ total += outl; AssertIntEQ(outl, 0); /* no output expected */ AssertIntEQ(ctx->remaining, sizeof(plain1) -1); AssertTrue( XSTRNCMP((const char*)(ctx->data), (const char*)plain1, ctx->remaining) ==0 ); AssertTrue(encOutBuff[0] == 0); /* call wolfSSL_EVP_EncodeUpdate again to make it encode * the stored data and the new input together */ AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff + outl, /* buffer for output */ &outl, /* size of output */ plain2, /* additional input */ sizeof(plain2) -1), /* size of additional input */ 1); /* expected result code 1:success */ total += outl; AssertIntNE(outl, 0); /* some output is expected this time*/ AssertIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */ AssertIntEQ( XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0); /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */ EVP_EncodeFinal( ctx, encOutBuff + outl, &outl); total += outl; AssertIntNE(total,0); AssertIntNE(outl,0); AssertIntEQ(XSTRNCMP( (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0); /* test with illeagal parameters */ outl = 1; EVP_EncodeFinal(NULL, encOutBuff + outl, &outl); AssertIntEQ(outl, 0); outl = 1; EVP_EncodeFinal(ctx, NULL, &outl); AssertIntEQ(outl, 0); EVP_EncodeFinal(ctx, encOutBuff + outl, NULL); EVP_EncodeFinal(NULL, NULL, NULL); EVP_ENCODE_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ } static void test_wolfSSL_EVP_EncodeFinal(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) printf(testingFmt, "wolfSSL_EVP_EncodeFinal()"); /* tests for wolfSSL_EVP_EncodeFinal are included in * test_wolfSSL_EVP_EncodeUpdate */ printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ } static void test_wolfSSL_EVP_DecodeInit(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) printf(testingFmt, "EVP_DecodeInit()"); EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); /* make ctx dirty */ ctx->remaining = 10; XMEMSET( ctx->data, 0x77, sizeof(ctx->data)); EVP_DecodeInit(ctx); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); EVP_ENCODE_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL && WOLFSSL_BASE_DECODE */ } static void test_wolfSSL_EVP_DecodeUpdate(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) printf(testingFmt, "EVP_DecodeUpdate()"); int outl; unsigned char decOutBuff[300]; EVP_ENCODE_CTX* ctx = EVP_ENCODE_CTX_new(); EVP_DecodeInit(ctx); const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; /* const unsigned char plain1[] = {"This is a base64 decoding test."} */ /* illegal parameter tests */ /* pass NULL as ctx */ AssertIntEQ( EVP_DecodeUpdate( NULL, /* pass NULL as ctx */ decOutBuff, &outl, enc1, sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); AssertIntEQ( outl, 0); /* pass NULL as output */ AssertIntEQ( EVP_DecodeUpdate( ctx, NULL, /* pass NULL as out buff */ &outl, enc1, sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); AssertIntEQ( outl, 0); /* pass NULL as outl */ AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, NULL, /* pass NULL as outl */ enc1, sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); /* pass NULL as input */ AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, NULL, /* pass NULL as in */ sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); AssertIntEQ( outl, 0); /* pass zero length input */ AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc1, 0), /* pass zero as input len */ 1 /* expected result code 1: success */ ); /* decode correct base64 string */ const unsigned char enc2[] = {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; const unsigned char plain2[] = {"This is a base64 decoding test."}; EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc2, sizeof(enc2)-1), 0 /* expected result code 0: success */ ); AssertIntEQ(outl,sizeof(plain2) -1); AssertIntEQ( EVP_DecodeFinal( ctx, decOutBuff + outl, &outl), 1 /* expected result code 1: success */ ); AssertIntEQ(outl, 0); /* expected DecodeFinal outout no data */ AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, sizeof(plain2) -1 ),0); /* decode correct base64 string which does not have '\n' in its last*/ const unsigned char enc3[] = {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */ const unsigned char plain3[] = {"This is a base64 decoding test."}; /* 31 chars */ EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc3, sizeof(enc3)-1), 0 /* expected result code 0: success */ ); AssertIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */ AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, sizeof(plain3) -1 ),0); AssertIntEQ( EVP_DecodeFinal( ctx, decOutBuff + outl, &outl), 1 /* expected result code 1: success */ ); AssertIntEQ(outl,0 ); /* decode string which has a padding char ('=') in the illegal position*/ const unsigned char enc4[] = {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"}; EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc4, sizeof(enc4)-1), -1 /* expected result code -1: error */ ); AssertIntEQ(outl,0); /* small data decode test */ const unsigned char enc00[] = {"VG"}; const unsigned char enc01[] = {"g=\n"}; const unsigned char plain4[] = {"Th"}; EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc00, sizeof(enc00)-1), 1 /* expected result code 1: success */ ); AssertIntEQ(outl,0); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff + outl, &outl, enc01, sizeof(enc01)-1), 0 /* expected result code 0: success */ ); AssertIntEQ(outl,sizeof(plain4)-1); /* test with illegal parameters */ AssertIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1); AssertIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1); AssertIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1); AssertIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1); EVP_DecodeFinal( ctx, decOutBuff + outl, &outl); AssertIntEQ( outl, 0); AssertIntEQ( XSTRNCMP( (const char*)decOutBuff, (const char*)plain4,sizeof(plain4)-1 ), 0); EVP_ENCODE_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL && WOLFSSL_BASE_DECODE */ } static void test_wolfSSL_EVP_DecodeFinal(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) printf(testingFmt, "EVP_DecodeFinal()"); /* tests for wolfSSL_EVP_DecodeFinal are included in * test_wolfSSL_EVP_DecodeUpdate */ printf(resultFmt, passed); #endif /* OPENSSL && WOLFSSL_BASE_DECODE */ } /* Test function for wolfSSL_EVP_get_cipherbynid. */ #ifdef OPENSSL_EXTRA static void test_wolfSSL_EVP_get_cipherbynid(void) { #ifndef NO_AES const WOLFSSL_EVP_CIPHER* c; c = wolfSSL_EVP_get_cipherbynid(419); #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ defined(WOLFSSL_AES_128) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_128_CBC", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(423); #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ defined(WOLFSSL_AES_192) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_192_CBC", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(427); #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ defined(WOLFSSL_AES_256) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_256_CBC", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(904); #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_128_CTR", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(905); #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_192_CTR", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(906); #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_256_CTR", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(418); #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_128_ECB", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(422); #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_192_ECB", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(426); #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_256_ECB", c)); #else AssertNull(c); #endif #endif /* !NO_AES */ #ifndef NO_DES3 AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31))); #ifdef WOLFSSL_DES_ECB AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29))); #endif AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44))); #ifdef WOLFSSL_DES_ECB AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33))); #endif #endif /* !NO_DES3 */ #ifdef HAVE_IDEA AssertNotNull(strcmp("EVP_IDEA_CBC", wolfSSL_EVP_get_cipherbynid(34))); #endif /* test for nid is out of range */ AssertNull(wolfSSL_EVP_get_cipherbynid(1)); } static void test_wolfSSL_EVP_CIPHER_CTX(void) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_aes_128_cbc(); const EVP_CIPHER *test; byte key[AES_BLOCK_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; AssertNotNull(ctx); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); test = EVP_CIPHER_CTX_cipher(ctx); AssertTrue(init == test); AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc); AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE); EVP_CIPHER_CTX_free(ctx); /* test EVP_CIPHER_CTX_cleanup with NULL */ AssertIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS); #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */ } #endif /* OPENSSL_EXTRA */ /*----------------------------------------------------------------------------* | IO *----------------------------------------------------------------------------*/ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) #define HAVE_IO_TESTS_DEPENDENCIES #endif /* helper functions */ #ifdef HAVE_IO_TESTS_DEPENDENCIES #ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_DTLS /* set up function for sending session information */ static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx) { WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; AssertNotNull(inSsl); AssertNotNull(buf); AssertIntNE(0, sz); /* Set ctx to DTLS 1.2 */ ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); AssertNotNull(ctx); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); (void)userCtx; return WOLFSSL_SUCCESS; } #endif /* returns negative value on fail and positive (including 0) on success */ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) { int ret, err, loop_count, count, timeout = 10; char msg[] = "I hear you fa shizzle!"; char input[1024]; loop_count = ((func_args*)args)->argc; err = 0; /* Reset error */ do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, 0); if (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) { int select_ret; err = WC_PENDING_E; select_ret = tcp_select(*sockfd, timeout); if (select_ret == TEST_TIMEOUT) { return WOLFSSL_FATAL_ERROR; } } } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); return ret; } for (count = 0; count < loop_count; count++) { int select_ret; select_ret = tcp_select(*sockfd, timeout); if (select_ret == TEST_TIMEOUT) { ret = WOLFSSL_FATAL_ERROR; break; } do { ret = wolfSSL_read(ssl, input, sizeof(input)-1); if (ret > 0) { input[ret] = '\0'; printf("Client message: %s\n", input); } } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS); do { if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) { return WOLFSSL_FATAL_ERROR; } err = wolfSSL_get_error(ssl, ret); } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS); } return ret; } #endif /* WOLFSSL_SESSION_EXPORT */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ #if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ defined(HAVE_AES_CBC) typedef struct openssl_key_ctx { byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */ byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */ byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */ } openssl_key_ctx; static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx; static THREAD_LS_T WC_RNG myOpenSSLKey_rng; static WC_INLINE int OpenSSLTicketInit(void) { int ret = wc_InitRng(&myOpenSSLKey_rng); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key, sizeof(myOpenSSLKey_ctx.key)); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey, sizeof(myOpenSSLKey_ctx.hmacKey)); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)); if (ret != 0) return ret; return 0; } static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl, byte name[WOLFSSL_TICKET_NAME_SZ], byte iv[WOLFSSL_TICKET_IV_SZ], WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc) { (void)ssl; if (enc) { XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)); XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)); } else if (XMEMCMP(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)) != 0 || XMEMCMP(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)) != 0) { return 0; } HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL); if (enc) EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); else EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); return 1; } static WC_INLINE void OpenSSLTicketCleanup(void) { wc_FreeRng(&myOpenSSLKey_rng); } #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) #ifdef WC_SHA512_DIGEST_SIZE #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE #else #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE #endif byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */ byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */ byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */ byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */ #endif static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; int ret, err = 0; int sharedCtx = 0; #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) size_t msg_len = 0; #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = 1; } else #endif { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_server_method(); } ctx = wolfSSL_CTX_new(method); } if (ctx == NULL) { goto done; } #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketInit(); wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketInit(); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif #endif #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif /* do it here to detect failure */ tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sockfd); wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0) != WOLFSSL_SUCCESS) { /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } #ifdef WOLFSSL_SESSION_EXPORT /* only add in more complex nonblocking case with session export tests */ if (args && ((func_args*)args)->argc > 0) { /* set as nonblock and time out for waiting on read/write */ tcp_set_nonblocking(&clientfd); wolfSSL_dtls_set_using_nonblock(ssl, 1); } #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_SESSION_EXPORT /* only add in more complex nonblocking case with session export tests */ if (((func_args*)args)->argc > 0) { ret = nonblocking_accept_read(args, ssl, &clientfd); if (ret >= 0) { ((func_args*)args)->return_code = TEST_SUCCESS; } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif goto done; } #endif #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ goto done; } #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) XMEMSET(server_side_msg2, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE); AssertIntGE(msg_len, 0); XMEMSET(server_side_msg1, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE); AssertIntGE(msg_len, 0); #endif idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = '\0'; printf("Client message: %s\n", input); } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } if (cbf != NULL && cbf->on_result != NULL) cbf->on_result(ssl); #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_shutdown(ssl); wolfSSL_free(ssl); if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(clientfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketCleanup(); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketCleanup(); #endif #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; int ret, err = 0; int sharedCtx = 0; int loop_count = ((func_args*)args)->argc; int count = 0; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = 1; } else #endif { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_server_method(); } ctx = wolfSSL_CTX_new(method); } #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0) != WOLFSSL_SUCCESS) { /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } while(count != loop_count) { ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } /* do it here to detect failure */ tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sockfd); if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ goto done; } idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = '\0'; printf("Client message: %s\n", input); } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } /* free ssl for this connection */ wolfSSL_shutdown(ssl); wolfSSL_free(ssl); ssl = NULL; CloseSocket(clientfd); count++; } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; done: if(ssl != NULL) { wolfSSL_shutdown(ssl); wolfSSL_free(ssl); } if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(clientfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); static void test_client_nofail(void* args, cbType cb) { SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; WOLFSSL_CIPHER* cipher; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; int cipherSuite; int sharedCtx = 0; const char* cipherName1, *cipherName2; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = cbf->isSharedCtx; } else #endif { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); } #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ goto done; } /* test the various get cipher methods */ /* Internal cipher suite names */ cipherSuite = wolfSSL_get_current_cipher_suite(ssl); cipherName1 = wolfSSL_get_cipher_name(ssl); cipherName2 = wolfSSL_get_cipher_name_from_suite( (cipherSuite >> 8), cipherSuite & 0xFF); AssertStrEQ(cipherName1, cipherName2); /* IANA Cipher Suites Names */ /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS, then it's the internal cipher suite name */ cipher = wolfSSL_get_current_cipher(ssl); cipherName1 = wolfSSL_CIPHER_get_name(cipher); cipherName2 = wolfSSL_get_cipher(ssl); AssertStrEQ(cipherName1, cipherName2); #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ !defined(WOLFSSL_QT) cipherName1 = wolfSSL_get_cipher_name_iana_from_suite( (cipherSuite >> 8), cipherSuite & 0xFF); AssertStrEQ(cipherName1, cipherName2); #endif if (cb != NULL) (cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; printf("Server response: %s\n", reply); } ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_free(ssl); if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif return; } #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args) { SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; WOLFSSL_SESSION* session = NULL; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; int sharedCtx = 0; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = 1; } else #endif { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); } #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } /* keep handshakre resources for re-using WOLFSSL obj */ wolfSSL_KeepArrays(ssl); if(wolfSSL_KeepHandshakeResources(ssl)) { /* err_sys("SSL_KeepHandshakeResources failed"); */ goto done; } if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ goto done; } /* Build first session */ if (cb != NULL) ((cbType)cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; printf("Server response: %s\n", reply); } /* Session Resumption by re-using WOLFSSL object */ wolfSSL_set_quiet_shutdown(ssl, 1); if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) { /* err_sys ("SSL shutdown failed"); */ goto done; } session = wolfSSL_get_session(ssl); if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) { /* err_sys ("SSL_clear failed"); */ goto done; } wolfSSL_set_session(ssl, session); /* close socket once */ CloseSocket(sockfd); sockfd = 0; /* wait until server ready */ wait_tcp_ready((func_args*)server_args); printf("session resumption\n"); /* Do re-connect */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ goto done; } /* Build first session */ if (cb != NULL) ((cbType)cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; printf("Server response: %s\n", reply); } ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_free(ssl); if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif return; } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ static void test_client_verifyDepth(void* args) { #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; int verify_depth = ((func_args*)args)->argc; ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); } /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); /* set verify depth */ if (verify_depth == 0) { myVerifyAction = VERIFY_OVERRIDE_ERROR; SSL_CTX_set_verify_depth(ctx, verify_depth); } else if (verify_depth == -1) { myVerifyAction = VERIFY_USE_PREVERFIY; SSL_CTX_set_verify_depth(ctx, 0); } else if (verify_depth > 0) { myVerifyAction = VERIFY_USE_PREVERFIY; SSL_CTX_set_verify_depth(ctx, verify_depth); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); goto done; } if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; printf("Server response: %s\n", reply); } ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #else (void)args; #endif /* defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) */ } #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \ defined(HAVE_ALPN) && defined(HAVE_SNI) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO) #define HAVE_ALPN_PROTOS_SUPPORT #endif /* Generic TLS client / server with callbacks for API unit tests * Used by SNI / ALPN / crypto callback helper functions */ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ (defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \ defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY) #define ENABLE_TLS_CALLBACK_TEST #endif #if defined(ENABLE_TLS_CALLBACK_TEST) || \ (defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)) /* TLS server for API unit testing - generic */ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; int ret, err = 0; ((func_args*)args)->return_code = TEST_FAIL; #ifdef WOLFSSL_STATIC_MEMORY if (callbacks->method_ex != NULL && callbacks->mem != NULL && callbacks->memSz > 0) { ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex, callbacks->mem, callbacks->memSz, 0, 1); if (ret != WOLFSSL_SUCCESS) { printf("CTX static new failed %d\n", ret); return 0; } } #endif if (ctx == NULL) { ctx = wolfSSL_CTX_new(callbacks->method()); } if (ctx == NULL) { printf("CTX new failed\n"); return 0; } /* set defaults */ if (callbacks->caPemFile == NULL) callbacks->caPemFile = cliCertFile; if (callbacks->certPemFile == NULL) callbacks->certPemFile = svrCertFile; if (callbacks->keyPemFile == NULL) callbacks->keyPemFile = svrKeyFile; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif wolfSSL_CTX_SetDevId(ctx, callbacks->devId); #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS) AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export)); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); if (ssl == NULL) { printf("SSL new failed\n"); wolfSSL_CTX_free(ctx); return 0; } if (wolfSSL_dtls(ssl)) { SOCKADDR_IN_T cliAddr; socklen_t cliLen; cliLen = sizeof(cliAddr); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0); idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK, (struct sockaddr*)&cliAddr, &cliLen); AssertIntGT(idx, 0); wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen); } else { tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sfd); } AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); if (callbacks->loadToSSL) { wolfSSL_SetDevId(ssl, callbacks->devId); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); } #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ } else { if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); #if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \ defined(WOLFSSL_DTLS) if (wolfSSL_dtls(ssl)) { byte* import; word32 sz; wolfSSL_dtls_export(ssl, NULL, &sz); import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertNotNull(import); idx = wolfSSL_dtls_export(ssl, import, &sz); AssertIntGE(idx, 0); AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0); XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } /* TLS Client for API unit testing - generic */ static void run_wolfssl_client(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int ret, err = 0; ((func_args*)args)->return_code = TEST_FAIL; /* set defaults */ if (callbacks->caPemFile == NULL) callbacks->caPemFile = caCertFile; if (callbacks->certPemFile == NULL) callbacks->certPemFile = cliCertFile; if (callbacks->keyPemFile == NULL) callbacks->keyPemFile = cliKeyFile; #ifdef WOLFSSL_STATIC_MEMORY if (callbacks->method_ex != NULL && callbacks->mem != NULL && callbacks->memSz > 0) { ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex, callbacks->mem, callbacks->memSz, 0, 1); if (ret != WOLFSSL_SUCCESS) { printf("CTX static new failed %d\n", ret); return; } } #endif if (ctx == NULL) { ctx = wolfSSL_CTX_new(callbacks->method()); } if (ctx == NULL) { printf("CTX new failed\n"); return; } #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif if (!callbacks->loadToSSL) { wolfSSL_CTX_SetDevId(ctx, callbacks->devId); } #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0)); if (!callbacks->loadToSSL) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); } if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); if (wolfSSL_dtls(ssl)) { tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 1, 0, ssl); } else { tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl); } AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd)); if (callbacks->loadToSSL) { wolfSSL_SetDevId(ssl, callbacks->devId); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); } if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ } else { #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_write(ssl, msg, len); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(len, ret); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_read(ssl, input, sizeof(input)-1); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret > 0) { input[ret] = '\0'; /* null term */ printf("Server response: %s\n", input); } ((func_args*)args)->return_code = TEST_SUCCESS; } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif } #endif /* ENABLE_TLS_CALLBACK_TEST */ static void test_wolfSSL_read_write(void) { /* The unit testing for read and write shall happen simultaneously, since * one can't do anything with one without the other. (Except for a failure * test case.) This function will call all the others that will set up, * execute, and report their test findings. * * Set up the success case first. This function will become the template * for the other tests. This should eventually be renamed * * The success case isn't interesting, how can this fail? * - Do not give the client context a CA certificate. The connect should * fail. Do not need server for this? * - Using NULL for the ssl object on server. Do not need client for this. * - Using NULL for the ssl object on client. Do not need server for this. * - Good ssl objects for client and server. Client write() without server * read(). * - Good ssl objects for client and server. Server write() without client * read(). * - Forgetting the password callback? */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) static void test_wolfSSL_reuse_WOLFSSLobj(void) { /* The unit test for session resumption by re-using WOLFSSL object. * WOLFSSL object is not cleared after first session. It re-use the obeject * for second connection. */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; /* the var is used for loop number */ server_args.argc = 2; start_thread(test_server_loop, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ static void test_wolfSSL_CTX_verifyDepth_ServerClient(void) { #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) /* This unit test is to check set verify Depth */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions client_cbf; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); printf(testingFmt, "test_wolfSSL_CTX_verifyDepth_ServerClient()\n"); #ifdef WOLFSSL_TLS13 client_cbf.method = wolfTLSv1_3_client_method; #endif /* WOLFSSL_TLS13 */ client_args.callbacks = &client_cbf; StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; /* the var is used for loop number */ server_args.argc = 1; /* test case 1 verify depth is equal to peer chain */ { start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); /* the var is used for verify depth */ client_args.argc = 2; test_client_verifyDepth(&client_args); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); } /* test case 2 * verify depth is zero, number of peer's chain is 2. * verify result becomes MAX_CHAIN_ERROR, but it is overridden in * callback. */ /* the var is used for verify depth 0 and VERIFY_OVERRIDE_ERROR */ { start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); client_args.argc = 0; test_client_verifyDepth(&client_args); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); } /* test case 3 * verify depth is zero, number of peer's chain is 2 * verify result becomes MAX_CHAIN_ERRO. call-back returns failure. * therefore, handshake becomes failure. */ /* the var is used for verify depth 0 and VERIFY_USE_PREVERFIY */ { start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); client_args.argc = -1; test_client_verifyDepth(&client_args); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); } FreeTcpReady(&ready); printf(resultFmt, passed); #else (void)test_client_verifyDepth; #endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */ } static void test_client_get_finished(void* args, cbType cb) { (void) args; (void) cb; #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; WOLFSSL_METHOD* method = NULL; size_t msg_len = 0; ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { goto done; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { goto done; } /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); goto done; } /* get_finished test */ /* 1. get own sent message */ XMEMSET(client_side_msg1, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE); AssertIntGE(msg_len, 0); /* 2. get peer message */ XMEMSET(client_side_msg2, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE); AssertIntGE(msg_len, 0); if (cb != NULL) (cb)(ctx, ssl); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_write(ssl, msg, msgSz); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_read(ssl, reply, sizeof(reply)-1); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret > 0) { reply[ret] = '\0'; printf("Server response: %s\n", reply); } ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); return; #endif } static void test_wolfSSL_get_finished(void) { #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_get_finished(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); /* test received msg vs sent msg */ AssertIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE)); AssertIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE)); FreeTcpReady(&ready); #else (void)test_client_get_finished; #endif } #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) /* canned export of a session using older version 3 */ static unsigned char version_3[] = { 0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01, 0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30, 0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05, 0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00, 0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01, 0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00, 0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0xED, 0x4F }; #endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */ static void test_wolfSSL_dtls_export(void) { #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; callback_functions client_cbf; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif /* set using dtls */ XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfDTLSv1_2_server_method; client_cbf.method = wolfDTLSv1_2_client_method; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; server_args.signal = &ready; client_args.signal = &ready; start_thread(run_wolfssl_server, &server_args, &serverThread); wait_tcp_ready(&server_args); run_wolfssl_client(&client_args); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif { SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); byte *session, *window; unsigned int sessionSz, windowSz; struct sockaddr_in peerAddr; int i; /* Set ctx to DTLS 1.2 */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); AssertNotNull(ssl = wolfSSL_new(ctx)); /* test importing version 3 */ AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); /* test importing bad length and bad version */ version_3[2] += 1; AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); version_3[2] -= 1; version_3[1] = 0XA0; AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); /* check storing client state after connection and storing window only */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif /* set using dtls */ XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfDTLSv1_2_server_method; server_args.callbacks = &server_cbf; server_args.argc = 3; /* set loop_count to 3 */ server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); /* create and connect with client */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); /* store server information connected too */ XMEMSET(&peerAddr, 0, sizeof(peerAddr)); peerAddr.sin_family = AF_INET; peerAddr.sin_port = XHTONS(server_args.signal->port); wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0); session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0); window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); wolfSSL_free(ssl); for (i = 1; i < server_args.argc; i++) { /* restore state */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0); AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0); AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); wolfSSL_free(ssl); } XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_CTX_free(ctx); printf("done and waiting for server\n"); join_thread(serverThread); AssertIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif } printf(testingFmt, "wolfSSL_dtls_export()"); printf(resultFmt, passed); #endif } #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) #ifdef WOLFSSL_TLS13 static const byte canned_client_tls13_session[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00, 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18, 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31, 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4, 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B, 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7, 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01, 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2, 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48, 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C, 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73, 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E, 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77, 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 }; static const byte canned_server_tls13_session[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F, 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00, 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18, 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31, 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4, 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B, 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7, 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01, 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2, 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48, 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C, 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73, 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E, 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77, 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04 }; #endif /* WOLFSSL_TLS13 */ static const byte canned_client_session[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00, 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00, 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D, 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D, 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E, 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1, 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE, 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C, 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91, 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E, 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02, 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90, 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B, 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17, 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D, 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7, 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A, 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71, 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F, 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE, 0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF, 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54, 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 }; static const byte canned_server_session[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11, 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00, 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D, 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D, 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E, 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1, 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE, 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C, 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91, 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E, 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02, 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90, 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B, 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17, 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D, 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7, 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A, 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71, 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF, 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54, 0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F, 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE, 0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04 }; static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfTLSv1_2_server_method(); } ctx = wolfSSL_CTX_new(method); } if (ctx == NULL) { goto done; } wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif /* do it here to detect failure */ tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sockfd); /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } wolfSSL_set_fd(ssl, clientfd); /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = '\0'; printf("Client message export/import: %s\n", input); } else { printf("ret = %d error = %d\n", idx, wolfSSL_get_error(ssl, idx)); goto done; } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(clientfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) #if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) OpenSSLTicketCleanup(); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketCleanup(); #endif #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } static void load_tls12_canned_server(WOLFSSL* ssl) { int clientfd = wolfSSL_get_fd(ssl); AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session, sizeof(canned_server_session)), sizeof(canned_server_session)); wolfSSL_set_fd(ssl, clientfd); } #ifdef WOLFSSL_TLS13 static void load_tls13_canned_server(WOLFSSL* ssl) { int clientfd = wolfSSL_get_fd(ssl); AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session, sizeof(canned_server_tls13_session)), sizeof(canned_server_tls13_session)); wolfSSL_set_fd(ssl, clientfd); } #endif /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ static void test_wolfSSL_tls_export_run(int v) { SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; word32 replySz; int msgSz = (int)XSTRLEN(msg); const byte* clientSession = NULL; int clientSessionSz = 0; tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); switch (v) { case WOLFSSL_TLSV1_2: server_cbf.method = wolfTLSv1_2_server_method; server_cbf.ssl_ready = load_tls12_canned_server; /* setup the client side */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); clientSession = canned_client_session; clientSessionSz = sizeof(canned_client_session); break; #ifdef WOLFSSL_TLS13 case WOLFSSL_TLSV1_3: server_cbf.method = wolfTLSv1_3_server_method; server_cbf.ssl_ready = load_tls13_canned_server; /* setup the client side */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); clientSession = canned_client_tls13_session; clientSessionSz = sizeof(canned_client_tls13_session); break; #endif } server_args.callbacks = &server_cbf; server_args.signal = &ready; start_thread(tls_export_server, &server_args, &serverThread); wait_tcp_ready(&server_args); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz), clientSessionSz); replySz = sizeof(reply); AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); #if !defined(NO_PSK) && defined(HAVE_ANON) /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0); #endif wolfSSL_set_fd(ssl, sockfd); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif join_thread(serverThread); AssertIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif } #endif static void test_wolfSSL_tls_export(void) { #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) printf(testingFmt, "wolfSSL_tls_export()"); test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2); #ifdef WOLFSSL_TLS13 test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3); #endif printf(resultFmt, passed); #endif } /*----------------------------------------------------------------------------* | TLS extensions tests *----------------------------------------------------------------------------*/ #ifdef ENABLE_TLS_CALLBACK_TEST /* Connection test runner - generic */ static void test_wolfSSL_client_server(callback_functions* client_callbacks, callback_functions* server_callbacks) { tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); client_args.callbacks = client_callbacks; server_args.callbacks = server_callbacks; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* RUN Server side */ InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; start_thread(run_wolfssl_server, &server_args, &serverThread); wait_tcp_ready(&server_args); /* RUN Client side */ run_wolfssl_client(&client_args); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif client_callbacks->return_code = client_args.return_code; server_callbacks->return_code = server_args.return_code; } #endif /* ENABLE_TLS_CALLBACK_TEST */ #ifdef HAVE_SNI static void test_wolfSSL_UseSNI_params(void) { WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* invalid [ctx|ssl] */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); /* invalid type */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); /* invalid data */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); /* success case */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); } /* BEGIN of connection tests callbacks */ static void use_SNI_at_ctx(WOLFSSL_CTX* ctx) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15)); } static void use_SNI_at_ssl(WOLFSSL* ssl) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15)); } static void different_SNI_at_ssl(WOLFSSL* ssl) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15)); } static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl) { use_SNI_at_ssl(ssl); wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_CONTINUE_ON_MISMATCH); } static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl) { use_SNI_at_ssl(ssl); wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ANSWER_ON_MISMATCH); } static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx) { use_SNI_at_ctx(ctx); wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ABORT_ON_ABSENCE); } static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl) { use_SNI_at_ssl(ssl); wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ABORT_ON_ABSENCE); } static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx) { use_SNI_at_ctx(ctx); wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE); } static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl) { AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0)); } static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl) { AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0)); } static void verify_SNI_no_matching(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; char* request = (char*) &type; /* to be overwritten */ AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type)); AssertNotNull(request); AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request)); AssertNull(request); } static void verify_SNI_real_matching(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; char* request = NULL; AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type)); AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request)); AssertNotNull(request); AssertStrEQ("www.wolfssl.com", request); } static void verify_SNI_fake_matching(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; char* request = NULL; AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type)); AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request)); AssertNotNull(request); AssertStrEQ("ww2.wolfssl.com", request); } static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl) { AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0)); } /* END of connection tests callbacks */ static void test_wolfSSL_UseSNI_connection(void) { callback_functions client_cb; callback_functions server_cb; XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = wolfSSLv23_client_method; server_cb.method = wolfSSLv23_server_method; server_cb.devId = devId; server_cb.devId = devId; /* success case at ctx */ client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case at ssl */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* default mismatch behavior */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server; test_wolfSSL_client_server(&client_cb, &server_cb); /* continue on mismatch */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* fake answer on mismatch */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - success */ client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - abort when absent (ctx) */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server; /* sni abort - abort when absent (ssl) */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - success when overwritten */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - success when allowing mismatches */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching; test_wolfSSL_client_server(&client_cb, &server_cb); } static void test_wolfSSL_SNI_GetFromBuffer(void) { byte buff[] = { /* www.paypal.com */ 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c, 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca, 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5, 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21, 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77, 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 }; byte buff2[] = { /* api.textmate.org */ 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52, 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b, 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f, 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff, 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08, 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12, 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04, 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16, 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b, 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69, 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00, 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03 }; byte buff3[] = { /* no sni extension */ 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea, 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c, 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4, 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 }; byte buff4[] = { /* last extension has zero size */ 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00, 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00, 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00, 0x12, 0x00, 0x00 }; byte buff5[] = { /* SSL v2.0 client hello */ 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00, /* dummy bytes bellow, just to pass size check */ 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00, }; byte result[32] = {0}; word32 length = 32; AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4), 0, result, &length)); AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3), 0, result, &length)); AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), 1, result, &length)); AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[0] = 0x16; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[1] = 0x03; AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[2] = 0x03; AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[4] = 0x64; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); result[length] = 0; AssertStrEQ("www.paypal.com", (const char*) result); length = 32; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), 0, result, &length)); result[length] = 0; AssertStrEQ("api.textmate.org", (const char*) result); /* SSL v2.0 tests */ AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[2] = 0x02; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[2] = 0x01; buff5[6] = 0x08; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[6] = 0x09; buff5[8] = 0x01; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); } #endif /* HAVE_SNI */ static void test_wolfSSL_UseSNI(void) { #ifdef HAVE_SNI test_wolfSSL_UseSNI_params(); test_wolfSSL_UseSNI_connection(); test_wolfSSL_SNI_GetFromBuffer(); #endif } #endif /* HAVE_IO_TESTS_DEPENDENCIES */ static void test_wolfSSL_UseTrustedCA(void) { #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL *ssl; byte id[20]; #ifndef NO_WOLFSSL_SERVER AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()))); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); #else AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))); #endif AssertNotNull((ssl = wolfSSL_new(ctx))); XMEMSET(id, 0, sizeof(id)); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5)); #ifdef NO_SHA AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); #endif AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 0)); /* success cases */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0)); #ifndef NO_SHA AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 5)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif /* HAVE_TRUSTED_CA */ } static void test_wolfSSL_UseMaxFragment(void) { #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #else WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #endif WOLFSSL *ssl = wolfSSL_new(ctx); #ifdef OPENSSL_EXTRA int (*UseMaxFragment)(SSL *s, uint8_t mode); int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode); CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length; UseMaxFragment = SSL_set_tlsext_max_fragment_length; #else int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode); int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode); UseMaxFragment = wolfSSL_UseMaxFragment; CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment; #endif AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1)); AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1)); AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1)); AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1)); /* success case */ #ifdef OPENSSL_EXTRA AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); #else AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); #endif AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); #ifdef OPENSSL_EXTRA AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); #else AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); #endif AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); #ifdef OPENSSL_EXTRA AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); #else AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_UseTruncatedHMAC(void) { #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #else WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #endif WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); /* success case */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_UseSupportedCurve(void) { #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); /* success case */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES) static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl) { AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0)); } static void use_ALPN_all(WOLFSSL* ssl) { /* http/1.1,spdy/1,spdy/2,spdy/3 */ char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); } static void use_ALPN_all_continue(WOLFSSL* ssl) { /* http/1.1,spdy/1,spdy/2,spdy/3 */ char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); } static void use_ALPN_one(WOLFSSL* ssl) { /* spdy/2 */ char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); } static void use_ALPN_unknown(WOLFSSL* ssl) { /* http/2.0 */ char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); } static void use_ALPN_unknown_continue(WOLFSSL* ssl) { /* http/2.0 */ char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); } static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl) { /* spdy/3 */ char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char *proto = NULL; word16 protoSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntNE(1, sizeof(nego_proto) == protoSz); if (proto) { AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto))); } } static void verify_ALPN_not_matching_continue(WOLFSSL* ssl) { char *proto = NULL; word16 protoSz = 0; AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntEQ(1, (0 == protoSz)); AssertIntEQ(1, (NULL == proto)); } static void verify_ALPN_matching_http1(WOLFSSL* ssl) { /* http/1.1 */ char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; char *proto; word16 protoSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static void verify_ALPN_matching_spdy2(WOLFSSL* ssl) { /* spdy/2 */ char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; char *proto; word16 protoSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static void verify_ALPN_client_list(WOLFSSL* ssl) { /* http/1.1,spdy/1,spdy/2,spdy/3 */ char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char *clist = NULL; word16 clistSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist, &clistSz)); /* check value */ AssertIntEQ(1, sizeof(alpn_list) == clistSz); AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist)); } static void test_wolfSSL_UseALPN_connection(void) { callback_functions client_cb; callback_functions server_cb; XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = wolfSSLv23_client_method; server_cb.method = wolfSSLv23_server_method; server_cb.devId = devId; server_cb.devId = devId; /* success case same list */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case only one for server */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case only one for client */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case none for client */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case mismatch behavior but option 'continue' set */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue; client_cb.on_result = verify_ALPN_not_matching_continue; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case read protocol send by client */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list; test_wolfSSL_client_server(&client_cb, &server_cb); /* mismatch behavior with same list * the first and only this one must be taken */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3; test_wolfSSL_client_server(&client_cb, &server_cb); /* default mismatch behavior */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client; test_wolfSSL_client_server(&client_cb, &server_cb); } static void test_wolfSSL_UseALPN_params(void) { #ifndef NO_WOLFSSL_CLIENT /* "http/1.1" */ char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; /* "spdy/1" */ char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31}; /* "spdy/2" */ char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; /* "spdy/3" */ char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char buff[256]; word32 idx; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(NULL, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* success case */ /* http1 only */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* http1, spdy1 */ XMEMCPY(buff, http1, sizeof(http1)); idx = sizeof(http1); buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* http1, spdy2, spdy1 */ XMEMCPY(buff, http1, sizeof(http1)); idx = sizeof(http1); buff[idx++] = ','; XMEMCPY(buff+idx, spdy2, sizeof(spdy2)); idx += sizeof(spdy2); buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* spdy3, http1, spdy2, spdy1 */ XMEMCPY(buff, spdy3, sizeof(spdy3)); idx = sizeof(spdy3); buff[idx++] = ','; XMEMCPY(buff+idx, http1, sizeof(http1)); idx += sizeof(http1); buff[idx++] = ','; XMEMCPY(buff+idx, spdy2, sizeof(spdy2)); idx += sizeof(spdy2); buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } #endif /* HAVE_ALPN */ #ifdef HAVE_ALPN_PROTOS_SUPPORT static void CTX_set_alpn_protos(SSL_CTX *ctx) { unsigned char p[] = { 8, 'h', 't', 't', 'p', '/', '1', '.', '1', 6, 's', 'p', 'd', 'y', '/', '2', 6, 's', 'p', 'd', 'y', '/', '1', }; unsigned char p_len = sizeof(p); int ret; ret = SSL_CTX_set_alpn_protos(ctx, p, p_len); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(ret, 0); #else AssertIntEQ(ret, SSL_SUCCESS); #endif } static void set_alpn_protos(SSL* ssl) { unsigned char p[] = { 6, 's', 'p', 'd', 'y', '/', '3', 8, 'h', 't', 't', 'p', '/', '1', '.', '1', 6, 's', 'p', 'd', 'y', '/', '2', 6, 's', 'p', 'd', 'y', '/', '1', }; unsigned char p_len = sizeof(p); int ret; ret = SSL_set_alpn_protos(ssl, p, p_len); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(ret, 0); #else AssertIntEQ(ret, SSL_SUCCESS); #endif } static void verify_alpn_matching_spdy3(WOLFSSL* ssl) { /* "spdy/3" */ char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; const unsigned char *proto; unsigned int protoSz = 0; SSL_get0_alpn_selected(ssl, &proto, &protoSz); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static void verify_alpn_matching_http1(WOLFSSL* ssl) { /* "http/1.1" */ char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; const unsigned char *proto; unsigned int protoSz = 0; SSL_get0_alpn_selected(ssl, &proto, &protoSz); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static void test_wolfSSL_set_alpn_protos(void) { callback_functions client_cb; callback_functions server_cb; XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = wolfSSLv23_client_method; server_cb.method = wolfSSLv23_server_method; server_cb.devId = devId; server_cb.devId = devId; /* use CTX_alpn_protos */ client_cb.ctx_ready = CTX_set_alpn_protos; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = CTX_set_alpn_protos; server_cb.ssl_ready = NULL; server_cb.on_result = verify_alpn_matching_http1; test_wolfSSL_client_server(&client_cb, &server_cb); /* use set_alpn_protos */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = set_alpn_protos; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3; test_wolfSSL_client_server(&client_cb, &server_cb); } #endif /* HAVE_ALPN_PROTOS_SUPPORT */ static void test_wolfSSL_UseALPN(void) { #if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) &&\ defined(HAVE_IO_TESTS_DEPENDENCIES) test_wolfSSL_UseALPN_connection(); test_wolfSSL_UseALPN_params(); #endif #ifdef HAVE_ALPN_PROTOS_SUPPORT test_wolfSSL_set_alpn_protos(); #endif } static void test_wolfSSL_DisableExtendedMasterSecret(void) { #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL)); /* success cases */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_wolfSSL_UseSecureRenegotiation(void) { #if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL)); /* success cases */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } /*----------------------------------------------------------------------------* | X509 Tests *----------------------------------------------------------------------------*/ static void test_wolfSSL_X509_NAME_get_entry(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) #if defined(OPENSSL_ALL) || \ (defined(OPENSSL_EXTRA) && \ (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) printf(testingFmt, "wolfSSL_X509_NAME_get_entry()"); { /* use openssl like name to test mapping */ X509_NAME_ENTRY* ne; X509_NAME* name; X509* x509; #ifndef NO_FILESYSTEM ASN1_STRING* asn; char* subCN = NULL; #endif int idx; ASN1_OBJECT *object = NULL; #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) #ifndef NO_BIO BIO* bio; #endif #endif #ifndef NO_FILESYSTEM x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); name = X509_get_subject_name(x509); idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); AssertIntGE(idx, 0); ne = X509_NAME_get_entry(name, idx); AssertNotNull(ne); asn = X509_NAME_ENTRY_get_data(ne); AssertNotNull(asn); subCN = (char*)ASN1_STRING_data(asn); AssertNotNull(subCN); wolfSSL_FreeX509(x509); #endif x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); name = X509_get_subject_name(x509); idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); AssertIntGE(idx, 0); #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) #ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(bio, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); BIO_free(bio); #endif #endif ne = X509_NAME_get_entry(name, idx); AssertNotNull(ne); AssertNotNull(object = X509_NAME_ENTRY_get_object(ne)); wolfSSL_FreeX509(x509); } printf(resultFmt, passed); #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ #endif /* !NO_CERTS && !NO_RSA */ } /* Testing functions dealing with PKCS12 parsing out X509 certs */ static void test_wolfSSL_PKCS12(void) { /* .p12 file is encrypted with DES3 */ #ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit) * Password Key */ #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ !defined(NO_SHA) && defined(HAVE_PKCS12) byte buf[6000]; char file[] = "./certs/test-servercert.p12"; char order[] = "./certs/ecc-rsa-server.p12"; #ifdef WC_RC2 char rc2p12[] = "./certs/test-servercert-rc2.p12"; #endif char pass[] = "a password"; const char goodPsw[] = "wolfSSL test"; const char badPsw[] = "bad"; #ifdef HAVE_ECC WOLFSSL_X509_NAME* subject; WOLFSSL_X509 *x509; #endif XFILE f; int bytes, ret, goodPswLen, badPswLen; WOLFSSL_BIO *bio; WOLFSSL_EVP_PKEY *pkey; WC_PKCS12 *pkcs12; WC_PKCS12 *pkcs12_2; WOLFSSL_X509 *cert; WOLFSSL_X509 *tmp; WOLF_STACK_OF(WOLFSSL_X509) *ca; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) WOLFSSL_CTX *ctx; WOLFSSL *ssl; WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; #endif printf(testingFmt, "wolfSSL_PKCS12()"); f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); goodPswLen = (int)XSTRLEN(goodPsw); badPswLen = (int)XSTRLEN(badPsw); bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); pkcs12 = d2i_PKCS12_bio(bio, NULL); AssertNotNull(pkcs12); PKCS12_free(pkcs12); d2i_PKCS12_bio(bio, &pkcs12); AssertNotNull(pkcs12); BIO_free(bio); /* check verify MAC directly */ ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen); AssertIntEQ(ret, 1); /* check verify MAC fail case directly */ ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen); AssertIntEQ(ret, 0); /* check verify MAC fail case */ ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); AssertIntEQ(ret, 0); AssertNull(pkey); AssertNull(cert); /* check parse with no extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); /* check parse with extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* Copy stack structure */ AssertNotNull(tmp_ca = X509_chain_up_ref(ca)); AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1); /* CTX now owns the tmp_ca stack structure */ tmp_ca = NULL; AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1); AssertNotNull(tmp_ca); AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca)); /* Check that the main cert is also set */ AssertNotNull(SSL_CTX_get0_certificate(ctx)); AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(SSL_get_certificate(ssl)); SSL_free(ssl); SSL_CTX_free(ctx); #endif /* should be 2 other certs on stack */ tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); AssertNull(sk_X509_pop(ca)); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, X509_free); /* check PKCS12_create */ AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0)); AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), SSL_SUCCESS); AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, -1, -1, 100, -1, 0))); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, NULL); AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); PKCS12_free(pkcs12_2); AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2000, 1, 0))); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, NULL); /* convert to DER then back and parse */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS); PKCS12_free(pkcs12_2); AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL)); BIO_free(bio); AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); /* should be 2 other certs on stack */ tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); AssertNull(sk_X509_pop(ca)); #ifndef NO_RC4 PKCS12_free(pkcs12_2); AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL, NID_pbe_WithSHA1And128BitRC4, NID_pbe_WithSHA1And128BitRC4, 2000, 1, 0))); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, NULL); AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); #endif /* NO_RC4 */ EVP_PKEY_free(pkey); X509_free(cert); PKCS12_free(pkcs12); PKCS12_free(pkcs12_2); sk_X509_pop_free(ca, NULL); #ifdef HAVE_ECC /* test order of parsing */ f = XFOPEN(order, "rb"); AssertTrue(f != XBADFILE); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), WOLFSSL_SUCCESS); AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); /* compare subject lines of certificates */ AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert)); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); X509_free(x509); /* test expected fail case */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, SSL_FILETYPE_PEM)); AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); X509_free(x509); X509_free(cert); /* get subject line from ca stack */ AssertNotNull(cert = sk_X509_pop(ca)); AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert)); /* compare subject from certificate in ca to expected */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); EVP_PKEY_free(pkey); X509_free(x509); X509_free(cert); BIO_free(bio); PKCS12_free(pkcs12); sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */ /* test order of parsing */ f = XFOPEN(file, "rb"); AssertTrue(f != XBADFILE); AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); XFCLOSE(f); /* check verify MAC fail case */ ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); AssertIntEQ(ret, 0); AssertNull(pkey); AssertNull(cert); /* check parse with no extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); /* check parse with extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); sk_X509_pop_free(ca, NULL); PKCS12_free(pkcs12); #endif /* HAVE_ECC */ #ifdef WC_RC2 /* test PKCS#12 with RC2 encryption */ f = XFOPEN(rc2p12, "rb"); AssertTrue(f != XBADFILE); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); /* check verify MAC fail case */ ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); AssertIntEQ(ret, 0); AssertNull(pkey); AssertNull(cert); /* check parse iwth not extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); AssertIntEQ(ret, WOLFSSL_SUCCESS); AssertNotNull(pkey); AssertNotNull(cert); /* check parse with extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); AssertIntEQ(ret, WOLFSSL_SUCCESS); AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); sk_X509_pop_free(ca, NULL); BIO_free(bio); PKCS12_free(pkcs12); #endif /* WC_RC2 */ /* Test i2d_PKCS12_bio */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); XFCLOSE(f); bio = BIO_new(BIO_s_mem()); AssertNotNull(bio); ret = i2d_PKCS12_bio(bio, pkcs12); AssertIntEQ(ret, 1); ret = i2d_PKCS12_bio(NULL, pkcs12); AssertIntEQ(ret, 0); ret = i2d_PKCS12_bio(bio, NULL); AssertIntEQ(ret, 0); PKCS12_free(pkcs12); BIO_free(bio); (void)order; printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ #endif /* HAVE_FIPS */ } #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5) #define TEST_PKCS8_ENC #endif #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \ && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) /* used to keep track if FailTestCallback was called */ static int failTestCallbackCalled = 0; static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata) { (void)passwd; (void)sz; (void)rw; (void)userdata; /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */ failTestCallbackCalled = 1; return -1; } #endif static void test_wolfSSL_no_password_cb(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \ && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) WOLFSSL_CTX* ctx; byte buff[FOURK_BUF]; const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; XFILE f; int bytes; printf(testingFmt, "test_wolfSSL_no_password_cb()"); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method())); #endif wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack); AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntLE(bytes, sizeof(buff)); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntLE(bytes, sizeof(buff)); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); if (failTestCallbackCalled != 0) { Fail(("Password callback should not be called by default"), ("Password callback was called without attempting " "to first decipher private key without password.")); } printf(resultFmt, passed); #endif } #ifdef TEST_PKCS8_ENC /* for PKCS8 test case */ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) { int flag = 0; (void)rw; if (userdata != NULL) { flag = *((int*)userdata); /* user set data */ } switch (flag) { case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata * can be anything the user wishes to be passed to the callback * associated with the WOLFSSL_CTX */ XSTRNCPY(passwd, "yassl123", sz); return 8; default: return BAD_FUNC_ARG; } } #endif /* TEST_PKCS8_ENC */ /* Testing functions dealing with PKCS8 */ static void test_wolfSSL_PKCS8(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) byte buff[FOURK_BUF]; byte der[FOURK_BUF]; #ifndef NO_RSA const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem"; const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der"; #endif const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; #ifdef HAVE_ECC const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; #endif XFILE f; int bytes; WOLFSSL_CTX* ctx; #if defined(HAVE_ECC) && !defined(NO_CODING) int ret; ecc_key key; word32 x = 0; #endif #ifdef TEST_PKCS8_ENC #if !defined(NO_RSA) && !defined(NO_SHA) const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem"; const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der"; #endif #if defined(HAVE_ECC) && !defined(NO_SHA) const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem"; const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der"; #endif int flag; #endif (void)der; printf(testingFmt, "wolfSSL_PKCS8()"); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #endif #else #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #endif #ifdef TEST_PKCS8_ENC wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack); wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag); flag = 1; /* used by password callback as return code */ #if !defined(NO_RSA) && !defined(NO_SHA) /* test loading PEM PKCS8 encrypted file */ f = XFOPEN(serverKeyPkcs8EncPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "yassl123"), 0); /* test that error value is returned with a bad password */ AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); /* test loading PEM PKCS8 encrypted file */ f = XFOPEN(serverKeyPkcs8EncDerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); flag = 1; /* used by password callback as return code */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* !NO_RSA && !NO_SHA */ #if defined(HAVE_ECC) && !defined(NO_SHA) /* test loading PEM PKCS8 encrypted ECC Key file */ f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); flag = 1; /* used by password callback as return code */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "yassl123"), 0); /* test that error value is returned with a bad password */ AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); /* test loading DER PKCS8 encrypted ECC Key file */ f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); flag = 1; /* used by password callback as return code */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* leave flag as "okay" */ flag = 1; #endif /* HAVE_ECC && !NO_SHA */ #endif /* TEST_PKCS8_ENC */ #ifndef NO_RSA /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */ f = XFOPEN(serverKeyPkcs8DerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* test loading PEM PKCS8 private key file (not encrypted) */ f = XFOPEN(serverKeyPkcs8PemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #endif /* !NO_RSA */ /* Test PKCS8 PEM ECC key no crypt */ f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); #ifdef HAVE_ECC /* Test PKCS8 PEM ECC key no crypt */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #ifndef NO_CODING /* decrypt PKCS8 PEM to key in DER format */ AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), 0); ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes); wc_ecc_free(&key); } AssertIntEQ(ret, 0); #endif /* Test PKCS8 DER ECC key no crypt */ f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); /* Test using a PKCS8 ECC PEM */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #else /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */ AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER); #endif /* HAVE_ECC */ wolfSSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */ } static void test_wolfSSL_PKCS8_ED25519(void) { #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \ defined(HAVE_ED25519_KEY_IMPORT) const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n" "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n" "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n" "2L9W4v7swXkV+X+a1ww=\n" "-----END ENCRYPTED PRIVATE KEY-----\n"; const char password[] = "abcdefghijklmnopqrstuvwxyz"; byte der[FOURK_BUF]; WOLFSSL_CTX* ctx; int bytes; XMEMSET(der, 0, sizeof(der)); AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_PKCS8_ED448(void) { #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \ defined(HAVE_ED448_KEY_IMPORT) const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n" "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n" "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n" "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n" "-----END ENCRYPTED PRIVATE KEY-----\n"; const char password[] = "abcdefghijklmnopqrstuvwxyz"; byte der[FOURK_BUF]; WOLFSSL_CTX* ctx; int bytes; XMEMSET(der, 0, sizeof(der)); AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif } /* Testing functions dealing with PKCS5 */ static void test_wolfSSL_PKCS5(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED) #ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */ const char* passwd = "myfipsPa$$W0rd"; #else const char *passwd = "pass1234"; #endif const unsigned char *salt = (unsigned char *)"salt1234"; unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); int ret = 0; AssertNotNull(out); ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt, (int)XSTRLEN((const char *) salt), 10, WC_SHA_DIGEST_SIZE,out); AssertIntEQ(ret, SSL_SUCCESS); #ifdef WOLFSSL_SHA512 ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt, (int)XSTRLEN((const char *) salt), 10, wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out); AssertIntEQ(ret, SSL_SUCCESS); #endif XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ } /* test parsing URI from certificate */ static void test_wolfSSL_URI(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ defined(OPENSSL_EXTRA)) WOLFSSL_X509* x509; const char uri[] = "./certs/client-uri-cert.pem"; const char badUri[] = "./certs/client-relative-uri.pem"; printf(testingFmt, "wolfSSL URI parse"); x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); wolfSSL_FreeX509(x509); x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); #if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) AssertNull(x509); #else AssertNotNull(x509); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_TBS(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && defined(OPENSSL_EXTRA) WOLFSSL_X509* x509; const unsigned char* tbs; int tbsSz; printf(testingFmt, "wolfSSL TBS"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM)); AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); AssertIntEQ(tbsSz, 981); wolfSSL_FreeX509(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_verify(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && defined(OPENSSL_EXTRA) WOLFSSL_X509* ca; WOLFSSL_X509* serv; WOLFSSL_EVP_PKEY* pkey; unsigned char buf[2048]; const unsigned char* pt = NULL; int bufSz; printf(testingFmt, "wolfSSL X509 verify"); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), WOLFSSL_SUCCESS); AssertIntEQ(bufSz, 294); bufSz = 2048; AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); AssertNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)); /* success case */ pt = buf; AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); /* fail case */ bufSz = 2048; AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), WOLFSSL_SUCCESS); pt = buf; AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR); AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_FreeX509(ca); wolfSSL_FreeX509(serv); printf(resultFmt, passed); #endif } #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) /* create certificate with version 2 */ static void test_set_x509_badversion(WOLFSSL_CTX* ctx) { WOLFSSL_X509 *x509, *x509v2; WOLFSSL_EVP_PKEY *priv, *pub; unsigned char *der = NULL, *key = NULL, *pt; char *header, *name; int derSz; long keySz; XFILE fp; WOLFSSL_ASN1_TIME *notBefore, *notAfter; time_t t; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM)); fp = XFOPEN(cliKeyFile, "rb"); AssertIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz), WOLFSSL_SUCCESS); XFCLOSE(fp); pt = key; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, keySz)); /* create the version 2 certificate */ AssertNotNull(x509v2 = X509_new()); AssertIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509v2, wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509v2, wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS); AssertNotNull(pub = wolfSSL_X509_get_pubkey(x509)); AssertIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS); t = time(NULL); AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); AssertTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore)); AssertTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter)); AssertIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0); derSz = wolfSSL_i2d_X509(x509v2, &der); AssertIntGT(derSz, 0); AssertIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); /* TODO: Replace with API call */ XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_X509_free(x509); wolfSSL_X509_free(x509v2); wolfSSL_EVP_PKEY_free(priv); wolfSSL_EVP_PKEY_free(pub); wolfSSL_ASN1_TIME_free(notBefore); wolfSSL_ASN1_TIME_free(notAfter); } /* override certificate version error */ static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store) { AssertIntEQ(store->error, ASN_VERSION_E); AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1); (void)preverify; return 1; } /* set verify callback that will override bad certificate version */ static void test_set_override_x509(WOLFSSL_CTX* ctx) { wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509); } #endif static void test_wolfSSL_X509_TLS_version(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) tcp_ready ready; func_args server_args; func_args client_args; THREAD_TYPE serverThread; callback_functions func_cb_client; callback_functions func_cb_server; printf(testingFmt, "test_wolfSSL_X509_TLS_version"); /* test server rejects a client certificate that is not version 3 */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; func_cb_client.ctx_ready = &test_set_x509_badversion; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_FAIL); AssertIntEQ(server_args.return_code, TEST_FAIL); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif /* Now re run but override the bad X509 version */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; func_cb_client.ctx_ready = &test_set_x509_badversion; func_cb_server.ctx_ready = &test_set_override_x509; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif printf(resultFmt, passed); #endif } /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade * version allowed. * POST: 1 on success. */ static int test_wolfSSL_CTX_SetMinVersion(void) { int failFlag = WOLFSSL_SUCCESS; #ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* ctx; int itr; #ifndef NO_OLD_TLS const int versions[] = { #ifdef WOLFSSL_ALLOW_TLSV10 WOLFSSL_TLSV1, #endif WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2 }; #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; #elif defined(WOLFSSL_TLS13) const int versions[] = { WOLFSSL_TLSV1_3 }; #else const int versions[0]; #endif ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){ if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != WOLFSSL_SUCCESS){ failFlag = WOLFSSL_FAILURE; } } printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed); wolfSSL_CTX_free(ctx); #endif return failFlag; } /* END test_wolfSSL_CTX_SetMinVersion */ /*----------------------------------------------------------------------------* | OCSP Stapling *----------------------------------------------------------------------------*/ /* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need * need to contact the CA, lowering the cost of cert revocation checking. * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST * POST: 1 returned for success. */ static int test_wolfSSL_UseOCSPStapling(void) { #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \ !defined(NO_WOLFSSL_CLIENT) int ret; WOLFSSL_CTX* ctx; WOLFSSL* ssl; #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif #else #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #endif #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStapling()"); ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE); printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); return ret; #else return WOLFSSL_SUCCESS; #endif } /*END test_wolfSSL_UseOCSPStapling */ /* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP * stapling eliminates the need to contact the CA and lowers cert revocation * check. * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined. */ static int test_wolfSSL_UseOCSPStaplingV2 (void) { #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \ !defined(NO_WOLFSSL_CLIENT) int ret; WOLFSSL_CTX* ctx; WOLFSSL* ssl; #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif #else #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #endif #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE ); printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); return ret; #else return WOLFSSL_SUCCESS; #endif } /*END test_wolfSSL_UseOCSPStaplingV2*/ /*----------------------------------------------------------------------------* | Multicast Tests *----------------------------------------------------------------------------*/ static void test_wolfSSL_mcast(void) { #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \ (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)) WOLFSSL_CTX* ctx; WOLFSSL* ssl; int result; byte preMasterSecret[512]; byte clientRandom[32]; byte serverRandom[32]; byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */ byte buf[256]; word16 newId; ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()); AssertNotNull(ctx); result = wolfSSL_CTX_mcast_set_member_id(ctx, 0); AssertIntEQ(result, WOLFSSL_SUCCESS); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret)); XMEMSET(clientRandom, 0xA5, sizeof(clientRandom)); XMEMSET(serverRandom, 0x5A, sizeof(serverRandom)); result = wolfSSL_set_secret(ssl, 23, preMasterSecret, sizeof(preMasterSecret), clientRandom, serverRandom, suite); AssertIntEQ(result, WOLFSSL_SUCCESS); result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf)); AssertIntLE(result, 0); AssertIntLE(newId, 100); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || WOLFSSL_SNIFFER) */ } /*----------------------------------------------------------------------------* | Wolfcrypt *----------------------------------------------------------------------------*/ /* * Unit test for the wc_InitBlake2b() */ static int test_wc_InitBlake2b (void) { int ret = 0; #ifdef HAVE_BLAKE2 Blake2b blake2b; printf(testingFmt, "wc_InitBlake2B()"); /* Test good arg. */ ret = wc_InitBlake2b(&blake2b, 64); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!ret) { ret = wc_InitBlake2b(NULL, 64); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(NULL, 128); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(&blake2b, 128); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(NULL, 0); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(&blake2b, 0); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /*END test_wc_InitBlake2b*/ /* * Unit test for the wc_InitBlake2b_WithKey() */ static int test_wc_InitBlake2b_WithKey (void) { int ret = 0; #ifdef HAVE_BLAKE2 Blake2b blake2b; word32 digestSz = BLAKE2B_KEYBYTES; byte key[BLAKE2B_KEYBYTES]; word32 keylen = BLAKE2B_KEYBYTES; printf(testingFmt, "wc_InitBlake2b_WithKey()"); /* Test good arg. */ ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, keylen); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, 256); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, NULL, keylen); } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /*END wc_InitBlake2b_WithKey*/ /* * Unit test for the wc_InitBlake2s_WithKey() */ static int test_wc_InitBlake2s_WithKey (void) { int ret = 0; #ifdef HAVE_BLAKE2S Blake2s blake2s; word32 digestSz = BLAKE2S_KEYBYTES; byte *key = (byte*)"01234567890123456789012345678901"; word32 keylen = BLAKE2S_KEYBYTES; printf(testingFmt, "wc_InitBlake2s_WithKey()"); /* Test good arg. */ ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, keylen); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, 256); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, NULL, keylen); } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /*END wc_InitBlake2s_WithKey*/ /* * Unit test for the wc_InitMd5() */ static int test_wc_InitMd5 (void) { int flag = 0; #ifndef NO_MD5 wc_Md5 md5; int ret; printf(testingFmt, "wc_InitMd5()"); /* Test good arg. */ ret = wc_InitMd5(&md5); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitMd5(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Md5Free(&md5); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_InitMd5 */ /* * Testing wc_UpdateMd5() */ static int test_wc_Md5Update (void) { int flag = 0; #ifndef NO_MD5 wc_Md5 md5; byte hash[WC_MD5_DIGEST_SIZE]; testVector a, b, c; int ret; ret = wc_InitMd5(&md5); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_Md5Update()"); /* Input */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Md5Final(&md5, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" "\x72"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Md5Final(&md5, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /*Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_MD5_DIGEST_SIZE; ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Md5Free(&md5); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Md5Update() */ /* * Unit test on wc_Md5Final() in wolfcrypt/src/md5.c */ static int test_wc_Md5Final (void) { int flag = 0; #ifndef NO_MD5 /* Instantiate */ wc_Md5 md5; byte* hash_test[3]; byte hash1[WC_MD5_DIGEST_SIZE]; byte hash2[2*WC_MD5_DIGEST_SIZE]; byte hash3[5*WC_MD5_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitMd5(&md5); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test)/sizeof(byte*); /* Test good args. */ printf(testingFmt, "wc_Md5Final()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Md5Final(&md5, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Md5Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Md5Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Md5Final(&md5, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Md5Free(&md5); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* * Unit test for the wc_InitSha() */ static int test_wc_InitSha(void) { int flag = 0; #ifndef NO_SHA wc_Sha sha; int ret; printf(testingFmt, "wc_InitSha()"); /* Test good arg. */ ret = wc_InitSha(&sha); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_ShaFree(&sha); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_InitSha */ /* * Tesing wc_ShaUpdate() */ static int test_wc_ShaUpdate (void) { int flag = 0; #ifndef NO_SHA wc_Sha sha; byte hash[WC_SHA_DIGEST_SIZE]; testVector a, b, c; int ret; ret = wc_InitSha(&sha); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_ShaUpdate()"); /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_ShaUpdate(&sha, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_ShaUpdate(&sha, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_ShaFinal(&sha, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" "\x6C\x9C\xD0\xD8\x9D"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_ShaFinal(&sha, hash); if (ret !=0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try passing in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA_DIGEST_SIZE; ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_ShaFree(&sha); /* If not returned then the unit test passed test vectors. */ printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_ShaUpdate() */ /* * Unit test on wc_ShaFinal */ static int test_wc_ShaFinal (void) { int flag = 0; #ifndef NO_SHA wc_Sha sha; byte* hash_test[3]; byte hash1[WC_SHA_DIGEST_SIZE]; byte hash2[2*WC_SHA_DIGEST_SIZE]; byte hash3[5*WC_SHA_DIGEST_SIZE]; int times, i, ret; /*Initialize*/ ret = wc_InitSha(&sha); if (ret) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test)/sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_ShaFinal()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_ShaFinal(&sha, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_ShaFinal(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_ShaFinal(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_ShaFinal(&sha, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_ShaFree(&sha); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_ShaFinal */ /* * Unit test for wc_InitSha256() */ static int test_wc_InitSha256 (void) { int flag = 0; #ifndef NO_SHA256 wc_Sha256 sha256; int ret; printf(testingFmt, "wc_InitSha256()"); /* Test good arg. */ ret = wc_InitSha256(&sha256); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha256(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_InitSha256 */ /* * Unit test for wc_Sha256Update() */ static int test_wc_Sha256Update (void) { int flag = 0; #ifndef NO_SHA256 wc_Sha256 sha256; byte hash[WC_SHA256_DIGEST_SIZE]; testVector a, b, c; int ret; ret = wc_InitSha256(&sha256); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_Sha256Update()"); /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha256Update(&sha256, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha256Update(&sha256, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha256Final(&sha256, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha256Final(&sha256, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try passing in bad values */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA256_DIGEST_SIZE; ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); /* If not returned then the unit test passed. */ printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256Update */ /* * Unit test function for wc_Sha256Final() */ static int test_wc_Sha256Final (void) { int flag = 0; #ifndef NO_SHA256 wc_Sha256 sha256; byte* hash_test[3]; byte hash1[WC_SHA256_DIGEST_SIZE]; byte hash2[2*WC_SHA256_DIGEST_SIZE]; byte hash3[5*WC_SHA256_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitSha256(&sha256); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_Sha256Final()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha256Final(&sha256, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag ) { ret = wc_Sha256Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256Final(&sha256, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256Final */ /* * Unit test function for wc_Sha256FinalRaw() */ static int test_wc_Sha256FinalRaw (void) { int flag = 0; #if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \ !defined(WOLFSSL_NO_HASH_RAW) wc_Sha256 sha256; byte* hash_test[3]; byte hash1[WC_SHA256_DIGEST_SIZE]; byte hash2[2*WC_SHA256_DIGEST_SIZE]; byte hash3[5*WC_SHA256_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitSha256(&sha256); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_Sha256FinalRaw()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha256FinalRaw(&sha256, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag ) { ret = wc_Sha256FinalRaw(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256FinalRaw(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256FinalRaw(&sha256, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256FinalRaw */ /* * Unit test function for wc_Sha256GetFlags() */ static int test_wc_Sha256GetFlags (void) { int flag = 0; #if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS) wc_Sha256 sha256; word32 flags = 0; printf(testingFmt, "wc_Sha256GetFlags()"); /* Initialize */ flag = wc_InitSha256(&sha256); if (flag == 0) { flag = wc_Sha256GetFlags(&sha256, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha256Free(&sha256); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256GetFlags */ /* * Unit test function for wc_Sha256Free() */ static int test_wc_Sha256Free (void) { int flag = 0; #ifndef NO_SHA256 printf(testingFmt, "wc_Sha256Free()"); wc_Sha256Free(NULL); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256Free */ /* * Unit test function for wc_Sha256GetHash() */ static int test_wc_Sha256GetHash (void) { int flag = 0; #ifndef NO_SHA256 wc_Sha256 sha256; byte hash1[WC_SHA256_DIGEST_SIZE]; printf(testingFmt, "wc_Sha256GetHash()"); /* Initialize */ flag = wc_InitSha256(&sha256); if (flag == 0) { flag = wc_Sha256GetHash(&sha256, hash1); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha256GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256GetHash(&sha256, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha256Free(&sha256); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256GetHash */ /* * Unit test function for wc_Sha256Copy() */ static int test_wc_Sha256Copy (void) { int flag = 0; #ifndef NO_SHA256 wc_Sha256 sha256; wc_Sha256 temp; printf(testingFmt, "wc_Sha256Copy()"); /* Initialize */ flag = wc_InitSha256(&sha256); if (flag == 0) { flag = wc_InitSha256(&temp); } if (flag == 0) { flag = wc_Sha256Copy(&sha256, &temp); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha256Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256Copy(&sha256, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha256Free(&sha256); wc_Sha256Free(&temp); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256Copy */ /* * Testing wc_InitSha512() */ static int test_wc_InitSha512 (void) { int flag = 0; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; int ret; printf(testingFmt, "wc_InitSha512()"); /* Test good arg. */ ret = wc_InitSha512(&sha512); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha512(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_InitSha512 */ /* * wc_Sha512Update() test. */ static int test_wc_Sha512Update (void) { int flag = 0; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; byte hash[WC_SHA512_DIGEST_SIZE]; testVector a, b, c; int ret; ret = wc_InitSha512(&sha512); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_Sha512Update()"); /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha512Update(&sha512, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512Update(&sha512,(byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } ret = wc_Sha512Final(&sha512, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b" "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c" "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a" "\x9a\xc9\x4f\xa5\x4c\xa4\x9f"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha512Final(&sha512, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try passing in bad values */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA512_DIGEST_SIZE; ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); /* If not returned then the unit test passed test vectors. */ printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha512Update */ #ifdef WOLFSSL_SHA512 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256)) /* Perfoms test for * - wc_Sha512Final/wc_Sha512FinalRaw * - wc_Sha512_224Final/wc_Sha512_224Final * - wc_Sha512_256Final/wc_Sha512_256Final * parameter: * - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or * WC_HASH_TYPE_SHA512_256 * - isRaw: if is non-zero, xxxFinalRaw function will be tested *return 0 on success */ static int test_Sha512_Family_Final(int type, int isRaw) { wc_Sha512 sha512; byte* hash_test[3]; byte hash1[WC_SHA512_DIGEST_SIZE]; byte hash2[2*WC_SHA512_DIGEST_SIZE]; byte hash3[5*WC_SHA512_DIGEST_SIZE]; int times, i, ret; int(*initFp)(wc_Sha512*); int(*finalFp)(wc_Sha512*, byte*); void(*freeFp)(wc_Sha512*); if (type == WC_HASH_TYPE_SHA512) { initFp = wc_InitSha512; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ !defined(WOLFSSL_NO_HASH_RAW) finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final; #else finalFp = (isRaw)? NULL : wc_Sha512Final; #endif freeFp = wc_Sha512Free; } #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if !defined(WOLFSSL_NOSHA512_224) else if (type == WC_HASH_TYPE_SHA512_224) { initFp = wc_InitSha512_224; #if !defined(WOLFSSL_NO_HASH_RAW) finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final; #else finalFp = (isRaw)? NULL : wc_Sha512_224Final; #endif freeFp = wc_Sha512_224Free; } #endif #if !defined(WOLFSSL_NOSHA512_256) else if (type == WC_HASH_TYPE_SHA512_256) { initFp = wc_InitSha512_256; #if !defined(WOLFSSL_NO_HASH_RAW) finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final; #else finalFp = (isRaw)? NULL : wc_Sha512_256Final; #endif freeFp = wc_Sha512_256Free; } #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ else return BAD_FUNC_ARG; /* Initialize */ ret = initFp(&sha512); if (!ret) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte *); /* Good test args. */ for (i = 0; i < times && ret == 0; i++) { ret = finalFp(&sha512, hash_test[i]); } /* Test bad args. */ if (!ret) { if (finalFp(NULL, NULL) != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } } if (!ret) { if (finalFp(NULL, hash1) != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } } if (!ret) { if (finalFp(&sha512, NULL) != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } } freeFp(&sha512); return ret; } #endif /* !HAVE_FIPS && !HAVE_SELFTEST && (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */ #endif /* WOLFSSL_SHA512 */ /* * Unit test function for wc_Sha512Final() */ static int test_wc_Sha512Final (void) { int flag = 0; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; byte* hash_test[3]; byte hash1[WC_SHA512_DIGEST_SIZE]; byte hash2[2*WC_SHA512_DIGEST_SIZE]; byte hash3[5*WC_SHA512_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitSha512(&sha512); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte *); /* Good test args. */ printf(testingFmt, "wc_Sha512Final()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha512Final(&sha512, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Sha512Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } if (!flag) {} ret = wc_Sha512Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512Final(&sha512, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha512Final */ /* * Unit test function for wc_Sha512GetFlags() */ static int test_wc_Sha512GetFlags (void) { int flag = 0; #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512; word32 flags = 0; printf(testingFmt, "wc_Sha512GetFlags()"); /* Initialize */ flag = wc_InitSha512(&sha512); if (flag == 0) { flag = wc_Sha512GetFlags(&sha512, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha512Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha512GetFlags */ /* * Unit test function for wc_Sha512FinalRaw() */ static int test_wc_Sha512FinalRaw (void) { int flag = 0; #if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \ !defined(WOLFSSL_NO_HASH_RAW) wc_Sha512 sha512; byte* hash_test[3]; byte hash1[WC_SHA512_DIGEST_SIZE]; byte hash2[2*WC_SHA512_DIGEST_SIZE]; byte hash3[5*WC_SHA512_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitSha512(&sha512); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_Sha512FinalRaw()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha512FinalRaw(&sha512, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag ) { ret = wc_Sha512FinalRaw(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512FinalRaw(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512FinalRaw(&sha512, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha512FinalRaw */ /* * Unit test function for wc_Sha512Free() */ static int test_wc_Sha512Free (void) { int flag = 0; #ifdef WOLFSSL_SHA512 printf(testingFmt, "wc_Sha512Free()"); wc_Sha512Free(NULL); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha512Free */ #ifdef WOLFSSL_SHA512 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256)) static int test_Sha512_Family_GetHash(int type ) { int flag = 0; int(*initFp)(wc_Sha512*); int(*ghashFp)(wc_Sha512*, byte*); wc_Sha512 sha512; byte hash1[WC_SHA512_DIGEST_SIZE]; if (type == WC_HASH_TYPE_SHA512) { initFp = wc_InitSha512; ghashFp = wc_Sha512GetHash; } #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if !defined(WOLFSSL_NOSHA512_224) else if (type == WC_HASH_TYPE_SHA512_224) { initFp = wc_InitSha512_224; ghashFp = wc_Sha512_224GetHash; } #endif #if !defined(WOLFSSL_NOSHA512_256) else if (type == WC_HASH_TYPE_SHA512_256) { initFp = wc_InitSha512_256; ghashFp = wc_Sha512_256GetHash; } #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ else { initFp = NULL; ghashFp = NULL; } if (initFp == NULL || ghashFp == NULL) return WOLFSSL_FATAL_ERROR; if (!flag) { flag = initFp(&sha512); } if (!flag) { flag = ghashFp(&sha512, hash1); } /*test bad arguements*/ if (!flag) { if (ghashFp(NULL, NULL) != BAD_FUNC_ARG ) flag = WOLFSSL_FATAL_ERROR; } if (!flag) { if (ghashFp(NULL, hash1) != BAD_FUNC_ARG ) flag = WOLFSSL_FATAL_ERROR; } if (!flag) { if (ghashFp(&sha512, NULL) != BAD_FUNC_ARG ) flag = WOLFSSL_FATAL_ERROR; } wc_Sha512Free(&sha512); return flag; } #endif /* !HAVE_FIPS && !HAVE_SELFTEST && (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */ #endif /* WOLFSSL_SHA512 */ /* * Unit test function for wc_Sha512GetHash() */ static int test_wc_Sha512GetHash (void) { int flag = 0; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; byte hash1[WC_SHA512_DIGEST_SIZE]; printf(testingFmt, "wc_Sha512GetHash()"); /* Initialize */ flag = wc_InitSha512(&sha512); if (flag == 0) { flag = wc_Sha512GetHash(&sha512, hash1); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha512GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512GetHash(&sha512, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha512Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha512GetHash */ /* * Unit test function for wc_Sha512Copy() */ static int test_wc_Sha512Copy (void) { int flag = 0; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; wc_Sha512 temp; printf(testingFmt, "wc_Sha512Copy()"); /* Initialize */ flag = wc_InitSha512(&sha512); if (flag == 0) { flag = wc_InitSha512(&temp); } if (flag == 0) { flag = wc_Sha512Copy(&sha512, &temp); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha512Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512Copy(&sha512, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha512Free(&sha512); wc_Sha512Free(&temp); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha512Copy */ static int test_wc_InitSha512_224 (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512 sha512; int ret; printf(testingFmt, "wc_InitSha512_224()"); /* Test good arg. */ ret = wc_InitSha512_224(&sha512); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha512_224(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_224Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_224Update (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512 sha512; byte hash[WC_SHA512_DIGEST_SIZE]; testVector a, c; int ret; ret = wc_InitSha512_224(&sha512); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_Sha512_224Update()"); /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha512_224Update(&sha512, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_224Update(&sha512,(byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } ret = wc_Sha512_224Final(&sha512, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08" "\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha512_224Final(&sha512, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA512_224_DIGEST_SIZE; ret = wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_224Free(&sha512); /* If not returned then the unit test passed test vectors. */ printf(resultFmt, flag == 0 ? passed : failed); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_224Final (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) printf(testingFmt, "wc_Sha512_224Final()"); flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0); printf(resultFmt, flag == 0 ? passed : failed); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_224GetFlags (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512, copy; word32 flags = 0; printf(testingFmt, "wc_Sha512_224GetFlags()"); /* Initialize */ flag = wc_InitSha512_224(&sha512); if (!flag) { flag = wc_InitSha512_224(©); } if (!flag) { flag = wc_Sha512_224Copy(&sha512, ©); } if (!flag) { flag = wc_Sha512_224GetFlags(©, &flags); } if (!flag) { if (flags & WC_HASH_FLAG_ISCOPY) flag = 0; else flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_224Free(©); wc_Sha512_224Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_224FinalRaw (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \ !defined(WOLFSSL_NO_HASH_RAW) printf(testingFmt, "wc_Sha512_224FinalRaw()"); flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } static int test_wc_Sha512_224Free (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) printf(testingFmt, "wc_Sha512_224Free()"); wc_Sha512_224Free(NULL); printf(resultFmt, passed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_224GetHash (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) printf(testingFmt, "wc_Sha512_224GetHash()"); flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224); printf(resultFmt, flag == 0 ? passed : failed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_224Copy (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512 sha512; wc_Sha512 temp; printf(testingFmt, "wc_Sha512_224Copy()"); /* Initialize */ flag = wc_InitSha512_224(&sha512); if (flag == 0) { flag = wc_InitSha512_224(&temp); } if (flag == 0) { flag = wc_Sha512_224Copy(&sha512, &temp); } /*test bad arguements*/ if (flag == 0) { if (wc_Sha512_224Copy(NULL, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_224Copy(NULL, &temp) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_224Copy(&sha512, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_224Free(&sha512); wc_Sha512_224Free(&temp); printf(resultFmt, flag == 0 ? passed : failed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_InitSha512_256 (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512 sha512; int ret; printf(testingFmt, "wc_InitSha512_256()"); /* Test good arg. */ ret = wc_InitSha512_256(&sha512); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha512_256(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_256Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_256Update (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512 sha512; byte hash[WC_SHA512_DIGEST_SIZE]; testVector a, c; int ret; ret = wc_InitSha512_256(&sha512); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_Sha512_256Update()"); /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha512_256Update(&sha512, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_256Update(&sha512,(byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } ret = wc_Sha512_256Final(&sha512, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c" "\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31" "\x07\xe7\xaf\x23"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha512_256Final(&sha512, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA512_256_DIGEST_SIZE; ret = wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_256Free(&sha512); /* If not returned then the unit test passed test vectors. */ printf(resultFmt, flag == 0 ? passed : failed); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_256Final (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) printf(testingFmt, "wc_Sha512_256Final()"); flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0); printf(resultFmt, flag == 0 ? passed : failed); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_256GetFlags (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512, copy; word32 flags = 0; printf(testingFmt, "wc_Sha512_256GetFlags()"); /* Initialize */ flag = wc_InitSha512_256(&sha512); if (!flag ) { flag = wc_InitSha512_256(©); } if (!flag ) { flag = wc_Sha512_256Copy(&sha512, ©); } if (!flag ) { flag = wc_Sha512_256GetFlags(©, &flags); } if (!flag) { if (flags & WC_HASH_FLAG_ISCOPY) flag = 0; else flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_256Free(&sha512); printf(resultFmt, flag == 0 ? passed : failed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_256FinalRaw (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \ !defined(WOLFSSL_NO_HASH_RAW) printf(testingFmt, "wc_Sha512_256FinalRaw()"); flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } static int test_wc_Sha512_256Free (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) printf(testingFmt, "wc_Sha512_256Free()"); wc_Sha512_256Free(NULL); printf(resultFmt, passed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_256GetHash (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) printf(testingFmt, "wc_Sha512_256GetHash()"); flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256); printf(resultFmt, flag == 0 ? passed : failed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } static int test_wc_Sha512_256Copy (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512 sha512; wc_Sha512 temp; printf(testingFmt, "wc_Sha512_256Copy()"); /* Initialize */ flag = wc_InitSha512_256(&sha512); if (flag == 0) { flag = wc_InitSha512_256(&temp); } if (flag == 0) { flag = wc_Sha512_256Copy(&sha512, &temp); } /*test bad arguements*/ if (flag == 0) { if (wc_Sha512_256Copy(NULL, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_256Copy(NULL, &temp) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_256Copy(&sha512, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_256Free(&sha512); wc_Sha512_256Free(&temp); printf(resultFmt, flag == 0 ? passed : failed); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return flag; } /* * Testing wc_InitSha384() */ static int test_wc_InitSha384 (void) { int flag = 0; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; int ret; printf(testingFmt, "wc_InitSha384()"); /* Test good arg. */ ret = wc_InitSha384(&sha384); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha384(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_InitSha384 */ /* * test wc_Sha384Update() */ static int test_wc_Sha384Update (void) { int flag = 0; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; byte hash[WC_SHA384_DIGEST_SIZE]; testVector a, b, c; int ret; ret = wc_InitSha384(&sha384); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_Sha384Update()"); /* Input */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha384Update(&sha384, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha384Update(&sha384, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha384Final(&sha384, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" "\xc8\x25\xa7"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha384Final(&sha384, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA384_DIGEST_SIZE; ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); /* If not returned then the unit test passed test vectors. */ printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384Update */ /* * Unit test function for wc_Sha384Final(); */ static int test_wc_Sha384Final (void) { int flag = 0; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; byte* hash_test[3]; byte hash1[WC_SHA384_DIGEST_SIZE]; byte hash2[2*WC_SHA384_DIGEST_SIZE]; byte hash3[5*WC_SHA384_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitSha384(&sha384); if (ret) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_Sha384Final()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha384Final(&sha384, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Sha384Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384Final(&sha384, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384Final */ /* * Unit test function for wc_Sha384GetFlags() */ static int test_wc_Sha384GetFlags (void) { int flag = 0; #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS) wc_Sha384 sha384; word32 flags = 0; printf(testingFmt, "wc_Sha384GetFlags()"); /* Initialize */ flag = wc_InitSha384(&sha384); if (flag == 0) { flag = wc_Sha384GetFlags(&sha384, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha384Free(&sha384); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384GetFlags */ /* * Unit test function for wc_Sha384FinalRaw() */ static int test_wc_Sha384FinalRaw (void) { int flag = 0; #if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \ !defined(WOLFSSL_NO_HASH_RAW) wc_Sha384 sha384; byte* hash_test[3]; byte hash1[WC_SHA384_DIGEST_SIZE]; byte hash2[2*WC_SHA384_DIGEST_SIZE]; byte hash3[5*WC_SHA384_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitSha384(&sha384); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_Sha384FinalRaw()"); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha384FinalRaw(&sha384, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag ) { ret = wc_Sha384FinalRaw(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384FinalRaw(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384FinalRaw(&sha384, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384FinalRaw */ /* * Unit test function for wc_Sha384Free() */ static int test_wc_Sha384Free (void) { int flag = 0; #ifdef WOLFSSL_SHA384 printf(testingFmt, "wc_Sha384Free()"); wc_Sha384Free(NULL); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384Free */ /* * Unit test function for wc_Sha384GetHash() */ static int test_wc_Sha384GetHash (void) { int flag = 0; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; byte hash1[WC_SHA384_DIGEST_SIZE]; printf(testingFmt, "wc_Sha384GetHash()"); /* Initialize */ flag = wc_InitSha384(&sha384); if (flag == 0) { flag = wc_Sha384GetHash(&sha384, hash1); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha384GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384GetHash(&sha384, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha384Free(&sha384); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384GetHash */ /* * Unit test function for wc_Sha384Copy() */ static int test_wc_Sha384Copy (void) { int flag = 0; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; wc_Sha384 temp; printf(testingFmt, "wc_Sha384Copy()"); /* Initialize */ flag = wc_InitSha384(&sha384); if (flag == 0) { flag = wc_InitSha384(&temp); } if (flag == 0) { flag = wc_Sha384Copy(&sha384, &temp); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha384Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384Copy(&sha384, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha384Free(&sha384); wc_Sha384Free(&temp); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384Copy */ /* * Testing wc_InitSha224(); */ static int test_wc_InitSha224 (void) { int flag = 0; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; int ret; printf(testingFmt, "wc_InitSha224()"); /* Test good arg. */ ret = wc_InitSha224(&sha224); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha224(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha224Free(&sha224); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_InitSha224 */ /* * Unit test on wc_Sha224Update */ static int test_wc_Sha224Update (void) { int flag = 0; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; byte hash[WC_SHA224_DIGEST_SIZE]; testVector a, b, c; int ret; ret = wc_InitSha224(&sha224); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_Sha224Update()"); /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha224Update(&sha224, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha224Update(&sha224, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha224Final(&sha224, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2" "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha224Final(&sha224, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA224_DIGEST_SIZE; ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha224Free(&sha224); /* If not returned then the unit test passed test vectors. */ printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224Update */ /* * Unit test for wc_Sha224Final(); */ static int test_wc_Sha224Final (void) { int flag = 0; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; byte* hash_test[3]; byte hash1[WC_SHA224_DIGEST_SIZE]; byte hash2[2*WC_SHA224_DIGEST_SIZE]; byte hash3[5*WC_SHA224_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitSha224(&sha224); if (ret) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_sha224Final()"); /* Testing oversized buffers. */ for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha224Final(&sha224, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Sha224Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha224Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha224Final(&sha224, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha224Free(&sha224); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224Final */ /* * Unit test function for wc_Sha224SetFlags() */ static int test_wc_Sha224SetFlags (void) { int flag = 0; #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha224 sha224; word32 flags = 0; printf(testingFmt, "wc_Sha224SetFlags()"); /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_Sha224SetFlags(&sha224, flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha224Free(&sha224); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224SetFlags */ /* * Unit test function for wc_Sha224GetFlags() */ static int test_wc_Sha224GetFlags (void) { int flag = 0; #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha224 sha224; word32 flags = 0; printf(testingFmt, "wc_Sha224GetFlags()"); /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_Sha224GetFlags(&sha224, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha224Free(&sha224); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224GetFlags */ /* * Unit test function for wc_Sha224Free() */ static int test_wc_Sha224Free (void) { int flag = 0; #ifdef WOLFSSL_SHA224 printf(testingFmt, "wc_Sha224Free()"); wc_Sha224Free(NULL); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224Free */ /* * Unit test function for wc_Sha224GetHash() */ static int test_wc_Sha224GetHash (void) { int flag = 0; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; byte hash1[WC_SHA224_DIGEST_SIZE]; printf(testingFmt, "wc_Sha224GetHash()"); /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_Sha224GetHash(&sha224, hash1); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha224GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224GetHash(&sha224, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha224Free(&sha224); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224GetHash */ /* * Unit test function for wc_Sha224Copy() */ static int test_wc_Sha224Copy (void) { int flag = 0; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; wc_Sha224 temp; printf(testingFmt, "wc_Sha224Copy()"); /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_InitSha224(&temp); } if (flag == 0) { flag = wc_Sha224Copy(&sha224, &temp); } /*test bad arguements*/ if (flag == 0) { flag = wc_Sha224Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224Copy(&sha224, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha224Free(&sha224); wc_Sha224Free(&temp); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224Copy */ /* * Testing wc_InitRipeMd() */ static int test_wc_InitRipeMd (void) { int flag = 0; #ifdef WOLFSSL_RIPEMD RipeMd ripemd; int ret; printf(testingFmt, "wc_InitRipeMd()"); /* Test good arg. */ ret = wc_InitRipeMd(&ripemd); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitRipeMd(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_InitRipeMd */ /* * Testing wc_RipeMdUpdate() */ static int test_wc_RipeMdUpdate (void) { int flag = 0; #ifdef WOLFSSL_RIPEMD RipeMd ripemd; byte hash[RIPEMD_DIGEST_SIZE]; testVector a, b, c; int ret; ret = wc_InitRipeMd(&ripemd); if (ret != 0) { flag = ret; } printf(testingFmt, "wc_RipeMdUpdate()"); /* Input */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_RipeMdFinal(&ripemd, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" "\xb0\x87\xf1\x5a\x0b\xfc"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_RipeMdFinal(&ripemd, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = RIPEMD_DIGEST_SIZE; ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_RipeMdUdpate */ /* * Unit test function for wc_RipeMdFinal() */ static int test_wc_RipeMdFinal (void) { int flag = 0; #ifdef WOLFSSL_RIPEMD RipeMd ripemd; byte* hash_test[3]; byte hash1[RIPEMD_DIGEST_SIZE]; byte hash2[2*RIPEMD_DIGEST_SIZE]; byte hash3[5*RIPEMD_DIGEST_SIZE]; int times, i, ret; /* Initialize */ ret = wc_InitRipeMd(&ripemd); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ printf(testingFmt, "wc_RipeMdFinal()"); /* Testing oversized buffers. */ for (i = 0; i < times; i++) { if (!flag) { ret = wc_RipeMdFinal(&ripemd, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_RipeMdFinal(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_RipeMdFinal(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_RipeMdFinal(&ripemd, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_RipeMdFinal */ /* * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and * wc_InitSha3_512 */ static int test_wc_InitSha3 (void) { int ret = 0; #if defined(WOLFSSL_SHA3) wc_Sha3 sha3; (void)sha3; #if !defined(WOLFSSL_NOSHA3_224) printf(testingFmt, "wc_InitSha3_224()"); ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_224(NULL, HEAP_HINT, devId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_224_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); #endif /* NOSHA3_224 */ #if !defined(WOLFSSL_NOSHA3_256) if (ret == 0) { printf(testingFmt, "wc_InitSha3_256()"); ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_256(NULL, HEAP_HINT, devId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_256_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); } /* END sha3_256 */ #endif /* NOSHA3_256 */ #if !defined(WOLFSSL_NOSHA3_384) if (ret == 0) { printf(testingFmt, "wc_InitSha3_384()"); ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_384(NULL, HEAP_HINT, devId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_384_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); } /* END sha3_384 */ #endif /* NOSHA3_384 */ #if !defined(WOLFSSL_NOSHA3_512) if (ret == 0) { printf(testingFmt, "wc_InitSha3_512()"); ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_512(NULL, HEAP_HINT, devId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_512_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); } /* END sha3_512 */ #endif /* NOSHA3_512 */ #endif return ret; } /* END test_wc_InitSha3 */ /* * Testing wc_Sha3_Update() */ static int testing_wc_Sha3_Update (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ !defined(WOLFSSL_AFALG_XILINX) wc_Sha3 sha3; byte msg[] = "Everybody's working for the weekend."; byte msg2[] = "Everybody gets Friday off."; byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20" "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74" "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76" "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20" "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e"; word32 msglen = sizeof(msg) - 1; word32 msg2len = sizeof(msg2); word32 msgCmplen = sizeof(msgCmp); #if !defined(WOLFSSL_NOSHA3_224) printf(testingFmt, "wc_Sha3_224_Update()"); ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_Sha3_224_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_224_Update(&sha3, msg2, msg2len); if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_224_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_224_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_224_Free(&sha3); if (wc_InitSha3_224(&sha3, HEAP_HINT, devId)) { return ret; } ret = wc_Sha3_224_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_224_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_224_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); #endif /* SHA3_224 */ #if !defined(WOLFSSL_NOSHA3_256) if (ret == 0) { printf(testingFmt, "wc_Sha3_256_Update()"); ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_Sha3_256_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_256_Update(&sha3, msg2, msg2len); if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_256_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_256_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_256_Free(&sha3); if (wc_InitSha3_256(&sha3, HEAP_HINT, devId)) { return ret; } ret = wc_Sha3_256_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_256_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_256_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); } #endif /* SHA3_256 */ #if !defined(WOLFSSL_NOSHA3_384) if (ret == 0) { printf(testingFmt, "wc_Sha3_384_Update()"); ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_Sha3_384_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_384_Update(&sha3, msg2, msg2len); if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_384_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_384_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_384_Free(&sha3); if (wc_InitSha3_384(&sha3, HEAP_HINT, devId)) { return ret; } ret = wc_Sha3_384_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_384_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_384_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); } #endif /* SHA3_384 */ #if !defined(WOLFSSL_NOSHA3_512) if (ret == 0) { printf(testingFmt, "wc_Sha3_512_Update()"); ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_Sha3_512_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_512_Update(&sha3, msg2, msg2len); if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_512_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_512_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_512_Free(&sha3); if (wc_InitSha3_512(&sha3, HEAP_HINT, devId)) { return ret; } ret = wc_Sha3_512_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_512_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_512_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); } #endif /* SHA3_512 */ #endif /* WOLFSSL_SHA3 */ return ret; } /* END testing_wc_Sha3_Update */ /* * Testing wc_Sha3_224_Final() */ static int test_wc_Sha3_224_Final (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55" "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2" "\x64\xea\xd0\xfc\xce\x33"; byte hash[WC_SHA3_224_DIGEST_SIZE]; byte hashRet[WC_SHA3_224_DIGEST_SIZE]; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); printf(testingFmt, "wc_Sha3_224_Final()"); ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_224_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_224_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_Sha3_224_GetHash()"); ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_224_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_224_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_224_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); } wc_Sha3_224_Free(&sha3); #endif return ret; } /* END test_wc_Sha3_224_Final */ /* * Testing wc_Sha3_256_Final() */ static int test_wc_Sha3_256_Final (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8" "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32" "\xdd\x97\x49\x6d\x33\x76"; byte hash[WC_SHA3_256_DIGEST_SIZE]; byte hashRet[WC_SHA3_256_DIGEST_SIZE]; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); printf(testingFmt, "wc_Sha3_256_Final()"); ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_256_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_256_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_Sha3_256_GetHash()"); ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_256_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_256_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_256_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); } wc_Sha3_256_Free(&sha3); #endif return ret; } /* END test_wc_Sha3_256_Final */ /* * Testing wc_Sha3_384_Final() */ static int test_wc_Sha3_384_Final (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7" "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd" "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe" "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22"; byte hash[WC_SHA3_384_DIGEST_SIZE]; byte hashRet[WC_SHA3_384_DIGEST_SIZE]; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); printf(testingFmt, "wc_Sha3_384_Final()"); ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_384_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_384_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_Sha3_384_GetHash()"); ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_384_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_384_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_384_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); } wc_Sha3_384_Free(&sha3); #endif return ret; } /* END test_wc_Sha3_384_Final */ /* * Testing wc_Sha3_512_Final() */ static int test_wc_Sha3_512_Final (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \ !defined(WOLFSSL_NOSHA3_384) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10" "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7" "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53" "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4" "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e"; byte hash[WC_SHA3_512_DIGEST_SIZE]; byte hashRet[WC_SHA3_512_DIGEST_SIZE]; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); printf(testingFmt, "wc_Sha3_512_Final()"); ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_512_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_512_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_512_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_Sha3_512_GetHash()"); ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_512_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_512_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_512_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_512_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); } wc_Sha3_512_Free(&sha3); #endif return ret; } /* END test_wc_Sha3_512_Final */ /* * Testing wc_Sha3_224_Copy() */ static int test_wc_Sha3_224_Copy (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_224_DIGEST_SIZE]; byte hashCpy[WC_SHA3_224_DIGEST_SIZE]; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); printf(testingFmt, "wc_Sha3_224_Copy()"); ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, devId); if (ret != 0) { wc_Sha3_224_Free(&sha3); return ret; } ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_224_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_224_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Sha3_224_Copy */ /* * Testing wc_Sha3_256_Copy() */ static int test_wc_Sha3_256_Copy (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_256_DIGEST_SIZE]; byte hashCpy[WC_SHA3_256_DIGEST_SIZE]; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); printf(testingFmt, "wc_Sha3_256_Copy()"); ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, devId); if (ret != 0) { wc_Sha3_256_Free(&sha3); return ret; } ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_256_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_256_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Sha3_256_Copy */ /* * Testing wc_Sha3_384_Copy() */ static int test_wc_Sha3_384_Copy (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_384_DIGEST_SIZE]; byte hashCpy[WC_SHA3_384_DIGEST_SIZE]; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); printf(testingFmt, "wc_Sha3_384_Copy()"); ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, devId); if (ret != 0) { wc_Sha3_384_Free(&sha3); return ret; } ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_384_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_384_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Sha3_384_Copy */ /* * Testing wc_Sha3_512_Copy() */ static int test_wc_Sha3_512_Copy (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_512_DIGEST_SIZE]; byte hashCpy[WC_SHA3_512_DIGEST_SIZE]; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); printf(testingFmt, "wc_Sha3_512_Copy()"); ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, devId); if (ret != 0) { wc_Sha3_512_Free(&sha3); return ret; } ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_512_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_512_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_512_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Sha3_512_Copy */ /* * Unit test function for wc_Sha3_GetFlags() */ static int test_wc_Sha3_GetFlags (void) { int ret = 0; #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS) wc_Sha3 sha3; word32 flags = 0; printf(testingFmt, "wc_Sha3_GetFlags()"); /* Initialize */ ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId); if (ret != 0) { return ret; } if (ret == 0) { ret = wc_Sha3_GetFlags(&sha3, &flags); } if (ret == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { ret = 0; } } wc_Sha3_224_Free(&sha3); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Sha3_GetFlags */ static int test_wc_InitShake256 (void) { int ret = 0; #ifdef WOLFSSL_SHAKE256 wc_Shake shake; printf(testingFmt, "wc_InitShake256()"); ret = wc_InitShake256(&shake, HEAP_HINT, devId); /* Test bad args. */ if (ret == 0) { ret = wc_InitShake256(NULL, HEAP_HINT, devId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Shake256_Free(&shake); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_InitSha3 */ static int testing_wc_Shake256_Update (void) { int ret = 0; #ifdef WOLFSSL_SHAKE256 wc_Shake shake; byte msg[] = "Everybody's working for the weekend."; byte msg2[] = "Everybody gets Friday off."; byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20" "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74" "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76" "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20" "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e"; word32 msglen = sizeof(msg) - 1; word32 msg2len = sizeof(msg2); word32 msgCmplen = sizeof(msgCmp); printf(testingFmt, "wc_Shake256_Update()"); ret = wc_InitShake256(&shake, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_Shake256_Update(&shake, msg, msglen); if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Shake256_Update(&shake, msg2, msg2len); if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Shake256_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Shake256_Update(&shake, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Shake256_Free(&shake); if (wc_InitShake256(&shake, HEAP_HINT, devId)) { return ret; } ret = wc_Shake256_Update(&shake, NULL, 0); if (ret == 0) { ret = wc_Shake256_Update(&shake, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Shake256_Free(&shake); printf(resultFmt, ret == 0 ? passed : failed); #endif /* WOLFSSL_SHAKE256 */ return ret; } static int test_wc_Shake256_Final (void) { int ret = 0; #ifdef WOLFSSL_SHAKE256 wc_Shake shake; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f" "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b" "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59" "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96" "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37" "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97" "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2" "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67" "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; byte hash[114]; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); printf(testingFmt, "wc_Shake256_Final()"); ret = wc_InitShake256(&shake, HEAP_HINT, devId); if (ret != 0) { return ret; } ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash)); if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash)); if (ret == 0) { ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Shake256_Free(&shake); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* * Testing wc_Shake256_Copy() */ static int test_wc_Shake256_Copy (void) { int ret = 0; #ifdef WOLFSSL_SHAKE256 wc_Shake shake, shakeCpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[144]; byte hashCpy[144]; word32 hashLen = sizeof(hash); word32 hashLenCpy = sizeof(hashCpy); XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); printf(testingFmt, "wc_Shake256_Copy()"); ret = wc_InitShake256(&shake, HEAP_HINT, devId); if (ret != 0) { return ret; } ret = wc_InitShake256(&shakeCpy, HEAP_HINT, devId); if (ret != 0) { wc_Shake256_Free(&shake); return ret; } ret = wc_Shake256_Update(&shake, (byte*)msg, msglen); if (ret == 0) { ret = wc_Shake256_Copy(&shakeCpy, &shake); if (ret == 0) { ret = wc_Shake256_Final(&shake, hash, hashLen); if (ret == 0) { ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Shake256_Copy(NULL, &shake); if (ret == BAD_FUNC_ARG) { ret = wc_Shake256_Copy(&shakeCpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Shake256_Free(&shake); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Shake256_Copy */ /* * Unit test function for wc_Shake256Hash() */ static int test_wc_Shake256Hash(void) { int ret = 0; #ifdef WOLFSSL_SHAKE256 const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; word32 len = sizeof(data); byte hash[144]; word32 hashLen = sizeof(hash); printf(testingFmt, "wc_Shake256Hash()"); ret = wc_Shake256Hash(data, len, hash, hashLen); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Shake256Hash */ /* * unit test for wc_IdeaSetKey() */ static int test_wc_IdeaSetKey (void) { int ret = 0; #ifdef HAVE_IDEA Idea idea; const byte key[] = { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }; int flag = 0; printf(testingFmt, "wc_IdeaSetKey()"); /*IV can be NULL, default value is 0*/ ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION); if (ret == 0) { ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION); } /* Bad args. */ if (ret == 0) { ret = wc_IdeaSetKey(NULL, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION); if (ret != BAD_FUNC_ARG) { flag = 1; } ret = wc_IdeaSetKey(&idea, NULL, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION); if (ret != BAD_FUNC_ARG) { flag = 1; } ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE - 1, NULL, IDEA_ENCRYPTION); if (ret != BAD_FUNC_ARG) { flag = 1; } ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, -1); if (ret != BAD_FUNC_ARG) { flag = 1; } if (flag == 1) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* END Test Bad Args. */ printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_IdeaSetKey */ /* * Unit test for wc_IdeaSetIV() */ static int test_wc_IdeaSetIV (void) { int ret = 0; #ifdef HAVE_IDEA Idea idea; printf(testingFmt, "wc_IdeaSetIV()"); ret = wc_IdeaSetIV(&idea, NULL); /* Test bad args. */ if (ret == 0) { ret = wc_IdeaSetIV(NULL, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_IdeaSetIV */ /* * Unit test for wc_IdeaCipher() */ static int test_wc_IdeaCipher (void) { int ret = 0; #ifdef HAVE_IDEA Idea idea; const byte key[] = { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }; const byte plain[] = { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }; byte enc[sizeof(plain)]; byte dec[sizeof(enc)]; printf(testingFmt, "wc_IdeaCipher()"); ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION); if (ret == 0) { ret = wc_IdeaCipher(&idea, enc, plain); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION); if (ret == 0) { ret = wc_IdeaCipher(&idea, dec, enc); } if (ret == 0) { ret = XMEMCMP(plain, dec, IDEA_BLOCK_SIZE); } if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass Bad Args. */ if (ret == 0) { ret = wc_IdeaCipher(NULL, enc, dec); if (ret == BAD_FUNC_ARG) { ret = wc_IdeaCipher(&idea, NULL, dec); } if (ret == BAD_FUNC_ARG) { ret = wc_IdeaCipher(&idea, enc, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_IdeaCipher */ /* * Unit test for functions wc_IdeaCbcEncrypt and wc_IdeaCbcDecrypt */ static int test_wc_IdeaCbcEncyptDecrypt (void) { int ret = 0; #ifdef HAVE_IDEA Idea idea; const byte key[] = { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }; const char* message = "International Data Encryption Algorithm"; byte msg_enc[40]; byte msg_dec[40]; printf(testingFmt, "wc_IdeaCbcEncrypt()"); ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_ENCRYPTION); if (ret == 0) { ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message, (word32)XSTRLEN(message) + 1); } if (ret == 0) { ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_DECRYPTION); } if (ret == 0) { ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc, (word32)XSTRLEN(message) + 1); if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. Enc */ if (ret == 0) { ret = wc_IdeaCbcEncrypt(NULL, msg_enc, (byte*)message, (word32)XSTRLEN(message) + 1); if (ret == BAD_FUNC_ARG) { ret = wc_IdeaCbcEncrypt(&idea, NULL, (byte*)message, (word32)XSTRLEN(message) + 1); } if (ret == BAD_FUNC_ARG) { ret = wc_IdeaCbcEncrypt(&idea, msg_enc, NULL, (word32)XSTRLEN(message) + 1); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* END test bad args ENC */ /* Test bad args DEC */ if (ret == 0) { ret = wc_IdeaCbcDecrypt(NULL, msg_dec, msg_enc, (word32)XSTRLEN(message) + 1); if (ret == BAD_FUNC_ARG) { ret = wc_IdeaCbcDecrypt(&idea, NULL, msg_enc, (word32)XSTRLEN(message) + 1); } if (ret == BAD_FUNC_ARG) { ret = wc_IdeaCbcDecrypt(&idea, msg_dec, NULL, (word32)XSTRLEN(message) + 1); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_IdeaCbcEncryptDecrypt */ /* * Test function for wc_HmacSetKey */ static int test_wc_Md5HmacSetKey (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_MD5) Hmac hmac; int ret, times, itr; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; printf(testingFmt, "wc_HmacSetKey() with MD5"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Md5HmacSetKey */ /* * testing wc_HmacSetKey() on wc_Sha hash. */ static int test_wc_ShaHmacSetKey (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_SHA) Hmac hmac; int ret, times, itr; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; printf(testingFmt, "wc_HmacSetKey() with SHA"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_ShaHmacSetKey() */ /* * testing wc_HmacSetKey() on Sha224 hash. */ static int test_wc_Sha224HmacSetKey (void) { int flag = 0; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) Hmac hmac; int ret, times, itr; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; printf(testingFmt, "wc_HmacSetKey() with SHA 224"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224HmacSetKey() */ /* * testing wc_HmacSetKey() on Sha256 hash */ static int test_wc_Sha256HmacSetKey (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_SHA256) Hmac hmac; int ret, times, itr; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; printf(testingFmt, "wc_HmacSetKey() with SHA256"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256HmacSetKey() */ /* * testing wc_HmacSetKey on Sha384 hash. */ static int test_wc_Sha384HmacSetKey (void) { int flag = 0; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) Hmac hmac; int ret, times, itr; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; printf(testingFmt, "wc_HmacSetKey() with SHA384"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384HmacSetKey() */ /* * testing wc_HmacUpdate on wc_Md5 hash. */ static int test_wc_Md5HmacUpdate (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_MD5) Hmac hmac; testVector a, b; int ret; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; printf(testingFmt, "wc_HmacUpdate() with MD5"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Md5HmacUpdate */ /* * testing wc_HmacUpdate on SHA hash. */ static int test_wc_ShaHmacUpdate (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_SHA) Hmac hmac; testVector a, b; int ret; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; printf(testingFmt, "wc_HmacUpdate() with SHA"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_ShaHmacUpdate */ /* * testing wc_HmacUpdate on SHA224 hash. */ static int test_wc_Sha224HmacUpdate (void) { int flag = 0; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) Hmac hmac; testVector a, b; int ret; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; printf(testingFmt, "wc_HmacUpdate() with SHA224"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224HmacUpdate */ /* * testing wc_HmacUpdate on SHA256 hash. */ static int test_wc_Sha256HmacUpdate (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_SHA256) Hmac hmac; testVector a, b; int ret; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; printf(testingFmt, "wc_HmacUpdate() with WC_SHA256"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256HmacUpdate */ /* * testing wc_HmacUpdate on SHA384 hash. */ static int test_wc_Sha384HmacUpdate (void) { int flag = 0; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) Hmac hmac; testVector a, b; int ret; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; printf(testingFmt, "wc_HmacUpdate() with SHA384"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384HmacUpdate */ /* * Testing wc_HmacFinal() with MD5 */ static int test_wc_Md5HmacFinal (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_MD5) Hmac hmac; byte hash[WC_MD5_DIGEST_SIZE]; testVector a; int ret; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" "\x9d"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; printf(testingFmt, "wc_HmacFinal() with MD5"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Md5HmacFinal */ /* * Testing wc_HmacFinal() with SHA */ static int test_wc_ShaHmacFinal (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_SHA) Hmac hmac; byte hash[WC_SHA_DIGEST_SIZE]; testVector a; int ret; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" "\x8e\xf1\x46\xbe\x00"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; printf(testingFmt, "wc_HmacFinal() with SHA"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_ShaHmacFinal */ /* * Testing wc_HmacFinal() with SHA224 */ static int test_wc_Sha224HmacFinal (void) { int flag = 0; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) Hmac hmac; byte hash[WC_SHA224_DIGEST_SIZE]; testVector a; int ret; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; printf(testingFmt, "wc_HmacFinal() with SHA224"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha224HmacFinal */ /* * Testing wc_HmacFinal() with SHA256 */ static int test_wc_Sha256HmacFinal (void) { int flag = 0; #if !defined(NO_HMAC) && !defined(NO_SHA256) Hmac hmac; byte hash[WC_SHA256_DIGEST_SIZE]; testVector a; int ret; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" "\xcf\xf7"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; printf(testingFmt, "wc_HmacFinal() with WC_SHA256"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha256HmacFinal */ /* * Testing wc_HmacFinal() with SHA384 */ static int test_wc_Sha384HmacFinal (void) { int flag = 0; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) Hmac hmac; byte hash[WC_SHA384_DIGEST_SIZE]; testVector a; int ret; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" "\xfa\x9c\xb6"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; printf(testingFmt, "wc_HmacFinal() with SHA384"); ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); printf(resultFmt, flag == 0 ? passed : failed); #endif return flag; } /* END test_wc_Sha384HmacFinal */ /* * Testing wc_InitCmac() */ static int test_wc_InitCmac (void) { int ret = 0; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) Cmac cmac1, cmac2, cmac3; /* AES 128 key. */ byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x10\x11\x12\x13\x14\x15\x16"; /* AES 192 key. */ byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x01\x11\x12\x13\x14\x15\x16" "\x01\x02\x03\x04\x05\x06\x07\x08"; /* AES 256 key. */ byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x01\x11\x12\x13\x14\x15\x16" "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x01\x11\x12\x13\x14\x15\x16"; word32 key1Sz = (word32)sizeof(key1) - 1; word32 key2Sz = (word32)sizeof(key2) - 1; word32 key3Sz = (word32)sizeof(key3) - 1; int type = WC_CMAC_AES; printf(testingFmt, "wc_InitCmac()"); #ifdef WOLFSSL_AES_128 ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL); #endif #ifdef WOLFSSL_AES_256 if (ret == 0) ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL); #endif /* Test bad args. */ if (ret == 0) { ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL); if (ret == BAD_FUNC_ARG) { ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_InitCmac(&cmac3, key3, 0, type, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } (void)key1; (void)key1Sz; (void)key2; (void)key2Sz; (void)cmac1; (void)cmac2; printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_InitCmac */ /* * Testing wc_CmacUpdate() */ static int test_wc_CmacUpdate (void) { int ret = 0; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 }; byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64" "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17" "\xb3\x78\xcf\x85\x22\x41\x74\xd9" "\xa0\x97\x39\x71\x62\xf1\x8e\x8f" "\xf4"; word32 inSz = (word32)sizeof(in) - 1; word32 keySz = (word32)sizeof(key); int type = WC_CMAC_AES; ret = wc_InitCmac(&cmac, key, keySz, type, NULL); if (ret != 0) { return ret; } printf(testingFmt, "wc_CmacUpdate()"); ret = wc_CmacUpdate(&cmac, in, inSz); /* Test bad args. */ if (ret == 0) { ret = wc_CmacUpdate(NULL, in, inSz); if (ret == BAD_FUNC_ARG) { ret = wc_CmacUpdate(&cmac, NULL, 30); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_CmacUpdate */ /* * Testing wc_CmacFinal() */ static int test_wc_CmacFinal (void) { int ret = 0; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 }; byte msg[] = { 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64, 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17, 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9, 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f, 0xf4 }; /* Test vectors from CMACGenAES128.rsp from * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac * Per RFC4493 truncation of lsb is possible. */ byte expMac[] = { 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae, 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb }; byte mac[AES_BLOCK_SIZE]; word32 msgSz = (word32)sizeof(msg); word32 keySz = (word32)sizeof(key); word32 macSz = sizeof(mac); word32 badMacSz = 17; int expMacSz = sizeof(expMac); int type = WC_CMAC_AES; XMEMSET(mac, 0, macSz); ret = wc_InitCmac(&cmac, key, keySz, type, NULL); if (ret != 0) { return ret; } ret = wc_CmacUpdate(&cmac, msg, msgSz); printf(testingFmt, "wc_CmacFinal()"); if (ret == 0) { ret = wc_CmacFinal(&cmac, mac, &macSz); if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Pass in bad args. */ if (ret == 0) { ret = wc_CmacFinal(NULL, mac, &macSz); if (ret == BAD_FUNC_ARG) { ret = wc_CmacFinal(&cmac, NULL, &macSz); } if (ret == BAD_FUNC_ARG) { ret = wc_CmacFinal(&cmac, mac, &badMacSz); if (ret == BUFFER_E) { ret = 0; } } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_CmacFinal */ /* * Testing wc_AesCmacGenerate() && wc_AesCmacVerify() */ static int test_wc_AesCmacGenerate (void) { int ret = 0; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e, 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69 }; byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8" "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4"; byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6" "\x3d\x32\x65\x4c\x66\x23\xc5"; byte mac[AES_BLOCK_SIZE]; word32 keySz = sizeof(key); word32 macSz = sizeof(mac); word32 msgSz = sizeof(msg) - 1; word32 expMacSz = sizeof(expMac) - 1; int type = WC_CMAC_AES; XMEMSET(mac, 0, macSz); ret = wc_InitCmac(&cmac, key, keySz, type, NULL); if (ret != 0) { return ret; } ret = wc_CmacUpdate(&cmac, msg, msgSz); if (ret != 0) { return ret; } printf(testingFmt, "wc_AesCmacGenerate()"); ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz); if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Pass in bad args. */ if (ret == 0) { ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz); if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_AesCmacVerify()"); ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz); /* Test bad args. */ if (ret == 0) { ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz); if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); } #endif return ret; } /* END test_wc_AesCmacGenerate */ /* * Testing streaming AES-GCM API. */ static int test_wc_AesGcmStream (void) { int ret = 0; #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_AESGCM_STREAM) int i; WC_RNG rng[1]; Aes aesEnc[1]; Aes aesDec[1]; byte tag[AES_BLOCK_SIZE]; byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, }; byte out[AES_BLOCK_SIZE * 3 + 2]; byte plain[AES_BLOCK_SIZE * 3 + 2]; byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, }; byte key[AES_128_KEY_SIZE] = { 0, }; byte iv[AES_IV_SIZE] = { 1, }; byte ivOut[AES_IV_SIZE]; static const byte expTagAAD1[AES_BLOCK_SIZE] = { 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f, 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05 }; static const byte expTagPlain1[AES_BLOCK_SIZE] = { 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78, 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1 }; static const byte expTag[AES_BLOCK_SIZE] = { 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96, 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d }; /* Create a random for generating IV/nonce. */ AssertIntEQ(wc_InitRng(rng), 0); /* Initialize data structures. */ AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); /* BadParameters to streaming init. */ AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ), BAD_FUNC_ARG); /* Bad parameters to encrypt update. */ AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1), BAD_FUNC_ARG); /* Bad parameters to decrypt update. */ AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1), BAD_FUNC_ARG); /* Bad parameters to encrypt final. */ AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1), BAD_FUNC_ARG); /* Bad parameters to decrypt final. */ AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1), BAD_FUNC_ARG); /* Check calling final before setting key fails. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY); AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY); /* Check calling update before setting key else fails. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), MISSING_KEY); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), MISSING_KEY); /* Set key but not IV. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0); /* Check calling final before setting IV fails. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV); AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV); /* Check calling update before setting IV else fails. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), MISSING_IV); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), MISSING_IV); /* Set IV using fixed part IV and external IV APIs. */ AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ, rng), 0); AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut, GCM_NONCE_MID_SZ), 0); AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0); AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0); /* Encrypt and decrypt data. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0); AssertIntEQ(XMEMCMP(plain, in, 1), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encrypt/decrypt one block and AAD of one block. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* No data to encrypt/decrypt one byte of AAD. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encrypt/decrypt one byte and no AAD. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0); AssertIntEQ(XMEMCMP(plain, in, 1), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encryption AES is one byte at a time */ for (i = 0; i < (int)sizeof(aad); i++) { AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1), 0); } for (i = 0; i < (int)sizeof(in); i++) { AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0), 0); } /* Decryption AES is two bytes at a time */ for (i = 0; i < (int)sizeof(aad); i += 2) { AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2), 0); } for (i = 0; i < (int)sizeof(aad); i += 2) { AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL, 0), 0); } AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Check streaming encryption can be decrypted with one shot. */ AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0); AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv, AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0); AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); wc_AesFree(aesEnc); wc_AesFree(aesDec); wc_FreeRng(rng); #endif return ret; } /* END test_wc_AesGcmStream */ /* * unit test for wc_Des3_SetIV() */ static int test_wc_Des3_SetIV (void) { int ret = 0; #ifndef NO_DES3 Des3 des; const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; printf(testingFmt, "wc_Des3_SetIV()"); ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) return ret; /* DES_ENCRYPTION or DES_DECRYPTION */ ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret == 0) { if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */ /* Test explicitly wc_Des3_SetIV() */ if (ret == 0) { ret = wc_Des3_SetIV(NULL, iv); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_SetIV(&des, NULL); } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } #endif wc_Des3Free(&des); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Des3_SetIV */ /* * unit test for wc_Des3_SetKey() */ static int test_wc_Des3_SetKey (void) { int ret = 0; #ifndef NO_DES3 Des3 des; const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; printf(testingFmt, "wc_Des3_SetKey()"); ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) return ret; /* DES_ENCRYPTION or DES_DECRYPTION */ ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret == 0) { if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_SetKey(&des, key, iv, -1); } if (ret == BAD_FUNC_ARG) { /* Default case. Should return 0. */ ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION); } } /* END if ret != 0 */ wc_Des3Free(&des); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Des3_SetKey */ /* * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt */ static int test_wc_Des3_CbcEncryptDecrypt (void) { int ret = 0; #ifndef NO_DES3 Des3 des; byte cipher[24]; byte plain[24]; const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; printf(testingFmt, "wc_Des3_CbcEncrypt()"); ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret == 0) { ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24); if (ret == 0) { ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION); } if (ret == 0) { ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24); } } if (ret == 0) { if (XMEMCMP(plain, vector, 24) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass in bad args. */ if (ret == 0) { ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (ret == 0) { ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } wc_Des3Free(&des); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END wc_Des3_CbcEncrypt */ /* * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey */ static int test_wc_Des3_CbcEncryptDecryptWithKey (void) { int ret = 0; #ifndef NO_DES3 word32 vectorSz, cipherSz; byte cipher[24]; byte plain[24]; byte vector[] = /* Now is the time for all w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; vectorSz = sizeof(byte) * 24; cipherSz = sizeof(byte) * 24; printf(testingFmt, "wc_Des3_CbcEncryptWithKey()"); ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv); if (ret == 0) { ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv); if (ret == 0) { if (XMEMCMP(plain, vector, 24) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* pass in bad args. */ if (ret == 0) { ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL); } else { /* Return code catch. */ ret = WOLFSSL_FAILURE; } } if (ret == 0) { ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL); } else { ret = WOLFSSL_FAILURE; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Des3_CbcEncryptDecryptWithKey */ /* * Unit test for wc_Des3_EcbEncrypt */ static int test_wc_Des3_EcbEncrypt (void) { int ret = 0; #if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) Des3 des; byte cipher[24]; word32 cipherSz = sizeof(cipher); const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; printf(testingFmt, "wc_Des3_EcbEncrypt()"); ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) { return ret; } if (ret == 0 ) { ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); } /* Bad Cases */ if (ret == 0) { ret = wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, cipher, vector, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(NULL, 0, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Cases */ if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz); } wc_Des3Free(&des); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Des3_EcbEncrypt */ /* * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV() */ static int test_wc_Chacha_SetKey (void) { int ret = 0; #ifdef HAVE_CHACHA ChaCha ctx; const byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 }; byte cipher[128]; printf(testingFmt, "wc_Chacha_SetKey()"); ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); /* Test bad args. */ if (ret == 0) { ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); if (ret == BAD_FUNC_ARG) { ret = wc_Chacha_SetKey(&ctx, key, 18); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (ret != 0) { return ret; } printf(testingFmt, "wc_Chacha_SetIV"); ret = wc_Chacha_SetIV(&ctx, cipher, 0); if (ret == 0) { /* Test bad args. */ ret = wc_Chacha_SetIV(NULL, cipher, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FAILURE; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Chacha_SetKey */ /* * unit test for wc_Poly1305SetKey() */ static int test_wc_Poly1305SetKey(void) { int ret = 0; #ifdef HAVE_POLY1305 Poly1305 ctx; const byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 }; printf(testingFmt, "wc_Poly1305_SetKey()"); ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); /* Test bad args. */ if (ret == 0) { ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); if(ret == BAD_FUNC_ARG) { ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte))); } if (ret == BAD_FUNC_ARG) { ret = wc_Poly1305SetKey(&ctx, key, 18); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Poly1305_SetKey() */ /* * Testing wc_Chacha_Process() */ static int test_wc_Chacha_Process (void) { int ret = 0; #ifdef HAVE_CHACHA ChaCha enc, dec; byte cipher[128]; byte plain[128]; const byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 }; const char* input = "Everybody gets Friday off."; word32 keySz = sizeof(key)/sizeof(byte); unsigned long int inlen = XSTRLEN(input); /*Initialize stack varialbes.*/ XMEMSET(cipher, 0, 128); XMEMSET(plain, 0, 128); printf(testingFmt, "wc_Chacha_Process()"); ret = wc_Chacha_SetKey(&enc, key, keySz); AssertIntEQ(ret, 0); ret = wc_Chacha_SetKey(&dec, key, keySz); AssertIntEQ(ret, 0); ret = wc_Chacha_SetIV(&enc, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_SetIV(&dec, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen); AssertIntEQ(ret, 0); ret = XMEMCMP(input, plain, (int)inlen); AssertIntEQ(ret, 0); #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) /* test checking and using leftovers, currently just in C code */ ret = wc_Chacha_SetIV(&enc, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_SetIV(&dec, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher + (inlen - 2), (byte*)input + (inlen - 2), 2); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&dec, cipher + (inlen - 2), (byte*)input + (inlen - 2), 2); AssertIntEQ(ret, 0); ret = XMEMCMP(input, plain, (int)inlen); AssertIntEQ(ret, 0); /* check edge cases with counter increment */ { /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/ const byte expected[] = { 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F, 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D, 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20, 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29, 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37, 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38, 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88, 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5, 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E, 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51, 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5, 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43, 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07, 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E, 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4, 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37, 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9, 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04, 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06, 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8, 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B, 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35, 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54, 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19, 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3, 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B, 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23, 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3, 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41, 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2, 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35, 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14 }; const byte iv2[] = { 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9, 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93 }; byte input2[256]; int i; for (i = 0; i < 256; i++) input2[i] = i; ret = wc_Chacha_SetIV(&enc, iv2, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher, input2, 64); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected, cipher, 64), 0); ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0); /* partial */ ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0); ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0); } #endif /* Test bad args. */ ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen); AssertIntEQ(ret, BAD_FUNC_ARG); if (ret == BAD_FUNC_ARG) { ret = 0; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Chacha_Process */ /* * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt() */ static int test_wc_ChaCha20Poly1305_aead (void) { int ret = 0; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) const byte key[] = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f }; const byte plaintext[] = { 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e }; const byte iv[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 }; const byte aad[] = { /* additional data */ 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; const byte cipher[] = { /* expected output from operation */ 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16 }; const byte authTag[] = { /* expected output from operation */ 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 }; byte generatedCiphertext[272]; byte generatedPlaintext[272]; byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; /* Initialize stack variables. */ XMEMSET(generatedCiphertext, 0, 272); XMEMSET(generatedPlaintext, 0, 272); /* Test Encrypt */ printf(testingFmt, "wc_ChaCha20Poly1305_Encrypt()"); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, 0); ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte)); AssertIntEQ(ret, 0); /* Test bad args. */ ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext, 0, generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), NULL, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } printf(resultFmt, ret == 0 ? passed : failed); if (ret != 0) { return ret; } printf(testingFmt, "wc_ChaCha20Poly1305_Decrypt()"); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, 0); ret = XMEMCMP(generatedPlaintext, plaintext, sizeof(plaintext)/sizeof(byte)); AssertIntEQ(ret, 0); /* Test bad args. */ ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad), cipher, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, sizeof(cipher), NULL, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, sizeof(cipher), authTag, NULL); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, 0, authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); if (ret == BAD_FUNC_ARG) { ret = 0; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */ /* * Testing function for wc_Rc2SetKey(). */ static int test_wc_Rc2SetKey(void) { int ret = 0; #ifdef WC_RC2 Rc2 rc2; byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; printf(testingFmt, "wc_Rc2SetKey()"); /* valid key and IV */ ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), iv, 40); if (ret == 0) { /* valid key, no IV */ ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), NULL, 40); } /* bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte), iv, 40); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null key */ ret = wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte), iv, 40); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* key size == 0 */ ret = wc_Rc2SetKey(&rc2, key40, 0, iv, 40); if (ret == WC_KEY_SIZE_E) { ret = 0; } } if (ret == 0) { /* key size > 128 */ ret = wc_Rc2SetKey(&rc2, key40, 129, iv, 40); if (ret == WC_KEY_SIZE_E) { ret = 0; } } if (ret == 0) { /* effective bits == 0 */ ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), iv, 0); if (ret == WC_KEY_SIZE_E) { ret = 0; } } if (ret == 0) { /* effective bits > 1024 */ ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), iv, 1025); if (ret == WC_KEY_SIZE_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_Rc2SetIV(). */ static int test_wc_Rc2SetIV(void) { int ret = 0; #ifdef WC_RC2 Rc2 rc2; byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; printf(testingFmt, "wc_Rc2SetIV()"); /* valid IV */ ret = wc_Rc2SetIV(&rc2, iv); if (ret == 0) { /* valid NULL IV */ ret = wc_Rc2SetIV(&rc2, NULL); } /* bad arguments */ if (ret == 0) { ret = wc_Rc2SetIV(NULL, iv); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_Rc2EcbEncrypt(). */ static int test_wc_Rc2EcbEncryptDecrypt(void) { int ret = 0; #ifdef WC_RC2 Rc2 rc2; int effectiveKeyBits = 63; byte cipher[RC2_BLOCK_SIZE]; byte plain[RC2_BLOCK_SIZE]; byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff }; printf(testingFmt, "wc_Rc2EcbEncryptDecrypt()"); XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(plain, 0, sizeof(plain)); ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), NULL, effectiveKeyBits); if (ret == 0) { ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE); if (ret != 0 || XMEMCMP(cipher, output, RC2_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE); if (ret != 0 || XMEMCMP(plain, input, RC2_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* Rc2EcbEncrypt bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* output buffer sz != RC2_BLOCK_SIZE (8) */ ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, 7); if (ret == BUFFER_E) { ret = 0; } } /* Rc2EcbDecrypt bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* output buffer sz != RC2_BLOCK_SIZE (8) */ ret = wc_Rc2EcbDecrypt(&rc2, plain, output, 7); if (ret == BUFFER_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_Rc2CbcEncrypt(). */ static int test_wc_Rc2CbcEncryptDecrypt(void) { int ret = 0; #ifdef WC_RC2 Rc2 rc2; int effectiveKeyBits = 63; byte cipher[RC2_BLOCK_SIZE*2]; byte plain[RC2_BLOCK_SIZE*2]; /* vector taken from test.c */ byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte iv[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57 }; printf(testingFmt, "wc_Rc2CbcEncryptDecrypt()"); XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(plain, 0, sizeof(plain)); ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), iv, effectiveKeyBits); if (ret == 0) { ret = wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)); if (ret != 0 || XMEMCMP(cipher, output, sizeof(output)) != 0) { ret = WOLFSSL_FATAL_ERROR; } else { /* reset IV for decrypt */ ret = wc_Rc2SetIV(&rc2, iv); } if (ret == 0) { ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)); if (ret != 0 || XMEMCMP(plain, input, sizeof(input)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* Rc2CbcEncrypt bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Rc2CbcDecrypt bad arguments */ if (ret == 0) { /* in size is 0 */ ret = wc_Rc2CbcDecrypt(&rc2, plain, output, 0); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_AesSetIV */ static int test_wc_AesSetIV (void) { int ret = 0; #if !defined(NO_AES) && defined(WOLFSSL_AES_128) Aes aes; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte iv1[] = "1234567890abcdef"; byte iv2[] = "0987654321fedcba"; printf(testingFmt, "wc_AesSetIV()"); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), iv1, AES_ENCRYPTION); if(ret == 0) { ret = wc_AesSetIV(&aes, iv2); } /* Test bad args. */ if(ret == 0) { ret = wc_AesSetIV(NULL, iv1); if(ret == BAD_FUNC_ARG) { /* NULL iv should return 0. */ ret = wc_AesSetIV(&aes, NULL); } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* test_wc_AesSetIV */ /* * Testing function for wc_AesSetKey(). */ static int test_wc_AesSetKey (void) { int ret = 0; #ifndef NO_AES Aes aes; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; byte iv[] = "1234567890abcdef"; printf(testingFmt, "wc_AesSetKey()"); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), iv, AES_ENCRYPTION); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte), iv, AES_ENCRYPTION); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte), iv, AES_ENCRYPTION); } #endif /* Pass in bad args. */ if (ret == 0) { ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte), iv, AES_ENCRYPTION); if (ret == BAD_FUNC_ARG) { ret = wc_AesSetKey(&aes, badKey16, (word32) sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_AesSetKey */ /* * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(), * and wc_AesCbcDecryptWithKey() */ static int test_wc_AesCbcEncryptDecrypt (void) { int ret = 0; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \ defined(WOLFSSL_AES_256) Aes aes; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = /* Now is the time for all good men w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20, 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e }; byte iv[] = "1234567890abcdef"; byte enc[sizeof(vector)]; byte dec[sizeof(vector)]; int cbcE = WOLFSSL_FATAL_ERROR; int cbcD = WOLFSSL_FATAL_ERROR; int cbcDWK = WOLFSSL_FATAL_ERROR; byte dec2[sizeof(vector)]; /* Init stack variables. */ XMEMSET(enc, 0, sizeof(enc)); XMEMSET(dec, 0, sizeof(vector)); XMEMSET(dec2, 0, sizeof(vector)); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)); if (ret == 0) { /* Re init for decrypt and set flag. */ cbcE = 0; wc_AesFree(&aes); ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION); } if (ret == 0) { ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)); if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) { ret = WOLFSSL_FATAL_ERROR; } else { /* Set flag. */ cbcD = 0; } } } /* If encrypt succeeds but cbc decrypt fails, we can still test. */ if (ret == 0 || cbcE == 0) { ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv); if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) { cbcDWK = 0; } } printf(testingFmt, "wc_AesCbcEncrypt()"); /* Pass in bad args */ if (cbcE == 0) { cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)); if (cbcE == BAD_FUNC_ARG) { cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)); } if (cbcE == BAD_FUNC_ARG) { cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)); } if (cbcE == BAD_FUNC_ARG) { cbcE = 0; } else { cbcE = WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS if (cbcE == 0) { cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1); } if (cbcE == BAD_LENGTH_E) { cbcE = 0; } else { cbcE = WOLFSSL_FATAL_ERROR; } #endif } if (cbcE == 0) { #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI) printf("Zero length inputs not supported with AESNI in FIPS mode (v2)," " skip test"); #else /* Test passing in size of 0 */ XMEMSET(enc, 0, sizeof(enc)); cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0); if (cbcE == 0) { /* Check enc was not modified */ int i; for (i = 0; i < (int)sizeof(enc); i++) cbcE |= enc[i]; } #endif } printf(resultFmt, cbcE == 0 ? passed : failed); if (cbcE != 0) { wc_AesFree(&aes); return cbcE; } printf(testingFmt, "wc_AesCbcDecrypt()"); if (cbcD == 0) { cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE); if (cbcD == BAD_FUNC_ARG) { cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE); } if (cbcD == BAD_FUNC_ARG) { cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE); } if (cbcD == BAD_FUNC_ARG) { cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1); } #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS if (cbcD == BAD_LENGTH_E) { cbcD = 0; } else { cbcD = WOLFSSL_FATAL_ERROR; } #else if (cbcD == BAD_FUNC_ARG) { cbcD = 0; } else { cbcD = WOLFSSL_FATAL_ERROR; } #endif } if (cbcD == 0) { /* Test passing in size of 0 */ XMEMSET(dec, 0, sizeof(dec)); cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0); if (cbcD == 0) { /* Check dec was not modified */ int i; for (i = 0; i < (int)sizeof(dec); i++) cbcD |= dec[i]; } } printf(resultFmt, cbcD == 0 ? passed : failed); if (cbcD != 0) { wc_AesFree(&aes); return cbcD; } printf(testingFmt, "wc_AesCbcDecryptWithKey()"); if (cbcDWK == 0) { cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv); if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv); } if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, NULL, sizeof(key32)/sizeof(byte), iv); } if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), NULL); } if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = 0; } else { cbcDWK = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); printf(resultFmt, cbcDWK == 0 ? passed : failed); if (cbcDWK != 0) { return cbcDWK; } #endif return ret; } /* END test_wc_AesCbcEncryptDecrypt */ /* * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt */ static int test_wc_AesCtrEncryptDecrypt (void) { int ret = 0; #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) Aes aesEnc, aesDec; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = /* Now is the time for all w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; byte iv[] = "1234567890abcdef"; byte enc[AES_BLOCK_SIZE * 2]; byte dec[AES_BLOCK_SIZE * 2]; /* Init stack variables. */ XMEMSET(enc, 0, AES_BLOCK_SIZE * 2); XMEMSET(dec, 0, AES_BLOCK_SIZE * 2); printf(testingFmt, "wc_AesCtrEncrypt()"); ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID); if (ret != 0) { wc_AesFree(&aesEnc); return ret; } ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesCtrEncrypt(&aesEnc, enc, vector, sizeof(vector)/sizeof(byte)); if (ret == 0) { /* Decrypt with wc_AesCtrEncrypt() */ ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION); } if (ret == 0) { ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)); if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) { ret = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (ret == 0) { ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)); if (ret == BAD_FUNC_ARG) { ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aesEnc); wc_AesFree(&aesDec); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_AesCtrEncryptDecrypt */ /* * test function for wc_AesGcmSetKey() */ static int test_wc_AesGcmSetKey (void) { int ret = 0; #if !defined(NO_AES) && defined(HAVE_AESGCM) Aes aes; #ifdef WOLFSSL_AES_128 byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; byte badKey24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 }; byte badKey32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; printf(testingFmt, "wc_AesGcmSetKey()"); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); } #endif /* Pass in bad args. */ if (ret == 0) { ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)); if (ret == BAD_FUNC_ARG) { ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_AesGcmSetKey */ /* * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ static int test_wc_AesGcmEncryptDecrypt (void) { int ret = 0; /* WOLFSSL_AFALG requires 12 byte IV */ #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES) Aes aes; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = /* Now is the time for all w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; const byte a[] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; byte iv[] = "1234567890a"; byte longIV[] = "1234567890abcdefghij"; byte enc[sizeof(vector)]; byte resultT[AES_BLOCK_SIZE]; byte dec[sizeof(vector)]; int gcmD = WOLFSSL_FATAL_ERROR; int gcmE = WOLFSSL_FATAL_ERROR; /* Init stack variables. */ XMEMSET(enc, 0, sizeof(vector)); XMEMSET(dec, 0, sizeof(vector)); XMEMSET(resultT, 0, AES_BLOCK_SIZE); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); if (ret == 0) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmE == 0) { /* If encrypt fails, no decrypt. */ gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) { gcmD = WOLFSSL_FATAL_ERROR; } } printf(testingFmt, "wc_AesGcmEncrypt()"); /*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ if (gcmE == 0) { gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); if (gcmE == BAD_FUNC_ARG) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)); } if (gcmE == BAD_FUNC_ARG) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)); } #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \ defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) /* FIPS does not check the lower bound of ivSz */ #else if (gcmE == BAD_FUNC_ARG) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0, resultT, sizeof(resultT), a, sizeof(a)); } #endif if (gcmE == BAD_FUNC_ARG) { gcmE = 0; } else { gcmE = WOLFSSL_FATAL_ERROR; } } /* This case is now considered good. Long IVs are now allowed. * Except for the original FIPS release, it still has an upper * bound on the IV length. */ #if (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) if (gcmE == 0) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } #else (void)longIV; #endif /* Old FIPS */ /* END wc_AesGcmEncrypt */ printf(resultFmt, gcmE == 0 ? passed : failed); if (gcmE != 0) { wc_AesFree(&aes); return gcmE; } #ifdef HAVE_AES_DECRYPT printf(testingFmt, "wc_AesGcmDecrypt()"); if (gcmD == 0) { gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)); } #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \ !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) /* FIPS does not check the lower bound of ivSz */ #else if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, 0, resultT, sizeof(resultT), a, sizeof(a)); } #endif if (gcmD == BAD_FUNC_ARG) { gcmD = 0; } else { gcmD = WOLFSSL_FATAL_ERROR; } } /* END wc_AesGcmDecrypt */ printf(resultFmt, gcmD == 0 ? passed : failed); #endif /* HAVE_AES_DECRYPT */ wc_AesFree(&aes); #endif return ret; } /* END test_wc_AesGcmEncryptDecrypt */ /* * unit test for wc_GmacSetKey() */ static int test_wc_GmacSetKey (void) { int ret = 0; #if !defined(NO_AES) && defined(HAVE_AESGCM) Gmac gmac; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66 }; byte badKey24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; byte badKey32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; printf(testingFmt, "wc_GmacSetKey()"); ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); } #endif /* Pass in bad args. */ if (ret == 0) { ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)); if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&gmac.aes); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_GmacSetKey */ /* * unit test for wc_GmacUpdate */ static int test_wc_GmacUpdate (void) { int ret = 0; #if !defined(NO_AES) && defined(HAVE_AESGCM) Gmac gmac; #ifdef WOLFSSL_AES_128 const byte key16[] = { 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 }; #endif #ifdef WOLFSSL_AES_192 byte key24[] = { 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00, 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 }; #endif #ifdef WOLFSSL_AES_128 const byte authIn[] = { 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 }; #endif #ifdef WOLFSSL_AES_192 const byte authIn2[] = { 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 }; #endif const byte authIn3[] = { 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 }; #ifdef WOLFSSL_AES_128 const byte tag1[] = /* Known. */ { 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b }; #endif #ifdef WOLFSSL_AES_192 const byte tag2[] = /* Known */ { 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 }; #endif const byte tag3[] = /* Known */ { 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 }; #ifdef WOLFSSL_AES_128 const byte iv[] = { 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, 0xe2, 0x8c, 0x8f, 0x16 }; #endif #ifdef WOLFSSL_AES_192 const byte iv2[] = { 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, 0x7e, 0x1a, 0x6f, 0xbc }; #endif const byte iv3[] = { 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, 0xc3, 0xfb, 0x6c, 0x8a }; byte tagOut[16]; byte tagOut2[24]; byte tagOut3[32]; /* Init stack variables. */ XMEMSET(tagOut, 0, sizeof(tagOut)); XMEMSET(tagOut2, 0, sizeof(tagOut2)); XMEMSET(tagOut3, 0, sizeof(tagOut3)); printf(testingFmt, "wc_GmacUpdate()"); ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)); if (ret == 0) { ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), tagOut, sizeof(tag1)); if (ret == 0) { ret = XMEMCMP(tag1, tagOut, sizeof(tag1)); } } #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { XMEMSET(&gmac, 0, sizeof(Gmac)); ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); } if (ret == 0) { ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2), tagOut2, sizeof(tag2)); } if (ret == 0) { ret = XMEMCMP(tagOut2, tag2, sizeof(tag2)); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { XMEMSET(&gmac, 0, sizeof(Gmac)); ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); } if (ret == 0) { ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3)); } if (ret == 0) { ret = XMEMCMP(tag3, tagOut3, sizeof(tag3)); } #endif /*Pass bad args. */ if (ret == 0) { ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3)); if (ret == BAD_FUNC_ARG) { ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3) - 5); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3) + 1); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&gmac.aes); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_GmacUpdate */ /* * testing wc_CamelliaSetKey */ static int test_wc_CamelliaSetKey (void) { int ret = 0; #ifdef HAVE_CAMELLIA Camellia camellia; /*128-bit key*/ static const byte key16[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; /* 192-bit key */ static const byte key24[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }; /* 256-bit key */ static const byte key32[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; static const byte iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; printf(testingFmt, "wc_CamelliaSetKey()"); ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv); if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), NULL); if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv); } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL); } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv); } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), NULL); } } /* Bad args. */ if (ret == 0) { ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv); if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* END bad args. */ #endif return ret; } /* END test_wc_CammeliaSetKey */ /* * Testing wc_CamelliaSetIV() */ static int test_wc_CamelliaSetIV (void) { int ret = 0; #ifdef HAVE_CAMELLIA Camellia camellia; static const byte iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; printf(testingFmt, "wc_CamelliaSetIV()"); ret = wc_CamelliaSetIV(&camellia, iv); if (ret == 0) { ret = wc_CamelliaSetIV(&camellia, NULL); } /* Bad args. */ if (ret == 0) { ret = wc_CamelliaSetIV(NULL, NULL); if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /*END test_wc_CamelliaSetIV*/ /* * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect */ static int test_wc_CamelliaEncryptDecryptDirect (void) { int ret = 0; #ifdef HAVE_CAMELLIA Camellia camellia; static const byte key24[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }; static const byte iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; static const byte plainT[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }; byte enc[sizeof(plainT)]; byte dec[sizeof(enc)]; int camE = WOLFSSL_FATAL_ERROR; int camD = WOLFSSL_FATAL_ERROR; /*Init stack variables.*/ XMEMSET(enc, 0, 16); XMEMSET(enc, 0, 16); ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv); if (ret == 0) { ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT); if (ret == 0) { ret = wc_CamelliaDecryptDirect(&camellia, dec, enc); if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) { ret = WOLFSSL_FATAL_ERROR; } } } printf(testingFmt, "wc_CamelliaEncryptDirect()"); /* Pass bad args. */ if (ret == 0) { camE = wc_CamelliaEncryptDirect(NULL, enc, plainT); if (camE == BAD_FUNC_ARG) { camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT); } if (camE == BAD_FUNC_ARG) { camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL); } if (camE == BAD_FUNC_ARG) { camE = 0; } else { camE = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, camE == 0 ? passed : failed); if (camE != 0) { return camE; } printf(testingFmt, "wc_CamelliaDecryptDirect()"); if (ret == 0) { camD = wc_CamelliaDecryptDirect(NULL, dec, enc); if (camD == BAD_FUNC_ARG) { camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc); } if (camD == BAD_FUNC_ARG) { camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL); } if (camD == BAD_FUNC_ARG) { camD = 0; } else { camD = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, camD == 0 ? passed : failed); if (camD != 0) { return camD; } #endif return ret; } /* END test-wc_CamelliaEncryptDecryptDirect */ /* * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt */ static int test_wc_CamelliaCbcEncryptDecrypt (void) { int ret = 0; #ifdef HAVE_CAMELLIA Camellia camellia; static const byte key24[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }; static const byte plainT[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }; byte enc[CAMELLIA_BLOCK_SIZE]; byte dec[CAMELLIA_BLOCK_SIZE]; int camCbcE = WOLFSSL_FATAL_ERROR; int camCbcD = WOLFSSL_FATAL_ERROR; /* Init stack variables. */ XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE); XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE); ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL); if (ret == 0) { ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL); if (ret == 0) { ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE); if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) { ret = WOLFSSL_FATAL_ERROR; } } } printf(testingFmt, "wc_CamelliaCbcEncrypt"); /* Pass in bad args. */ if (ret == 0) { camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE); if (camCbcE == BAD_FUNC_ARG) { camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT, CAMELLIA_BLOCK_SIZE); } if (camCbcE == BAD_FUNC_ARG) { camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL, CAMELLIA_BLOCK_SIZE); } if (camCbcE == BAD_FUNC_ARG) { camCbcE = 0; } else { camCbcE = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, camCbcE == 0 ? passed : failed); if (camCbcE != 0) { return camCbcE; } printf(testingFmt, "wc_CamelliaCbcDecrypt()"); if (ret == 0) { camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE); if (camCbcD == BAD_FUNC_ARG) { camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc, CAMELLIA_BLOCK_SIZE); } if (camCbcD == BAD_FUNC_ARG) { camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL, CAMELLIA_BLOCK_SIZE); } if (camCbcD == BAD_FUNC_ARG) { camCbcD = 0; } else { camCbcD = WOLFSSL_FATAL_ERROR; } } /* END bad args. */ printf(resultFmt, camCbcD == 0 ? passed : failed); if (camCbcD != 0) { return camCbcD; } #endif return ret; } /* END test_wc_CamelliaCbcEncryptDecrypt */ /* * Testing wc_RabbitSetKey() */ static int test_wc_RabbitSetKey (void) { int ret = 0; #ifndef NO_RABBIT Rabbit rabbit; const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B" "\xFE\x36\x3D\x2E\x29\x13\x28\x91"; const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3"; printf(testingFmt, "wc_RabbitSetKey()"); ret = wc_RabbitSetKey(&rabbit, (byte*)key, (byte*)iv); /* Test bad args. */ if (ret == 0) { ret = wc_RabbitSetKey(NULL, (byte*)key, (byte*)iv); if (ret == BAD_FUNC_ARG) { ret = wc_RabbitSetKey(&rabbit, NULL, (byte*)iv); } if (ret == BAD_FUNC_ARG) { ret = wc_RabbitSetKey(&rabbit, (byte*)key, NULL); } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RabbitSetKey */ /* * Test wc_RabbitProcess() */ static int test_wc_RabbitProcess (void) { int ret = 0; #if !defined(NO_RABBIT) && !defined(BIG_ENDIAN_ORDER) Rabbit enc, dec; byte cipher[25]; byte plain[25]; const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B" "\xFE\x36\x3D\x2E\x29\x13\x28\x91"; const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3"; const char* input = TEST_STRING; unsigned long int inlen = (unsigned long int)TEST_STRING_SZ; /* Initialize stack variables. */ XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(plain, 0, sizeof(plain)); printf(testingFmt, "wc_RabbitProcess()"); ret = wc_RabbitSetKey(&enc, (byte*)key, (byte*)iv); if (ret == 0) { ret = wc_RabbitSetKey(&dec, (byte*)key, (byte*)iv); } if (ret == 0) { ret = wc_RabbitProcess(&enc, cipher, (byte*)input, (word32)inlen); } if (ret == 0) { ret = wc_RabbitProcess(&dec, plain, cipher, (word32)inlen); if (ret != 0 || XMEMCMP(input, plain, inlen)) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* Test bad args. */ if (ret == 0) { ret = wc_RabbitProcess(NULL, plain, cipher, (word32)inlen); if (ret == BAD_FUNC_ARG) { ret = wc_RabbitProcess(&dec, NULL, cipher, (word32)inlen); } if (ret == BAD_FUNC_ARG) { ret = wc_RabbitProcess(&dec, plain, NULL, (word32)inlen); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RabbitProcess */ /* * Testing wc_Arc4SetKey() */ static int test_wc_Arc4SetKey (void) { int ret = 0; #ifndef NO_RC4 Arc4 arc; const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; int keyLen = 8; printf(testingFmt, "wc_Arch4SetKey()"); ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen); /* Test bad args. */ if (ret == 0) { ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen); if (ret == BAD_FUNC_ARG) ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */ if (ret == BAD_FUNC_ARG) ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */ if (ret == BAD_FUNC_ARG) ret = WOLFSSL_ERROR_NONE; else ret = WOLFSSL_FATAL_ERROR; } /* END test bad args. */ printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Arc4SetKey */ /* * Testing wc_Arc4Process for ENC/DEC. */ static int test_wc_Arc4Process (void) { int ret = 0; #ifndef NO_RC4 Arc4 enc, dec; const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; int keyLen = 8; const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; byte cipher[8]; byte plain[8]; /* Init stack variables */ XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(plain, 0, sizeof(plain)); /* Use for async. */ ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID); if (ret == 0) { ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID); } printf(testingFmt, "wc_Arc4Process()"); if (ret == 0) { ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen); } if (ret == 0) { ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen); } if (ret == 0) { ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen); } if (ret == 0) { ret = wc_Arc4Process(&dec, plain, cipher, keyLen); if (ret != 0 || XMEMCMP(plain, input, keyLen)) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* Bad args. */ if (ret == 0) { ret = wc_Arc4Process(NULL, plain, cipher, keyLen); if (ret == BAD_FUNC_ARG) { ret = wc_Arc4Process(&dec, NULL, cipher, keyLen); } if (ret == BAD_FUNC_ARG) { ret = wc_Arc4Process(&dec, plain, NULL, keyLen); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); wc_Arc4Free(&enc); wc_Arc4Free(&dec); #endif return ret; }/* END test_wc_Arc4Process */ /* * Testing wc_Init RsaKey() */ static int test_wc_InitRsaKey (void) { int ret = 0; #ifndef NO_RSA RsaKey key; printf(testingFmt, "wc_InitRsaKey()"); ret = wc_InitRsaKey(&key, NULL); /* Test bad args. */ if (ret == 0) { ret = wc_InitRsaKey(NULL, NULL); #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { ret = 0; } else { #else if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { #endif ret = WOLFSSL_FATAL_ERROR; } } /* end if */ if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_InitRsaKey */ /* * Testing wc_RsaPrivateKeyDecode() */ static int test_wc_RsaPrivateKeyDecode (void) { int ret = 0; #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\ || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS) RsaKey key; byte* tmp; word32 idx = 0; int bytes = 0; printf(testingFmt, "wc_RsaPrivateKeyDecode()"); tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey(&key, NULL); } if (ret == 0) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); bytes = sizeof_client_key_der_1024; #else XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); bytes = sizeof_client_key_der_2048; #endif /* Use cert buffers. */ ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); } #ifndef HAVE_USER_RSA /* Test bad args. */ if (ret == 0) { ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes); if (ret == BAD_FUNC_ARG) { ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Test bad args. User RSA. */ if (ret == 0) { ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (tmp != NULL) { XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPrivateKeyDecode */ /* * Testing wc_RsaPublicKeyDecode() */ static int test_wc_RsaPublicKeyDecode (void) { int ret = 0; #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\ || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS) RsaKey keyPub; byte* tmp; word32 idx = 0; int bytes = 0; word32 keySz = 0; word32 tstKeySz = 0; tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey(&keyPub, NULL); } if (ret == 0) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); bytes = sizeof_client_keypub_der_1024; keySz = 1024; #else XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); bytes = sizeof_client_keypub_der_2048; keySz = 2048; #endif printf(testingFmt, "wc_RsaPublicKeyDecode()"); ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes); } #ifndef HAVE_USER_RSA /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes); if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRsaKey(&keyPub) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Test for getting modulus key size */ idx = 0; ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL, &tstKeySz, NULL, NULL); ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR; } if (tmp != NULL) { XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPublicKeyDecode */ /* * Testing wc_RsaPublicKeyDecodeRaw() */ static int test_wc_RsaPublicKeyDecodeRaw (void) { int ret = 0; #if !defined(NO_RSA) RsaKey key; const byte n = 0x23; const byte e = 0x03; int nSz = sizeof(n); int eSz = sizeof(e); printf(testingFmt, "wc_RsaPublicKeyDecodeRaw()"); ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key); } #ifndef HAVE_USER_RSA /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass in bad args. User RSA. */ if (ret == 0) { ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPublicKeyDecodeRaw */ #if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN) /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps * trying until it gets a probable prime. */ #ifdef HAVE_FIPS static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng) { int ret; for (;;) { ret = wc_MakeRsaKey(key, size, e, rng); if (ret != PRIME_GEN_E) break; printf("MakeRsaKey couldn't find prime; trying again.\n"); } return ret; } #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d) #else #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d) #endif #endif /* * Testing wc_MakeRsaKey() */ static int test_wc_MakeRsaKey (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey genKey; WC_RNG rng; #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; #else int bits = 2048; #endif printf(testingFmt, "wc_MakeRsaKey()"); ret = wc_InitRsaKey(&genKey, NULL); if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng); if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } #ifndef HAVE_USER_RSA /* Test bad args. */ if (ret == 0) { ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng); if (ret == BAD_FUNC_ARG) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL); } if (ret == BAD_FUNC_ARG) { /* e < 3 */ ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng); } if (ret == BAD_FUNC_ARG) { /* e & 1 == 0 */ ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Test bad args. */ if (ret == 0) { ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng); if (ret == USER_CRYPTO_ERROR) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL); } if (ret == USER_CRYPTO_ERROR) { /* e < 3 */ ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng); } if (ret == USER_CRYPTO_ERROR) { /* e & 1 == 0 */ ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_MakeRsaKey */ /* * Test the bounds checking on the cipher text versus the key modulus. * 1. Make a new RSA key. * 2. Set c to 1. * 3. Decrypt c into k. (error) * 4. Copy the key modulus to c and sub 1 from the copy. * 5. Decrypt c into k. (error) * Valid bounds test cases are covered by all the other RSA tests. */ static int test_RsaDecryptBoundsCheck(void) { int ret = 0; #if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \ (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \ defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK) RsaKey key; byte flatC[256]; word32 flatCSz; byte out[256]; word32 outSz = sizeof(out); WC_RNG rng; printf(testingFmt, "RSA decrypt bounds check"); XMEMSET(&rng, 0, sizeof(rng)); ret = wc_InitRng(&rng); if (ret == 0) ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { const byte* derKey; word32 derKeySz; word32 idx = 0; #ifdef USE_CERT_BUFFERS_1024 derKey = server_key_der_1024; derKeySz = (word32)sizeof_server_key_der_1024; flatCSz = 128; #else derKey = server_key_der_2048; derKeySz = (word32)sizeof_server_key_der_2048; flatCSz = 256; #endif ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz); } if (ret == 0) { XMEMSET(flatC, 0, flatCSz); flatC[flatCSz-1] = 1; ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key, RSA_PRIVATE_DECRYPT, &rng); } if (ret == RSA_OUT_OF_RANGE_E) { mp_int c; mp_init_copy(&c, &key.n); mp_sub_d(&c, 1, &c); mp_to_unsigned_bin(&c, flatC); ret = wc_RsaDirect(flatC, sizeof(flatC), out, &outSz, &key, RSA_PRIVATE_DECRYPT, NULL); mp_clear(&c); } if (ret == RSA_OUT_OF_RANGE_E) ret = 0; if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0) ret = WOLFSSL_FATAL_ERROR; printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaDecryptBoundsCheck */ /* * Testing wc_SetKeyUsage() */ static int test_wc_SetKeyUsage (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS) Cert myCert; ret = wc_InitCert(&myCert); printf(testingFmt, "wc_SetKeyUsage()"); if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement"); if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation"); } if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly"); } if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "decipherOnly"); } if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"); } } /* Test bad args. */ if (ret == 0) { ret = wc_SetKeyUsage(NULL, "decipherOnly"); if (ret == BAD_FUNC_ARG) { ret = wc_SetKeyUsage(&myCert, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_SetKeyUsage(&myCert, ""); } if (ret == KEYUSAGE_E) { ret = wc_SetKeyUsage(&myCert, ","); } if (ret == KEYUSAGE_E) { ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"); } if (ret == KEYUSAGE_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_SetKeyUsage */ /* * Testing wc_CheckProbablePrime() */ static int test_wc_CheckProbablePrime (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) #define CHECK_PROBABLE_PRIME_KEY_BITS 2048 RsaKey key; WC_RNG rng; byte e[3]; word32 eSz = (word32)sizeof(e); byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8]; word32 nSz = (word32)sizeof(n); byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8]; word32 dSz = (word32)sizeof(d); byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2]; word32 pSz = (word32)sizeof(p); byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2]; word32 qSz = (word32)sizeof(q); int nlen = CHECK_PROBABLE_PRIME_KEY_BITS; int* isPrime; int test[5]; isPrime = test; printf(testingFmt, "wc_CheckProbablePrime()"); ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, WC_RSA_EXPONENT, &rng); } if (ret == 0) { PRIVATE_KEY_UNLOCK(); ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); PRIVATE_KEY_LOCK(); } /* Bad cases */ if (ret == 0) { ret = wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime); } wc_FreeRsaKey(&key); wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #undef CHECK_PROBABLE_PRIME_KEY_BITS #endif return ret; } /* END test_wc_CheckProbablePrime */ /* * Testing wc_RsaPSS_Verify() */ static int test_wc_RsaPSS_Verify (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) RsaKey key; WC_RNG rng; int sz = 256; byte* pt; const char* szMessage = "This is the string to be signed"; unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ unsigned char pDecrypted[2048/8]; word32 outLen = sizeof(pDecrypted); pt = pDecrypted; printf(testingFmt, "wc_RsaPSS_Verify()"); ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng); } if (ret == 0) { ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1, pSignature, sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if (ret > 0 ){ sz = ret; ret = 0; } } /* Bad cases */ if (ret == 0) { ret = wc_RsaPSS_Verify(NULL, sz, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_Verify(pSignature, 0, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_Verify(pSignature, sz, NULL, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_Verify(NULL, 0, NULL, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret > 0) { ret = 0; } } wc_FreeRsaKey(&key); wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPSS_Verify */ /* * Testing wc_RsaPSS_VerifyCheck() */ static int test_wc_RsaPSS_VerifyCheck (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) RsaKey key; WC_RNG rng; int sz = 256; /* 2048/8 */ byte* pt; byte digest[32]; word32 digestSz; unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ word32 pSignatureSz = sizeof(pSignature); unsigned char pDecrypted[2048/8]; word32 outLen = sizeof(pDecrypted); pt = pDecrypted; printf(testingFmt, "wc_RsaPSS_VerifyCheck()"); XMEMSET(digest, 0, sizeof(digest)); XMEMSET(pSignature, 0, sizeof(pSignature)); ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng); } if (ret == 0) { digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256); ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz); } if (ret == 0) { ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if (ret > 0 ){ sz = ret; ret = 0; } } /* Bad cases */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret > 0) { ret = 0; } } wc_FreeRsaKey(&key); wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPSS_VerifyCheck */ /* * Testing wc_RsaPSS_VerifyCheckInline() */ static int test_wc_RsaPSS_VerifyCheckInline (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) RsaKey key; WC_RNG rng; int sz = 256; byte* pt; byte digest[32]; word32 digestSz; unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ unsigned char pDecrypted[2048/8]; pt = pDecrypted; printf(testingFmt, "wc_RsaPSS_VerifyCheckInline()"); ret = wc_InitRsaKey(&key, NULL); XMEMSET(digest, 0, sizeof(digest)); XMEMSET(pSignature, 0, sizeof(pSignature)); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng); } if (ret == 0) { digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256); ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz); } if (ret == 0) { ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if (ret > 0 ){ sz = ret; ret = 0; } } /* Bad Cases */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret > 0) { ret = 0; } } wc_FreeRsaKey(&key); wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPSS_VerifyCheckInline */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) static void sample_mutex_cb (int flag, int type, const char* file, int line) { (void)flag; (void)type; (void)file; (void)line; } #endif /* * Testing wc_LockMutex_ex */ static int test_wc_LockMutex_ex (void) { int ret = 0; #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) int flag = CRYPTO_LOCK; int type = 0; const char* file = "./test-LockMutex_ex.txt"; int line = 0; printf(testingFmt, "wc_LockMutex_ex()"); /*without SetMutexCb*/ ret = wc_LockMutex_ex(flag, type, file, line); if (ret == BAD_STATE_E) { ret = 0; } /*with SetMutexCb*/ if (ret == 0) { ret = wc_SetMutexCb(sample_mutex_cb); if (ret == 0) { ret = wc_LockMutex_ex(flag, type, file, line); } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/*End test_wc_LockMutex_ex*/ /* * Testing wc_SetMutexCb */ static int test_wc_SetMutexCb (void) { int ret = 0; #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) printf(testingFmt, "wc_SetMutexCb()"); ret = wc_SetMutexCb(sample_mutex_cb); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/*End test_wc_SetMutexCb*/ /* * Testing wc_RsaKeyToDer() */ static int test_wc_RsaKeyToDer (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey genKey; WC_RNG rng; byte* der; #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; word32 derSz = 611; /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00) + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */ #else int bits = 2048; word32 derSz = 1196; /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00) + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */ #endif XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&genKey, 0, sizeof(genKey)); der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = WOLFSSL_FATAL_ERROR; } /* Init structures. */ if (ret == 0) { ret = wc_InitRsaKey(&genKey, NULL); } if (ret == 0) { ret = wc_InitRng(&rng); } /* Make key. */ if (ret == 0) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(testingFmt, "wc_RsaKeyToDer()"); if (ret == 0) { ret = wc_RsaKeyToDer(&genKey, der, derSz); if (ret > 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_USER_RSA /* Pass good/bad args. */ if (ret == 0) { ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF); if (ret == BAD_FUNC_ARG) { /* Get just the output length */ ret = wc_RsaKeyToDer(&genKey, NULL, 0); } if (ret > 0) { /* Try Public Key. */ genKey.type = 0; ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass good/bad args. */ if (ret == 0) { ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF); if (ret == USER_CRYPTO_ERROR) { /* Get just the output length */ ret = wc_RsaKeyToDer(&genKey, NULL, 0); } if (ret > 0) { /* Try Public Key. */ genKey.type = 0; ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (der != NULL) { XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (wc_FreeRsaKey(&genKey) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaKeyToDer */ /* * Testing wc_RsaKeyToPublicDer() */ static int test_wc_RsaKeyToPublicDer (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; byte* der; #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; word32 derLen = 162; #else int bits = 2048; word32 derLen = 294; #endif XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey(&key, NULL); } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } printf(testingFmt, "wc_RsaKeyToPublicDer()"); if (ret == 0) { /* test getting size only */ ret = wc_RsaKeyToPublicDer(&key, NULL, derLen); if (ret >= 0) ret = 0; } if (ret == 0) { ret = wc_RsaKeyToPublicDer(&key, der, derLen); if (ret >= 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* test getting size only */ ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0); if (ret >= 0) ret = 0; } if (ret == 0) { ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0); if (ret >= 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_USER_RSA /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaKeyToPublicDer(NULL, der, derLen); if (ret == BAD_FUNC_ARG) { ret = wc_RsaKeyToPublicDer(&key, der, -1); } if (ret == BUFFER_E || ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaKeyToPublicDer(NULL, der, derLen); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaKeyToPublicDer(&key, der, -1); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (der != NULL) { XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaKeyToPublicDer */ /* * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt() */ static int test_wc_RsaPublicEncryptDecrypt (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; const char inStr[] = TEST_STRING; const word32 plainLen = (word32)TEST_STRING_SZ; const word32 inLen = (word32)TEST_STRING_SZ; int bits = TEST_RSA_BITS; const word32 cipherLen = TEST_RSA_BYTES; word32 cipherLenResult = cipherLen; DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL); #ifdef DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || plain == NULL || cipher == NULL) { printf("test_wc_RsaPublicEncryptDecrypt malloc failed\n"); return MEMORY_E; } #endif XMEMCPY(in, inStr, inLen); ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } /* Encrypt. */ printf(testingFmt, "wc_RsaPublicEncrypt()"); if (ret == 0) { ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng); if (ret >= 0) { cipherLenResult = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ /* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/ printf(resultFmt, ret == 0 ? passed : failed); if (ret != 0) { return ret; } /* Decrypt */ printf(testingFmt, "wc_RsaPrivateDecrypt()"); #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) /* Bind rng */ if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } #endif if (ret == 0) { ret = wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, &key); } if (ret >= 0) { ret = XMEMCMP(plain, inStr, plainLen); } /* Pass in bad args. */ /* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/ FREE_VAR(in, NULL); FREE_VAR(plain, NULL); FREE_VAR(cipher, NULL); if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPublicEncryptDecrypt */ /* * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex() */ static int test_wc_RsaPublicEncryptDecrypt_ex (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\ && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\ && !defined(NO_SHA) RsaKey key; WC_RNG rng; const char inStr[] = TEST_STRING; const word32 inLen = (word32)TEST_STRING_SZ; const word32 plainSz = (word32)TEST_STRING_SZ; byte* res = NULL; int idx = 0; int bits = TEST_RSA_BITS; const word32 cipherSz = TEST_RSA_BYTES; DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL); #ifdef DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || plain == NULL || cipher == NULL) { printf("test_wc_RsaPublicEncryptDecrypt_exmalloc failed\n"); return MEMORY_E; } #endif XMEMCPY(in, inStr, inLen); /* Initialize stack structures. */ XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } /* Encrypt */ printf(testingFmt, "wc_RsaPublicEncrypt_ex()"); if (ret == 0) { ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret >= 0) { idx = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /*Pass bad args.*/ /* Tests RsaPublicEncryptEx again. No need duplicate. */ printf(resultFmt, ret == 0 ? passed : failed); if (ret != 0) { return ret; } #ifndef WOLFSSL_RSA_PUBLIC_ONLY /* Decrypt */ printf(testingFmt, "wc_RsaPrivateDecrypt_ex()"); #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } #endif if (ret == 0) { ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); } if (ret >= 0) { if (!XMEMCMP(plain, inStr, plainSz)) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /*Pass bad args.*/ /* Tests RsaPrivateDecryptEx() again. No need duplicate. */ printf(resultFmt, ret == 0 ? passed : failed); if (ret != 0) { return ret; } printf(testingFmt, "wc_RsaPrivateDecryptInline_ex()"); if (ret == 0) { ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret >= 0) { if (!XMEMCMP(inStr, res, plainSz)) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } } #endif FREE_VAR(in, NULL); FREE_VAR(plain, NULL); FREE_VAR(cipher, NULL); if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaPublicEncryptDecrypt_ex */ /* * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify() */ static int test_wc_RsaSSL_SignVerify (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; const char inStr[] = TEST_STRING; const word32 plainSz = (word32)TEST_STRING_SZ; const word32 inLen = (word32)TEST_STRING_SZ; word32 idx = 0; int bits = TEST_RSA_BITS; const word32 outSz = TEST_RSA_BYTES; DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL); DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); #ifdef DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || out == NULL || plain == NULL) { printf("test_wc_RsaSSL_SignVerify failed\n"); return MEMORY_E; } #endif XMEMCPY(in, inStr, inLen); ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } /* Sign. */ printf(testingFmt, "wc_RsaSSL_Sign()"); if (ret == 0) { ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng); if (ret == (int)outSz) { idx = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_USER_RSA /* Test bad args. */ if (ret == 0) { ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng); if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Test bad args. */ if (ret == 0) { ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif printf(resultFmt, ret == 0 ? passed : failed); if (ret != 0) { return ret; } /* Verify. */ printf(testingFmt, "wc_RsaSSL_Verify()"); if (ret == 0) { ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key); if (ret == (int)inLen) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_USER_RSA /* Pass bad args. */ if (ret == 0) { ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass bad args. */ if (ret == 0) { ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif FREE_VAR(in, NULL); FREE_VAR(out, NULL); FREE_VAR(plain, NULL); if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaSSL_SignVerify */ /* * Testing wc_RsaEncryptSize() */ static int test_wc_RsaEncryptSize (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_InitRng(&rng); } printf(testingFmt, "wc_RsaEncryptSize()"); #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) if (ret == 0) { ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng); if (ret == 0) { ret = wc_RsaEncryptSize(&key); } if (ret == 128) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } #endif if (ret == 0) { ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng); if (ret == 0) { ret = wc_RsaEncryptSize(&key); } if (ret == 256) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /* Pass in bad arg. */ if (ret == 0) { ret = wc_RsaEncryptSize(NULL); #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } #endif } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaEncryptSize*/ /* * Testing wc_RsaFlattenPublicKey() */ static int test_wc_RsaFlattenPublicKey (void) { int ret = 0; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; byte e[256]; byte n[256]; word32 eSz = sizeof(e); word32 nSz = sizeof(n); #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; #else int bits = 2048; #endif ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); if (ret >= 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(testingFmt, "wc_RsaFlattenPublicKey()"); if (ret == 0) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz); } #ifndef HAVE_USER_RSA /* Pass bad args. */ if (ret == 0) { ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass bad args. */ if (ret == 0) { ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_RsaFlattenPublicKey */ /* * unit test for wc_AesCcmSetKey */ static int test_wc_AesCcmSetKey (void) { int ret = 0; #ifdef HAVE_AESCCM Aes aes; const byte key16[] = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf }; const byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; const byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; printf(testingFmt, "wc_AesCcmSetKey()"); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16)); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24)); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32)); } #endif /* Test bad args. */ if (ret == 0) { ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1); if (ret == BAD_FUNC_ARG) { ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } wc_AesFree(&aes); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_AesCcmSetKey */ /* * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt */ static int test_wc_AesCcmEncryptDecrypt (void) { int ret = 0; #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) Aes aes; const byte key16[] = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf }; /* plaintext */ const byte plainT[] = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e }; /* nonce */ const byte iv[] = { 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 }; const byte c[] = /* cipher text. */ { 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 }; const byte t[] = /* Auth tag */ { 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 }; const byte authIn[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; byte cipherOut[sizeof(plainT)]; byte authTag[sizeof(t)]; int ccmE = WOLFSSL_FATAL_ERROR; #ifdef HAVE_AES_DECRYPT int ccmD = WOLFSSL_FATAL_ERROR; byte plainOut[sizeof(cipherOut)]; #endif ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16)); if (ret == 0) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) || XMEMCMP(t, authTag, sizeof(t))) { ccmE = WOLFSSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR; } #ifdef HAVE_AES_DECRYPT if (ret == 0) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) { ccmD = WOLFSSL_FATAL_ERROR; } } #endif } printf(testingFmt, "wc_AesCcmEncrypt()"); /* Pass in bad args. Encrypt*/ if (ret == 0 && ccmE == 0) { ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE != BAD_FUNC_ARG) { ccmE = WOLFSSL_FATAL_ERROR; } else { ccmE = 0; } } /* End Encrypt */ printf(resultFmt, ccmE == 0 ? passed : failed); if (ccmE != 0) { wc_AesFree(&aes); return ccmE; } #ifdef HAVE_AES_DECRYPT printf(testingFmt, "wc_AesCcmDecrypt()"); /* Pass in bad args. Decrypt*/ if (ret == 0 && ccmD == 0) { ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD != BAD_FUNC_ARG) { ccmD = WOLFSSL_FATAL_ERROR; } else { ccmD = 0; } } /* END Decrypt */ printf(resultFmt, ccmD == 0 ? passed : failed); if (ccmD != 0) { return ccmD; } #endif wc_AesFree(&aes); #endif /* HAVE_AESCCM */ return ret; } /* END test_wc_AesCcmEncryptDecrypt */ /* * Test wc_Hc128_SetKey() */ static int test_wc_Hc128_SetKey (void) { int ret = 0; #ifdef HAVE_HC128 HC128 ctx; const char* key = "\x80\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00"; const char* iv = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE" "\x45\xAC\x13\x7A\xE1\x48\xAF\x16"; printf(testingFmt, "wc_Hc128_SetKey()"); ret = wc_Hc128_SetKey(&ctx, (byte*)key, (byte*)iv); /* Test bad args. */ if (ret == 0) { ret = wc_Hc128_SetKey(NULL, (byte*)key, (byte*)iv); if (ret == BAD_FUNC_ARG) { ret = wc_Hc128_SetKey(&ctx, NULL, (byte*)iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Hc128_SetKey(&ctx, (byte*)key, NULL); } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Hc128_SetKey */ /* * Testing wc_Hc128_Process() */ static int test_wc_Hc128_Process (void) { int ret = 0; #ifdef HAVE_HC128 HC128 enc; HC128 dec; const char* key = "\x0F\x62\xB5\x08\x5B\xAE\x01\x54" "\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"; const char* input = "Encrypt Hc128, and then Decrypt."; size_t inlen = XSTRLEN(input) + 1; /* Add null terminator */ byte cipher[inlen]; byte plain[inlen]; printf(testingFmt, "wc_Hc128_Process()"); ret = wc_Hc128_SetKey(&enc, (byte*)key, NULL); if (ret == 0) { ret = wc_Hc128_SetKey(&dec, (byte*)key, NULL); } if (ret == 0) { ret = wc_Hc128_Process(&enc, cipher, (byte*)input, (word32)inlen); if (ret == 0) { ret = wc_Hc128_Process(&dec, plain, cipher, (word32)inlen); } } /* Bad args. */ if (ret == 0) { ret = wc_Hc128_Process(NULL, plain, cipher, (word32)inlen); if (ret == BAD_FUNC_ARG) { ret = wc_Hc128_Process(&dec, NULL, cipher, (word32)inlen); } if (ret == BAD_FUNC_ARG) { ret = wc_Hc128_Process(&dec, plain, NULL, (word32)inlen); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_Hc128_Process */ /* * Testing wc_InitDsaKey() */ static int test_wc_InitDsaKey (void) { int ret = 0; #ifndef NO_DSA DsaKey key; printf(testingFmt, "wc_InitDsaKey()"); ret = wc_InitDsaKey(&key); /* Pass in bad args. */ if (ret == 0) { ret = wc_InitDsaKey(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&key); #endif return ret; } /* END test_wc_InitDsaKey */ /* * Testing wc_DsaSign() and wc_DsaVerify() */ static int test_wc_DsaSignVerify (void) { int ret = 0; #if !defined(NO_DSA) DsaKey key; WC_RNG rng; wc_Sha sha; byte signature[DSA_SIG_SIZE]; byte hash[WC_SHA_DIGEST_SIZE]; word32 idx = 0; word32 bytes; int answer; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ ret = wc_InitSha(&sha); if (ret == 0) { ret = wc_ShaUpdate(&sha, tmp, bytes); if (ret == 0) { ret = wc_ShaFinal(&sha, hash); } if (ret == 0) { ret = wc_InitDsaKey(&key); } if (ret == 0) { ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); } if (ret == 0) { ret = wc_InitRng(&rng); } } printf(testingFmt, "wc_DsaSign()"); /* Sign. */ if (ret == 0) { ret = wc_DsaSign(hash, signature, &key, &rng); } /* Test bad args. */ if (ret == 0) { ret = wc_DsaSign(NULL, signature, &key, &rng); if (ret == BAD_FUNC_ARG) { ret = wc_DsaSign(hash, NULL, &key, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaSign(hash, signature, NULL, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaSign(hash, signature, &key, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (ret != 0) { return ret; } /* Verify. */ printf(testingFmt, "wc_DsaVerify()"); ret = wc_DsaVerify(hash, signature, &key, &answer); if (ret != 0 || answer != 1) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } /* Pass in bad args. */ if (ret == 0) { ret = wc_DsaVerify(NULL, signature, &key, &answer); if (ret == BAD_FUNC_ARG) { ret = wc_DsaVerify(hash, NULL, &key, &answer); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaVerify(hash, signature, NULL, &answer); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaVerify(hash, signature, &key, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP) /* hard set q to 0 and test fail case */ mp_free(&key.q); mp_init(&key.q); AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG); mp_set_int(&key.q, 1); AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG); #endif if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&key); wc_ShaFree(&sha); #endif return ret; } /* END test_wc_DsaSign */ /* * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode() */ static int test_wc_DsaPublicPrivateKeyDecode (void) { int ret = 0; #if !defined(NO_DSA) DsaKey key; word32 bytes; word32 idx = 0; int priv = WOLFSSL_FATAL_ERROR; int pub = WOLFSSL_FATAL_ERROR; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ ret = wc_InitDsaKey(&key); printf(testingFmt, "wc_DsaPrivateKeyDecode()"); if (ret == 0) { priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); /* Test bad args. */ if (priv == 0) { priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes); if (priv == BAD_FUNC_ARG) { priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes); } if (priv == BAD_FUNC_ARG) { priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes); } if (priv == BAD_FUNC_ARG) { priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); } if (priv == ASN_PARSE_E) { priv = 0; } else { priv = WOLFSSL_FATAL_ERROR; } } wc_FreeDsaKey(&key); ret = wc_InitDsaKey(&key); } printf(resultFmt, priv == 0 ? passed : failed); printf(testingFmt, "wc_DsaPublicKeyDecode()"); if (ret == 0) { idx = 0; /* Reset */ pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes); /* Test bad args. */ if (pub == 0) { pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes); if (pub == BAD_FUNC_ARG) { pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes); } if (pub == BAD_FUNC_ARG) { pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes); } if (pub == BAD_FUNC_ARG) { pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes); } if (pub == ASN_PARSE_E) { pub = 0; } else { pub = WOLFSSL_FATAL_ERROR; } } } /* END Public Key */ printf(resultFmt, pub == 0 ? passed : failed); wc_FreeDsaKey(&key); #endif return ret; } /* END test_wc_DsaPublicPrivateKeyDecode */ /* * Testing wc_MakeDsaKey() and wc_MakeDsaParameters() */ static int test_wc_MakeDsaKey (void) { int ret = 0; #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey genKey; WC_RNG rng; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&genKey, 0, sizeof(genKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_InitDsaKey(&genKey); } printf(testingFmt, "wc_MakeDsaParameters()"); if (ret == 0) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey); } /* Test bad args. */ if (ret == 0) { ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey); if (ret == BAD_FUNC_ARG) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_MakeDsaKey()"); if (ret == 0) { ret = wc_MakeDsaKey(&rng, &genKey); } /* Test bad args. */ if (ret == 0) { ret = wc_MakeDsaKey(NULL, &genKey); if (ret == BAD_FUNC_ARG) { ret = wc_MakeDsaKey(&rng, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FAILURE; } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&genKey); #endif return ret; } /* END test_wc_MakeDsaKey */ /* * Testing wc_DsaKeyToDer() */ static int test_wc_DsaKeyToDer (void) { int ret = 0; #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey genKey; WC_RNG rng; word32 bytes; word32 idx = 0; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; byte der[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMSET(der, 0, sizeof(der)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; byte der[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMSET(der, 0, sizeof(der)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; byte der[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMSET(der, 0, sizeof(der)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&genKey, 0, sizeof(genKey)); #endif ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_InitDsaKey(&genKey); } if (ret == 0) { ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey); if (ret == 0) { wc_FreeDsaKey(&genKey); ret = wc_InitDsaKey(&genKey); } } if (ret == 0) { ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes); } printf(testingFmt, "wc_DsaKeyToDer()"); if (ret == 0) { ret = wc_DsaKeyToDer(&genKey, der, bytes); if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) { ret = 0; } } /* Test bad args. */ if (ret == 0) { ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF); if (ret == BAD_FUNC_ARG) { ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&genKey); #endif return ret; } /* END test_wc_DsaKeyToDer */ /* * Testing wc_DsaKeyToPublicDer() * (indirectly testing setDsaPublicKey()) */ static int test_wc_DsaKeyToPublicDer(void) { int ret = 0; #ifndef HAVE_SELFTEST #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey genKey; WC_RNG rng; byte* der; word32 sz; printf(testingFmt, "wc_DsaKeyToPublicDer()"); der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitDsaKey(&genKey); } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey); } if (ret == 0) { ret = wc_MakeDsaKey(&rng, &genKey); } if (ret == 0) { ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF); if (ret >= 0) { sz = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { word32 idx = 0; ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz); } /* Test bad args. */ if (ret == 0) { ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF); if (ret == BAD_FUNC_ARG) { ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); XFREE(der,NULL,DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); #endif /* !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) */ #endif /* HAVE_SELFTEST */ return ret; } /* END test_wc_DsaKeyToPublicDer */ /* * Testing wc_DsaImportParamsRaw() */ static int test_wc_DsaImportParamsRaw (void) { int ret = 0; #if !defined(NO_DSA) DsaKey key; /* [mod = L=1024, N=160], from CAVP KeyPair */ const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" "47123188f8dc551054ee162b634d60f097f719076640e209" "80a0093113a8bd73"; const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" "76341a7e7d9"; /* invalid p and q parameters */ const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"; const char* invalidQ = "96c5390a"; printf(testingFmt, "wc_DsaImportParamsRaw()"); ret = wc_InitDsaKey(&key); if (ret == 0) { ret = wc_DsaImportParamsRaw(&key, p, q, g); } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaImportParamsRaw(NULL, p, q, g); if (ret == BAD_FUNC_ARG) { /* null param pointers */ ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL); } if (ret == BAD_FUNC_ARG) { /* illegal p length */ ret = wc_DsaImportParamsRaw(&key, invalidP, q, g); } if (ret == BAD_FUNC_ARG) { /* illegal q length */ ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g); if (ret == BAD_FUNC_ARG) ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&key); #endif return ret; } /* END test_wc_DsaImportParamsRaw */ /* * Testing wc_DsaImportParamsRawCheck() */ static int test_wc_DsaImportParamsRawCheck (void) { int ret = 0; #if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) DsaKey key; int trusted = 0; /* [mod = L=1024, N=160], from CAVP KeyPair */ const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" "47123188f8dc551054ee162b634d60f097f719076640e209" "80a0093113a8bd73"; const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" "76341a7e7d9"; /* invalid p and q parameters */ const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"; const char* invalidQ = "96c5390a"; printf(testingFmt, "wc_DsaImportParamsRawCheck()"); ret = wc_InitDsaKey(&key); if (ret == 0) { ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL); } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL); if (ret == BAD_FUNC_ARG) { /* null param pointers */ ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL); } if (ret == BAD_FUNC_ARG) { /* illegal p length */ ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL); } if (ret == BAD_FUNC_ARG) { /* illegal q length */ ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL); if (ret == BAD_FUNC_ARG) ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&key); #endif return ret; } /* END test_wc_DsaImportParamsRawCheck */ /* * Testing wc_DsaExportParamsRaw() */ static int test_wc_DsaExportParamsRaw (void) { int ret = 0; #if !defined(NO_DSA) DsaKey key; /* [mod = L=1024, N=160], from CAVP KeyPair */ const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" "47123188f8dc551054ee162b634d60f097f719076640e209" "80a0093113a8bd73"; const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" "76341a7e7d9"; const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f" "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d" "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a" "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c" "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5" "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6" "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89" "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71" "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b" "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09" "\x80\xa0\x09\x31\x13\xa8\xbd\x73"; const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0" "\xea\x19\x4a\x3e\xc9\x35\xa2\x81"; const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f" "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82" "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45" "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3" "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd" "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba" "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e" "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f" "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43" "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f" "\x17\xfc\x07\x63\x41\xa7\xe7\xd9"; byte pOut[MAX_DSA_PARAM_SIZE]; byte qOut[MAX_DSA_PARAM_SIZE]; byte gOut[MAX_DSA_PARAM_SIZE]; word32 pOutSz, qOutSz, gOutSz; printf(testingFmt, "wc_DsaExportParamsRaw()"); ret = wc_InitDsaKey(&key); if (ret == 0) { /* first test using imported raw parameters, for expected */ ret = wc_DsaImportParamsRaw(&key, p, q, g); } if (ret == 0) { pOutSz = sizeof(pOut); qOutSz = sizeof(qOut); gOutSz = sizeof(gOut); ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); } if (ret == 0) { /* validate exported parameters are correct */ if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) || (XMEMCMP(qOut, qCompare, qOutSz) != 0) || (XMEMCMP(gOut, gCompare, gOutSz) != 0) ) { ret = -1; } } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); if (ret == BAD_FUNC_ARG) { /* null output pointers */ ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL, &gOutSz); } if (ret == LENGTH_ONLY_E) { /* null output size pointers */ ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut, NULL); } if (ret == BAD_FUNC_ARG) { /* p output buffer size too small */ pOutSz = 1; ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); pOutSz = sizeof(pOut); } if (ret == BUFFER_E) { /* q output buffer size too small */ qOutSz = 1; ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); qOutSz = sizeof(qOut); } if (ret == BUFFER_E) { /* g output buffer size too small */ gOutSz = 1; ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); if (ret == BUFFER_E) ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&key); #endif return ret; } /* END test_wc_DsaExportParamsRaw */ /* * Testing wc_DsaExportKeyRaw() */ static int test_wc_DsaExportKeyRaw (void) { int ret = 0; #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey key; WC_RNG rng; byte xOut[MAX_DSA_PARAM_SIZE]; byte yOut[MAX_DSA_PARAM_SIZE]; word32 xOutSz, yOutSz; printf(testingFmt, "wc_DsaExportKeyRaw()"); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_InitDsaKey(&key); } if (ret == 0) { ret = wc_MakeDsaParameters(&rng, 1024, &key); if (ret == 0) { ret = wc_MakeDsaKey(&rng, &key); } } /* try successful export */ if (ret == 0) { xOutSz = sizeof(xOut); yOutSz = sizeof(yOut); ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz); } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz); if (ret == BAD_FUNC_ARG) { /* null output pointers */ ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz); } if (ret == LENGTH_ONLY_E) { /* null output size pointers */ ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL); } if (ret == BAD_FUNC_ARG) { /* x output buffer size too small */ xOutSz = 1; ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz); xOutSz = sizeof(xOut); } if (ret == BUFFER_E) { /* y output buffer size too small */ yOutSz = 1; ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz); if (ret == BUFFER_E) ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_FreeDsaKey(&key); wc_FreeRng(&rng); #endif return ret; } /* END test_wc_DsaExportParamsRaw */ /* * Testing wc_ed25519_make_key(). */ static int test_wc_ed25519_make_key (void) { int ret = 0; #if defined(HAVE_ED25519) ed25519_key key; WC_RNG rng; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&key); } printf(testingFmt, "wc_ed25519_make_key()"); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); } /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); #endif return ret; } /* END test_wc_ed25519_make_key */ /* * Testing wc_ed25519_init() */ static int test_wc_ed25519_init (void) { int ret = 0; #if defined(HAVE_ED25519) ed25519_key key; printf(testingFmt, "wc_ed25519_init()"); ret = wc_ed25519_init(&key); /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); wc_ed25519_free(&key); #endif return ret; } /* END test_wc_ed25519_init */ /* * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg() */ static int test_wc_ed25519_sign_msg (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN) WC_RNG rng; ed25519_key key; byte msg[] = "Everybody gets Friday off.\n"; byte sig[ED25519_SIG_SIZE]; word32 msglen = sizeof(msg); word32 siglen = sizeof(sig); word32 badSigLen = sizeof(sig) - 1; #ifdef HAVE_ED25519_VERIFY int verify_ok = 0; /*1 = Verify success.*/ #endif /* Initialize stack variables. */ XMEMSET(sig, 0, siglen); /* Initialize key. */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); } } printf(testingFmt, "wc_ed25519_sign_msg()"); if (ret == 0) { ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key); } /* Test bad args. */ if (ret == 0 && siglen == ED25519_SIG_SIZE) { ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key); } if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) { badSigLen -= 1; ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* END sign */ printf(resultFmt, ret == 0 ? passed : failed); #ifdef HAVE_ED25519_VERIFY printf(testingFmt, "wc_ed25519_verify_msg()"); if (ret == 0) { ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key); if (ret == 0 && verify_ok == 1) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok, &key), BAD_FUNC_ARG); AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok, &key), BAD_FUNC_ARG); ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen, &verify_ok, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, NULL, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen, &verify_ok, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* END verify. */ printf(resultFmt, ret == 0 ? passed : failed); #endif /* Verify. */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); #endif return ret; } /* END test_wc_ed25519_sign_msg */ /* * Testing wc_ed25519_import_public() */ static int test_wc_ed25519_import_public (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) WC_RNG rng; ed25519_key pubKey; const byte in[] = "Ed25519PublicKeyUnitTest......\n"; word32 inlen = sizeof(in); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&pubKey); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey); } } printf(testingFmt, "wc_ed25519_import_public()"); if (ret == 0) { ret = wc_ed25519_import_public(in, inlen, &pubKey); if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_import_public(NULL, inlen, &pubKey); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_public(in, inlen, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_public(in, inlen - 1, &pubKey); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&pubKey); #endif return ret; } /* END wc_ed25519_import_public */ /* * Testing wc_ed25519_import_private_key() */ static int test_wc_ed25519_import_private_key (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) WC_RNG rng; ed25519_key key; const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n"; const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n"; word32 privKeySz = sizeof(privKey); word32 pubKeySz = sizeof(pubKey); #ifdef HAVE_ED25519_KEY_EXPORT byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; word32 bothKeysSz = sizeof(bothKeys); #endif ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); printf(testingFmt, "wc_ed25519_import_private_key()"); if (ret == 0) { ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey, pubKeySz, &key); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #ifdef HAVE_ED25519_KEY_EXPORT if (ret == 0) ret = wc_ed25519_export_private(&key, bothKeys, &bothKeysSz); if (ret == 0) { ret = wc_ed25519_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #endif /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey, pubKeySz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey, pubKeySz - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); #endif return ret; } /* END test_wc_ed25519_import_private_key */ /* * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only() */ static int test_wc_ed25519_export (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) WC_RNG rng; ed25519_key key; byte priv[ED25519_PRV_KEY_SIZE]; byte pub[ED25519_PUB_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); } printf(testingFmt, "wc_ed25519_export_public()"); if (ret == 0) { ret = wc_ed25519_export_public(&key, pub, &pubSz); if (ret == 0 && (pubSz != ED25519_KEY_SIZE || XMEMCMP(key.p, pub, pubSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed25519_export_public(NULL, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_public(&key, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_public(&key, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_ed25519_export_private_only()"); if (ret == 0) { ret = wc_ed25519_export_private_only(&key, priv, &privSz); if (ret == 0 && (privSz != ED25519_KEY_SIZE || XMEMCMP(key.k, priv, privSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed25519_export_private_only(NULL, priv, &privSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private_only(&key, NULL, &privSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private_only(&key, priv, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); #endif return ret; } /* END test_wc_ed25519_export */ /* * Testing wc_ed25519_size() */ static int test_wc_ed25519_size (void) { int ret = 0; #if defined(HAVE_ED25519) WC_RNG rng; ed25519_key key; ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed25519_free(&key); return ret; } printf(testingFmt, "wc_ed25519_size()"); ret = wc_ed25519_size(&key); /* Test bad args. */ if (ret == ED25519_KEY_SIZE) { ret = wc_ed25519_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_ed25519_sig_size()"); ret = wc_ed25519_sig_size(&key); if (ret == ED25519_SIG_SIZE) { ret = 0; } /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_sig_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed25519_sig_size() */ if (ret == 0) { printf(testingFmt, "wc_ed25519_pub_size"); ret = wc_ed25519_pub_size(&key); if (ret == ED25519_PUB_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed25519_pub_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed25519_pub_size */ if (ret == 0) { printf(testingFmt, "wc_ed25519_priv_size"); ret = wc_ed25519_priv_size(&key); if (ret == ED25519_PRV_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed25519_priv_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed25519_pub_size */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); #endif return ret; } /* END test_wc_ed25519_size */ /* * Testing wc_ed25519_export_private() and wc_ed25519_export_key() */ static int test_wc_ed25519_exportKey (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) WC_RNG rng; ed25519_key key; byte priv[ED25519_PRV_KEY_SIZE]; byte pub[ED25519_PUB_KEY_SIZE]; byte privOnly[ED25519_PRV_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); word32 privOnlySz = sizeof(privOnly); ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed25519_free(&key); return ret; } printf(testingFmt, "wc_ed25519_export_private()"); ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz); if (ret == 0) { ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private(&key, NULL, &privOnlySz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private(&key, privOnly, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_ed25519_export_key()"); ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz); if (ret == 0) { ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed25519_export_key() */ /* Cross check output. */ if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); #endif return ret; } /* END test_wc_ed25519_exportKey */ /* * Testing wc_Ed25519PublicKeyToDer */ static int test_wc_Ed25519PublicKeyToDer (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) int tmp; ed25519_key key; byte derBuf[1024]; printf(testingFmt, "wc_Ed25519PublicKeyToDer()"); /* Test bad args */ tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0); if (tmp != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { wc_ed25519_init(&key); tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0); if (tmp != BUFFER_E) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); } /* Test good args */ if (ret == 0) { WC_RNG rng; ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed25519_free(&key); return ret; } tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1); if (tmp <= 0) { ret = WOLFSSL_FATAL_ERROR; } wc_FreeRng(&rng); wc_ed25519_free(&key); } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END testing wc_Ed25519PublicKeyToDer */ /* * Testing wc_curve25519_init and wc_curve25519_free. */ static int test_wc_curve25519_init (void) { int ret = 0; #if defined(HAVE_CURVE25519) curve25519_key key; printf(testingFmt, "wc_curve25519_init()"); ret = wc_curve25519_init(&key); /* Test bad args for wc_curve25519_init */ if (ret == 0) { ret = wc_curve25519_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); /* Test good args for wc_curve_25519_free */ wc_curve25519_free(&key); wc_curve25519_free(NULL); #endif return ret; } /* END test_wc_curve25519_init and wc_curve_25519_free*/ /* * Testing test_wc_curve25519_size. */ static int test_wc_curve25519_size (void) { int ret = 0; #if defined(HAVE_CURVE25519) curve25519_key key; printf(testingFmt, "wc_curve25519_size()"); ret = wc_curve25519_init(&key); /* Test good args for wc_curve25519_size */ if (ret == 0) { ret = wc_curve25519_size(&key); } /* Test bad args for wc_curve25519_size */ if (ret != 0) { ret = wc_curve25519_size(NULL); } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&key); #endif return ret; } /* END test_wc_curve25519_size*/ /* * Testing test_wc_curve25519_export_key_raw(). */ static int test_wc_curve25519_export_key_raw (void) { #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) curve25519_key key; WC_RNG rng; byte privateKey[CURVE25519_KEYSIZE]; byte publicKey[CURVE25519_KEYSIZE]; word32 prvkSz; word32 pubkSz; byte prik[CURVE25519_KEYSIZE]; byte pubk[CURVE25519_KEYSIZE]; word32 prksz; word32 pbksz; printf(testingFmt, "wc_curve25519_export_key_raw()"); if(0 != wc_InitRng(&rng)){ printf(testingFmt, "failed due to wc_InitRng"); fflush( stdout ); return 1; } if(0 != wc_curve25519_init(&key)){ printf(testingFmt, "failed due to wc_curve25519_init"); fflush( stdout ); wc_FreeRng(&rng); return 1; } if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){ printf(testingFmt, "failed due to wc_curve25519_make_key"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* bad-argument-test cases target function sould return BAD_FUNC_ARG */ prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw( NULL , privateKey, &prvkSz, publicKey, &pubkSz)){ printf(testingFmt,"failed at bad-arg-case-1."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key , NULL, &prvkSz, publicKey, &pubkSz)){ printf(testingFmt,"failed at bad-arg-case-2."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key , privateKey, NULL, publicKey, &pubkSz)){ printf(testingFmt,"failed at bad-arg-case-3."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* prvkSz = CURVE25519_KEYSIZE; */ pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key , privateKey, &prvkSz, NULL, &pubkSz)){ printf(testingFmt,"failed at bad-arg-case-4."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key , privateKey, &prvkSz, publicKey, NULL )){ printf(testingFmt,"failed at bad-arg-case-5."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* cross-testing */ prksz = CURVE25519_KEYSIZE; if( 0 != wc_curve25519_export_private_raw(&key, prik, &prksz)){ printf(testingFmt,"failed due to wc_curve25519_export_private_raw"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } pbksz = CURVE25519_KEYSIZE; if(0 != wc_curve25519_export_public(&key, pubk, &pbksz)){ printf(testingFmt,"failed due to wc_curve25519_export_public"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ if(0 != wc_curve25519_export_key_raw(&key, privateKey, &prvkSz, publicKey, &pubkSz)){ printf(testingFmt,"failed due to wc_curve25519_export_key_raw"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } if((prksz == CURVE25519_KEYSIZE) && (pbksz == CURVE25519_KEYSIZE) && (prvkSz == CURVE25519_KEYSIZE) && (pubkSz == CURVE25519_KEYSIZE)){ if( 0 == XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) && 0 == XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE)){ printf(resultFmt,passed); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 0; } else{ printf(testingFmt,"failed due to key-contents-inconsistency."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } } else{ printf(testingFmt,"failed due to bad-key-size."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } #endif fflush( stdout ); return 0; } /* end of test_wc_curve25519_export_key_raw */ /* * Testing test_wc_curve25519_export_key_raw_ex(). */ static int test_wc_curve25519_export_key_raw_ex (void) { #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) curve25519_key key; WC_RNG rng; byte privateKey[CURVE25519_KEYSIZE]; byte publicKey[CURVE25519_KEYSIZE]; word32 prvkSz; word32 pubkSz; byte prik[CURVE25519_KEYSIZE]; byte pubk[CURVE25519_KEYSIZE]; word32 prksz; word32 pbksz; printf(testingFmt, "wc_curve25519_export_key_raw_ex()"); if(0 != wc_InitRng(&rng)){ printf(testingFmt, "failed due to wc_InitRng"); fflush( stdout ); return 1; } if(0 != wc_curve25519_init(&key)){ printf(testingFmt, "failed due to wc_curve25519_init"); fflush( stdout ); wc_FreeRng(&rng); return 1; } if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){ printf(testingFmt, "failed due to wc_curve25519_make_key"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* bad-argument-test cases target function sould return BAD_FUNC_ARG */ prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey, &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-1."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL, &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-2."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey, NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-3."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* prvkSz = CURVE25519_KEYSIZE; */ pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-4."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-5."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-6."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-7."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-8."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* prvkSz = CURVE25519_KEYSIZE; */ pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-9."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-10."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* illegal value for endien */ prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10 )){ printf(testingFmt,"failed at bad-arg-case-11."); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* cross-testing */ prksz = CURVE25519_KEYSIZE; if(0 != wc_curve25519_export_private_raw( &key, prik, &prksz )){ printf(testingFmt,"failed due to wc_curve25519_export_private_raw"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } pbksz = CURVE25519_KEYSIZE; if(0 != wc_curve25519_export_public( &key, pubk, &pbksz )){ printf(testingFmt,"failed due to wc_curve25519_export_public"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ if(0 != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)) { printf(testingFmt,"failed due to wc_curve25519_export_key_raw_ex"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } if( prksz == CURVE25519_KEYSIZE && pbksz == CURVE25519_KEYSIZE && prvkSz == CURVE25519_KEYSIZE && pubkSz == CURVE25519_KEYSIZE ){ if( 0 == XMEMCMP( privateKey, prik, CURVE25519_KEYSIZE ) && 0 == XMEMCMP( publicKey, pubk, CURVE25519_KEYSIZE )){ if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){ if( prvkSz == CURVE25519_KEYSIZE && pubkSz == CURVE25519_KEYSIZE ){ ; /* proceed to the next test */ } else{ printf(testingFmt,"failed due to key-size-inconsistency"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } } else{ printf(testingFmt, "failed due to wc_curve25519_export_key_raw_ex"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } } else{ printf(testingFmt,"failed due to key-contents-inconsistency"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } } else{ printf(testingFmt,"failed due to bad-key-size"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } /* try once with another endian */ prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ if( prvkSz == CURVE25519_KEYSIZE && pubkSz == CURVE25519_KEYSIZE ){ /* no more test*/ printf(resultFmt, passed ); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 0; } else{ printf(testingFmt,"failed due to key-size-inconsistency"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } } else{ printf(testingFmt, "failed due to wc_curve25519_export_key_raw_ex(BIGENDIAN)"); fflush( stdout ); wc_curve25519_free(&key); wc_FreeRng(&rng); return 1; } #else return 0; #endif } /* end of test_wc_curve25519_export_key_raw_ex */ /* * Testing wc_curve25519_make_key */ static int test_wc_curve25519_make_key (void) { int ret = 0; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key key; int keysize; printf(testingFmt, "wc_curve25519_make_key()"); ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { keysize = wc_curve25519_size(&key); if (keysize != CURVE25519_KEYSIZE) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_curve25519_make_key(&rng, keysize, &key); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_make_key(NULL, 0, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_key(&rng, keysize, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_key(NULL, keysize, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_key(&rng, 0, &key); if (ret == ECC_BAD_ARG_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve25519_make_key*/ /* * Testing wc_curve25519_shared_secret_ex */ static int test_wc_curve25519_shared_secret_ex(void) { int ret = 0; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key private_key, public_key; byte out[CURVE25519_KEYSIZE]; word32 outLen = sizeof(out); int endian = EC25519_BIG_ENDIAN; printf(testingFmt, "wc_curve25519_shared_secret_ex()"); ret = wc_curve25519_init(&private_key); if (ret == 0) { ret = wc_curve25519_init(&public_key); } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key); } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian); if (ret == 0) { ret = -1; } if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, NULL, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /*curve25519.c is checking for public_key size less than or equal to 0x7f, *increasing to 0x8f checks for error being returned*/ public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F; ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == ECC_BAD_ARG_E) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&private_key); wc_curve25519_free(&public_key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve25519_shared_secret_ex*/ /* * Testing wc_curve25519_make_pub */ static int test_wc_curve25519_make_pub(void) { int ret = 0; #ifdef HAVE_CURVE25519 WC_RNG rng; curve25519_key key; byte out[CURVE25519_KEYSIZE]; printf(testingFmt, "wc_curve25519_make_pub()"); ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof(out), out, (int)sizeof(key.k), key.k); } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k, (int)sizeof out, out); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), NULL); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof(key.k), key.k); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof(key.k), key.k); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { /* verify clamping test */ key.k[0] |= ~248; ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k); if (ret == ECC_BAD_ARG_E) { ret = 0; } key.k[0] &= 248; } /* repeat the expected-to-succeed test. */ if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k); } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve25519_make_pub */ /* * Testing test_wc_curve25519_export_public_ex */ static int test_wc_curve25519_export_public_ex (void) { int ret = 0; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key key; byte out[CURVE25519_KEYSIZE]; word32 outLen = sizeof(out); int endian = EC25519_BIG_ENDIAN; printf(testingFmt, "wc_curve25519_export_public_ex()"); ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { ret = wc_curve25519_export_public(&key, out, &outLen); } if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve25519_export_public_ex*/ /* * Testing test_wc_curve25519_import_private_raw_ex */ static int test_wc_curve25519_import_private_raw_ex (void) { int ret = 0; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key key; byte priv[CURVE25519_KEYSIZE]; byte pub[CURVE25519_KEYSIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); int endian = EC25519_BIG_ENDIAN; printf(testingFmt, "wc_curve25519_import_private_raw_ex()"); ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian); } if (ret == 0) { ret = wc_curve25519_export_public(&key, pub, &pubSz); } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, &key, endian); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, &key, EC25519_LITTLE_ENDIAN); } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve25519_import_private_raw_ex*/ /* * Testing test_wc_curve25519_import_private */ static int test_wc_curve25519_import_private (void) { int ret = 0; #if defined(HAVE_CURVE25519) curve25519_key key; WC_RNG rng; byte priv[CURVE25519_KEYSIZE]; word32 privSz = sizeof(priv); printf(testingFmt, "wc_curve25519_import_private()"); ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { ret = wc_curve25519_export_private_raw(&key, priv, &privSz); } } if (ret == 0) { ret = wc_curve25519_import_private(priv, privSz, &key); } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve25519_import*/ /* * Testing test_wc_curve25519_export_private_raw_ex */ static int test_wc_curve25519_export_private_raw_ex (void) { int ret = 0; #if defined(HAVE_CURVE25519) curve25519_key key; byte out[CURVE25519_KEYSIZE]; word32 outLen = sizeof(out); int endian = EC25519_BIG_ENDIAN; printf(testingFmt, "wc_curve25519_export_private_raw_ex()"); ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian); } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, EC25519_LITTLE_ENDIAN); } outLen = outLen - 2; if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve25519_free(&key); #endif return ret; }/*END test_wc_curve25519_export_private_raw_ex*/ /* * Testing wc_ed448_make_key(). */ static int test_wc_ed448_make_key (void) { int ret = 0; #if defined(HAVE_ED448) ed448_key key; WC_RNG rng; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&key); } printf(testingFmt, "wc_ed448_make_key()"); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); } /* Test bad args. */ if (ret == 0) { ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); #endif return ret; } /* END test_wc_ed448_make_key */ /* * Testing wc_ed448_init() */ static int test_wc_ed448_init (void) { int ret = 0; #if defined(HAVE_ED448) ed448_key key; printf(testingFmt, "wc_ed448_init()"); ret = wc_ed448_init(&key); /* Test bad args. */ if (ret == 0) { ret = wc_ed448_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); wc_ed448_free(&key); #endif return ret; } /* END test_wc_ed448_init */ /* * Test wc_ed448_sign_msg() and wc_ed448_verify_msg() */ static int test_wc_ed448_sign_msg (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN) WC_RNG rng; ed448_key key; byte msg[] = "Everybody gets Friday off.\n"; byte sig[ED448_SIG_SIZE]; word32 msglen = sizeof(msg); word32 siglen = sizeof(sig); word32 badSigLen = sizeof(sig) - 1; #ifdef HAVE_ED448_VERIFY int verify_ok = 0; /*1 = Verify success.*/ #endif /* Initialize stack variables. */ XMEMSET(sig, 0, siglen); /* Initialize key. */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); } } printf(testingFmt, "wc_ed448_sign_msg()"); if (ret == 0) { ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0); } /* Test bad args. */ if (ret == 0 && siglen == ED448_SIG_SIZE) { ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0); } if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) { badSigLen -= 1; ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* END sign */ printf(resultFmt, ret == 0 ? passed : failed); #ifdef HAVE_ED448_VERIFY printf(testingFmt, "wc_ed448_verify_msg()"); if (ret == 0) { ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key, NULL, 0); if (ret == 0 && verify_ok == 1) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok, &key, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok, &key, NULL, 0), BAD_FUNC_ARG); ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok, &key, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, NULL, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* END verify. */ printf(resultFmt, ret == 0 ? passed : failed); #endif /* Verify. */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); #endif return ret; } /* END test_wc_ed448_sign_msg */ /* * Testing wc_ed448_import_public() */ static int test_wc_ed448_import_public (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) WC_RNG rng; ed448_key pubKey; const byte in[] = "Ed448PublicKeyUnitTest.................................\n"; word32 inlen = sizeof(in); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&pubKey); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey); } } printf(testingFmt, "wc_ed448_import_public()"); if (ret == 0) { ret = wc_ed448_import_public(in, inlen, &pubKey); if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_ed448_import_public(NULL, inlen, &pubKey); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_public(in, inlen, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_public(in, inlen - 1, &pubKey); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&pubKey); #endif return ret; } /* END wc_ed448_import_public */ /* * Testing wc_ed448_import_private_key() */ static int test_wc_ed448_import_private_key (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) WC_RNG rng; ed448_key key; const byte privKey[] = "Ed448PrivateKeyUnitTest................................\n"; const byte pubKey[] = "Ed448PublicKeyUnitTest.................................\n"; word32 privKeySz = sizeof(privKey); word32 pubKeySz = sizeof(pubKey); #ifdef HAVE_ED448_KEY_EXPORT byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; word32 bothKeysSz = sizeof(bothKeys); #endif ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); printf(testingFmt, "wc_ed448_import_private_key()"); if (ret == 0) { ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz, &key); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #ifdef HAVE_ED448_KEY_EXPORT if (ret == 0) ret = wc_ed448_export_private(&key, bothKeys, &bothKeysSz); if (ret == 0) { ret = wc_ed448_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #endif /* Test bad args. */ if (ret == 0) { ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); #endif return ret; } /* END test_wc_ed448_import_private_key */ /* * Testing wc_ed448_export_public() and wc_ed448_export_private_only() */ static int test_wc_ed448_export (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) WC_RNG rng; ed448_key key; byte priv[ED448_PRV_KEY_SIZE]; byte pub[ED448_PUB_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); } printf(testingFmt, "wc_ed448_export_public()"); if (ret == 0) { ret = wc_ed448_export_public(&key, pub, &pubSz); if (ret == 0 && (pubSz != ED448_KEY_SIZE || XMEMCMP(key.p, pub, pubSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed448_export_public(NULL, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_public(&key, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_public(&key, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_ed448_export_private_only()"); if (ret == 0) { ret = wc_ed448_export_private_only(&key, priv, &privSz); if (ret == 0 && (privSz != ED448_KEY_SIZE || XMEMCMP(key.k, priv, privSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed448_export_private_only(NULL, priv, &privSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private_only(&key, NULL, &privSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private_only(&key, priv, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); #endif return ret; } /* END test_wc_ed448_export */ /* * Testing wc_ed448_size() */ static int test_wc_ed448_size (void) { int ret = 0; #if defined(HAVE_ED448) WC_RNG rng; ed448_key key; ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed448_free(&key); return ret; } printf(testingFmt, "wc_ed448_size()"); ret = wc_ed448_size(&key); /* Test bad args. */ if (ret == ED448_KEY_SIZE) { ret = wc_ed448_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_ed448_sig_size()"); ret = wc_ed448_sig_size(&key); if (ret == ED448_SIG_SIZE) { ret = 0; } /* Test bad args. */ if (ret == 0) { ret = wc_ed448_sig_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed448_sig_size() */ if (ret == 0) { printf(testingFmt, "wc_ed448_pub_size"); ret = wc_ed448_pub_size(&key); if (ret == ED448_PUB_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed448_pub_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed448_pub_size */ if (ret == 0) { printf(testingFmt, "wc_ed448_priv_size"); ret = wc_ed448_priv_size(&key); if (ret == ED448_PRV_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed448_priv_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed448_pub_size */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); #endif return ret; } /* END test_wc_ed448_size */ /* * Testing wc_ed448_export_private() and wc_ed448_export_key() */ static int test_wc_ed448_exportKey (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) WC_RNG rng; ed448_key key; byte priv[ED448_PRV_KEY_SIZE]; byte pub[ED448_PUB_KEY_SIZE]; byte privOnly[ED448_PRV_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); word32 privOnlySz = sizeof(privOnly); ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed448_free(&key); return ret; } printf(testingFmt, "wc_ed448_export_private()"); ret = wc_ed448_export_private(&key, privOnly, &privOnlySz); if (ret == 0) { ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private(&key, NULL, &privOnlySz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private(&key, privOnly, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (ret == 0) { printf(testingFmt, "wc_ed448_export_key()"); ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz); if (ret == 0) { ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); } /* END wc_ed448_export_key() */ /* Cross check output. */ if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); #endif return ret; } /* END test_wc_ed448_exportKey */ /* * Testing wc_Ed448PublicKeyToDer */ static int test_wc_Ed448PublicKeyToDer (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) int tmp; ed448_key key; byte derBuf[1024]; printf(testingFmt, "wc_Ed448PublicKeyToDer()"); /* Test bad args */ tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0); if (tmp != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { wc_ed448_init(&key); tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0); if (tmp != BUFFER_E) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); } /* Test good args */ if (ret == 0) { WC_RNG rng; ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed448_free(&key); return ret; } tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1); if (tmp <= 0) { ret = WOLFSSL_FATAL_ERROR; } wc_FreeRng(&rng); wc_ed448_free(&key); } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END testing wc_Ed448PublicKeyToDer */ /* * Testing wc_curve448_init and wc_curve448_free. */ static int test_wc_curve448_init (void) { int ret = 0; #if defined(HAVE_CURVE448) curve448_key key; printf(testingFmt, "wc_curve448_init()"); ret = wc_curve448_init(&key); /* Test bad args for wc_curve448_init */ if (ret == 0) { ret = wc_curve448_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); /* Test good args for wc_curve_448_free */ wc_curve448_free(&key); wc_curve448_free(NULL); #endif return ret; } /* END test_wc_curve448_init and wc_curve_448_free*/ /* * Testing wc_curve448_make_key */ static int test_wc_curve448_make_key (void) { int ret = 0; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; int keysize; printf(testingFmt, "wc_curve448_make_key()"); ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { keysize = wc_curve448_size(&key); if (keysize != CURVE448_KEY_SIZE) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_curve448_make_key(&rng, keysize, &key); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve448_make_key(NULL, 0, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_make_key(&rng, keysize, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_make_key(NULL, keysize, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_make_key(&rng, 0, &key); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (wc_FreeRng(&rng) != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&key); #endif return ret; } /*END test_wc_curve448_make_key*/ /* * Testing test_wc_curve448_shared_secret_ex */ static int test_wc_curve448_shared_secret_ex (void) { int ret = 0; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key private_key, public_key; byte out[CURVE448_KEY_SIZE]; word32 outLen = sizeof(out); int endian = EC448_BIG_ENDIAN; printf(testingFmt, "wc_curve448_shared_secret_ex()"); ret = wc_curve448_init(&private_key); if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key); } } if (ret == 0) { ret = wc_curve448_init(&public_key); } if (ret == 0) { if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key); } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); } /*test bad cases*/ if (ret == 0) { ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&private_key); wc_curve448_free(&public_key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve448_shared_secret_ex*/ /* * Testing test_wc_curve448_export_public_ex */ static int test_wc_curve448_export_public_ex (void) { int ret = 0; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; byte out[CURVE448_KEY_SIZE]; word32 outLen = sizeof(out); int endian = EC448_BIG_ENDIAN; printf(testingFmt, "wc_curve448_export_public_ex()"); ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0){ ret = wc_curve448_export_public(&key, out, &outLen); } if (ret == 0) { ret = wc_curve448_export_public_ex(&key, out, &outLen, endian); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_public_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve448_export_public_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve448_export_public_ex*/ /* * Testing test_wc_curve448_export_private_raw_ex */ static int test_wc_curve448_export_private_raw_ex (void) { int ret = 0; #if defined(HAVE_CURVE448) curve448_key key; byte out[CURVE448_KEY_SIZE]; word32 outLen = sizeof(out); int endian = EC448_BIG_ENDIAN; printf(testingFmt, "wc_curve448_export_private_raw_ex()"); ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian); } /*test bad cases*/ if (ret == 0) { ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, EC448_LITTLE_ENDIAN); } outLen = outLen - 2; if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&key); #endif return ret; }/*END test_wc_curve448_export_private_raw_ex*/ /* * Testing test_wc_curve448_import_private_raw_ex */ static int test_wc_curve448_import_private_raw_ex (void) { int ret = 0; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; byte priv[CURVE448_KEY_SIZE]; byte pub[CURVE448_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); int endian = EC448_BIG_ENDIAN; printf(testingFmt, "wc_curve448_import_private_raw_ex()"); ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0){ ret = wc_curve448_export_private_raw(&key, priv, &privSz); } if (ret == 0){ ret = wc_curve448_export_public(&key, pub, &pubSz); } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, &key, endian); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, &key, EC448_LITTLE_ENDIAN); } if (wc_FreeRng(&rng) != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&key); #endif return ret; } /*END test_wc_curve448_import_private_raw_ex*/ /* * Testing test_curve448_export_key_raw */ static int test_wc_curve448_export_key_raw (void) { int ret = 0; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; byte priv[CURVE448_KEY_SIZE]; byte pub[CURVE448_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); printf(testingFmt, "wc_curve448_export_key_raw()"); ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { ret = wc_curve448_export_private_raw(&key, priv, &privSz); } if (ret == 0) { ret = wc_curve448_export_public(&key, pub, &pubSz); } if (ret == 0) { ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz); } } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&key); wc_FreeRng(&rng); #endif return ret; }/*END test_wc_curve448_import_private_raw_ex*/ /* * Testing test_wc_curve448_import_private */ static int test_wc_curve448_import_private (void) { int ret = 0; #if defined(HAVE_CURVE448) curve448_key key; WC_RNG rng; byte priv[CURVE448_KEY_SIZE]; word32 privSz = sizeof(priv); printf(testingFmt, "wc_curve448_import_private()"); ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { ret = wc_curve448_export_private_raw(&key, priv, &privSz); } } if (ret == 0) { ret = wc_curve448_import_private(priv, privSz, &key); } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&key); wc_FreeRng(&rng); #endif return ret; } /*END test_wc_curve448_import*/ /* * Testing test_wc_curve448_size. */ static int test_wc_curve448_size (void) { int ret = 0; #if defined(HAVE_CURVE448) curve448_key key; printf(testingFmt, "wc_curve448_size()"); ret = wc_curve448_init(&key); /* Test good args for wc_curve448_size */ if (ret == 0) { ret = wc_curve448_size(&key); } /* Test bad args for wc_curve448_size */ if (ret != 0) { ret = wc_curve448_size(NULL); } printf(resultFmt, ret == 0 ? passed : failed); wc_curve448_free(&key); #endif return ret; } /* END test_wc_curve448_size*/ /* * Testing wc_ecc_make_key. */ static int test_wc_ecc_make_key (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; printf(testingFmt, "wc_ecc_make_key()"); ret = wc_InitRng(&rng); if (ret != 0) return ret; ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_make_key(NULL, KEY14, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_make_key(&rng, KEY14, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_ecc_free(&key); } if (wc_FreeRng(&rng) != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } #ifdef FP_ECC wc_ecc_fp_free(); #endif printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_ecc_make_key */ /* * Testing wc_ecc_init() */ static int test_wc_ecc_init (void) { int ret = 0; #ifdef HAVE_ECC ecc_key key; printf(testingFmt, "wc_ecc_init()"); ret = wc_ecc_init(&key); /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); wc_ecc_free(&key); #endif return ret; } /* END test_wc_ecc_init */ /* * Testing wc_ecc_check_key() */ static int test_wc_ecc_check_key (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); } } printf(testingFmt, "wc_ecc_check_key()"); if (ret == 0) { ret = wc_ecc_check_key(&key); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_check_key(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END test_wc_ecc_check_key */ /* * Testing wc_ecc_get_generator() */ static int test_wc_ecc_get_generator(void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA) ecc_point* pt; printf(testingFmt, "wc_ecc_new_point()"); pt = wc_ecc_new_point(); if (!pt) { ret = WOLFSSL_FATAL_ERROR; } printf(testingFmt, "wc_ecc_get_generator()"); if (ret == 0) { ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1)); } /* Test bad args. */ if (ret == MP_OKAY) { /* Returns Zero for bad arg. */ ret = wc_ecc_get_generator(pt, -1); if (ret != MP_OKAY) wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1)); if (ret != MP_OKAY) wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves * increase this number */ if (ret != MP_OKAY) wc_ecc_get_generator(NULL, -1); ret = ret == MP_OKAY ? WOLFSSL_FATAL_ERROR : 0; } printf(resultFmt, ret == 0 ? passed : failed); wc_ecc_del_point(pt); #endif return ret; } /* END test_wc_ecc_get_generator */ /* * Testing wc_ecc_size() */ static int test_wc_ecc_size (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); } } printf(testingFmt, "wc_ecc_size()"); if (ret == 0) { ret = wc_ecc_size(&key); if (ret == KEY14) { ret = 0; } else if (ret == 0){ ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { /* Returns Zero for bad arg. */ ret = wc_ecc_size(NULL); } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #endif return ret; } /* END test_wc_ecc_size */ static void test_wc_ecc_params(void) { /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`. It was added after certifications */ #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) const ecc_set_type* ecc_set; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) /* Test for SECP256R1 curve */ int curve_id = ECC_SECP256R1; int curve_idx = wc_ecc_get_curve_idx(curve_id); AssertIntNE(curve_idx, ECC_CURVE_INVALID); ecc_set = wc_ecc_get_curve_params(curve_idx); AssertNotNull(ecc_set); AssertIntEQ(ecc_set->id, curve_id); #endif /* Test case when SECP256R1 is not enabled */ /* Test that we get curve params for index 0 */ ecc_set = wc_ecc_get_curve_params(0); AssertNotNull(ecc_set); #endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */ } /* * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash() */ static int test_wc_ecc_signVerify_hash (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; int signH = WOLFSSL_FATAL_ERROR; #ifdef HAVE_ECC_VERIFY int verifyH = WOLFSSL_FATAL_ERROR; int verify = 0; #endif word32 siglen = ECC_BUFSIZE; byte sig[ECC_BUFSIZE]; byte adjustedSig[ECC_BUFSIZE+1]; byte digest[] = TEST_STRING; word32 digestlen = (word32)TEST_STRING_SZ; /* Init stack var */ XMEMSET(sig, 0, siglen); XMEMSET(&key, 0, sizeof(key)); XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1); /* Init structs. */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); } } printf(testingFmt, "wc_ecc_sign_hash()"); if (ret == 0) { ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key); } /* Check bad args. */ if (ret == 0) { signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key); if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key); } if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key); } if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key); } if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL); } if (signH == ECC_BAD_ARG_E) { signH = 0; } else if (ret == 0) { signH = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, signH == 0 ? passed : failed); #ifdef HAVE_ECC_VERIFY printf(testingFmt, "wc_ecc_verify_hash()"); ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key); if (verify != 1 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } /* test check on length of signature passed in */ XMEMCPY(adjustedSig, sig, siglen); adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/ #ifndef NO_STRICT_ECDSA_LEN AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen, &verify, &key), 0); #else /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature * is allowed */ AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen, &verify, &key), 0); #endif /* Test bad args. */ if (ret == 0) { verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify, &key); if (verifyH == ECC_BAD_ARG_E) { verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key); } if (verifyH == ECC_BAD_ARG_E) { verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key); } if (verifyH == ECC_BAD_ARG_E) { verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, NULL); } if (verifyH == ECC_BAD_ARG_E) { verifyH = 0; } else if (ret == 0) { verifyH = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, verifyH == 0 ? passed : failed); #endif /* HAVE_ECC_VERIFY */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END test_wc_ecc_sign_hash */ /* * Testing wc_ecc_shared_secret() */ static int test_wc_ecc_shared_secret (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) ecc_key key, pubKey; WC_RNG rng; byte out[KEY32]; int keySz = sizeof(out); word32 outlen = (word32)sizeof(out); #if defined(HAVE_ECC) && !defined(NO_ECC256) const char* qx = "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861"; const char* qy = "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8"; const char* d = "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c"; const char* curveName = "SECP256R1"; const byte expected_shared_secret[] = { 0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75, 0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a, 0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf, 0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06 }; #endif /* Initialize variables. */ XMEMSET(out, 0, keySz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&pubKey, 0, sizeof(pubKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_init(&pubKey); } } #if defined(HAVE_ECC) && !defined(NO_ECC256) if (ret == 0) { ret = wc_ecc_import_raw(&key, qx, qy, d, curveName); } if (ret == 0) { ret = wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName); } #else if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); } if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &pubKey); } #endif #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { ret = wc_ecc_set_rng(&key, &rng); } #endif printf(testingFmt, "wc_ecc_shared_secret()"); if (ret == 0) { ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen); #if defined(HAVE_ECC) && !defined(NO_ECC256) if (ret == 0) { if (0 != XMEMCMP(out, expected_shared_secret, outlen)) { ret = WOLFSSL_FATAL_ERROR; } } #endif /* Test bad args. */ if (ret == 0) { ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret(&key, NULL, out, &outlen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL); } if (ret == BAD_FUNC_ARG) { /* Invalid length */ outlen = 1; ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen); } if (ret == BUFFER_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&pubKey); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END tests_wc_ecc_shared_secret */ /* * testint wc_ecc_export_x963() */ static int test_wc_ecc_export_x963 (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; byte out[ECC_ASN963_MAX_BUF_SZ]; word32 outlen = sizeof(out); /* Initialize variables. */ XMEMSET(out, 0, outlen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY20, &key); } } printf(testingFmt, "wc_ecc_export_x963()"); if (ret == 0) { ret = wc_ecc_export_x963(&key, out, &outlen); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_export_x963(NULL, out, &outlen); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_export_x963(&key, NULL, &outlen); } if (ret == LENGTH_ONLY_E) { ret = wc_ecc_export_x963(&key, out, NULL); } if (ret == ECC_BAD_ARG_E) { key.idx = -4; ret = wc_ecc_export_x963(&key, out, &outlen); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END test_wc_ecc_export_x963 */ /* * Testing wc_ecc_export_x963_ex() * compile with --enable-compkey will use compression. */ static int test_wc_ecc_export_x963_ex (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; byte out[ECC_ASN963_MAX_BUF_SZ]; word32 outlen = sizeof(out); #ifdef HAVE_COMP_KEY word32 badOutLen = 5; #endif /* Init stack variables. */ XMEMSET(out, 0, outlen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY64, &key); } } printf(testingFmt, "wc_ecc_export_x963_ex()"); #ifdef HAVE_COMP_KEY if (ret == 0) { ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP); } #else if (ret == 0) { ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP); } #endif /* Test bad args. */ #ifdef HAVE_COMP_KEY if (ret == 0) { ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP); } if (ret == BUFFER_E) { key.idx = -4; ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else if (ret == 0) { ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1); } if (ret == NOT_COMPILED_IN) { ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP); } if (ret == BAD_FUNC_ARG) { key.idx = -4; ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } #endif printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END test_wc_ecc_export_x963_ex */ /* * testing wc_ecc_import_x963() */ static int test_wc_ecc_import_x963 (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key pubKey, key; WC_RNG rng; byte x963[ECC_ASN963_MAX_BUF_SZ]; word32 x963Len = (word32)sizeof(x963); /* Init stack variables. */ XMEMSET(x963, 0, x963Len); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&pubKey, 0, sizeof(pubKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&pubKey); if (ret == 0) { ret = wc_ecc_init(&key); } if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY24, &key); } if (ret == 0) { PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(&key, x963, &x963Len); PRIVATE_KEY_LOCK(); } } printf(testingFmt, "wc_ecc_import_x963()"); if (ret == 0) { ret = wc_ecc_import_x963(x963, x963Len, &pubKey); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_x963(NULL, x963Len, &pubKey); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_x963(x963, x963Len, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&pubKey); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END wc_ecc_import_x963 */ /* * testing wc_ecc_import_private_key() */ static int ecc_import_private_key (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key, keyImp; WC_RNG rng; byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/ byte x963Key[ECC_ASN963_MAX_BUF_SZ]; word32 privKeySz = (word32)sizeof(privKey); word32 x963KeySz = (word32)sizeof(x963Key); /* Init stack variables. */ XMEMSET(privKey, 0, privKeySz); XMEMSET(x963Key, 0, x963KeySz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&keyImp, 0, sizeof(keyImp)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_init(&keyImp); } if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY48, &key); } if (ret == 0) { PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz); PRIVATE_KEY_LOCK(); } if (ret == 0) { ret = wc_ecc_export_private_only(&key, privKey, &privKeySz); } } printf(testingFmt, "wc_ecc_import_private_key()"); if (ret == 0) { ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key, x963KeySz, &keyImp); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key, x963KeySz, NULL); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz, &keyImp); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&keyImp); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END wc_ecc_import_private_key */ /* * Testing wc_ecc_export_private_only() */ static int test_wc_ecc_export_private_only (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; byte out[ECC_PRIV_KEY_BUF]; word32 outlen = sizeof(out); /* Init stack variables. */ XMEMSET(out, 0, outlen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY32, &key); } } printf(testingFmt, "wc_ecc_export_private_only()"); if (ret == 0) { ret = wc_ecc_export_private_only(&key, out, &outlen); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_export_private_only(NULL, out, &outlen); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_private_only(&key, NULL, &outlen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_private_only(&key, out, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END test_wc_ecc_export_private_only */ /* * Testing wc_ecc_rs_to_sig() */ static int test_wc_ecc_rs_to_sig (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(NO_ASN) /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; const char* zeroStr = "0"; byte sig[ECC_MAX_SIG_SIZE]; word32 siglen = (word32)sizeof(sig); /*R and S max size is the order of curve. 2^192.*/ int keySz = KEY24; byte r[KEY24]; byte s[KEY24]; word32 rlen = (word32)sizeof(r); word32 slen = (word32)sizeof(s); /* Init stack variables. */ XMEMSET(sig, 0, ECC_MAX_SIG_SIZE); XMEMSET(r, 0, keySz); XMEMSET(s, 0, keySz); printf(testingFmt, "wc_ecc_rs_to_sig()"); ret = wc_ecc_rs_to_sig(R, S, sig, &siglen); /* Test bad args. */ if (ret == 0) { ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, S, sig, NULL); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen); } if (ret == MP_ZERO_E) { ret = wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen); } if (ret == MP_ZERO_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_ecc_sig_to_rs()"); if (ret == 0) { ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_ecc_rs_to_sig */ static int test_wc_ecc_import_raw(void) { int ret = 0; #if defined(HAVE_ECC) && !defined(NO_ECC256) ecc_key key; const char* qx = "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861"; const char* qy = "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8"; const char* d = "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c"; const char* curveName = "SECP256R1"; #ifdef WOLFSSL_VALIDATE_ECC_IMPORT const char* kNullStr = ""; #endif ret = wc_ecc_init(&key); printf(testingFmt, "wc_ecc_import_raw()"); if (ret == 0) { ret = wc_ecc_import_raw(&key, qx, qy, d, curveName); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_raw(&key, qx, qy, d, NULL); } #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if (ret == BAD_FUNC_ARG) { #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) wc_ecc_free(&key); #endif ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName); if (ret == ECC_INF_E) ret = BAD_FUNC_ARG; /* This is expected by other tests */ } #endif #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) if (ret == BAD_FUNC_ARG) { #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) wc_ecc_free(&key); #endif ret = wc_ecc_import_raw(&key, "0", qy, d, curveName); } if (ret == BAD_FUNC_ARG) { #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) wc_ecc_free(&key); #endif ret = wc_ecc_import_raw(&key, qx, "0", d, curveName); } #endif if (ret == BAD_FUNC_ARG) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_ecc_free(&key); #endif return ret; } /* END test_wc_ecc_import_raw */ static int test_wc_ecc_import_unsigned(void) { int ret = 0; #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) ecc_key key; const byte qx[] = { 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61 }; const byte qy[] = { 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8 }; const byte d[] = { 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85, 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c }; #ifdef WOLFSSL_VALIDATE_ECC_IMPORT const byte nullBytes[32] = {0}; #endif int curveId = ECC_SECP256R1; ret = wc_ecc_init(&key); printf(testingFmt, "wc_ecc_import_unsigned()"); if (ret == 0) { ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, curveId); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d, curveId); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d, curveId); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d, curveId); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, ECC_CURVE_INVALID); } #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes, (byte*)nullBytes, (byte*)nullBytes, curveId); } #endif if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_ecc_free(&key); #endif return ret; } /* END test_wc_ecc_import_unsigned */ /* * Testing wc_ecc_sig_size() */ static int test_wc_ecc_sig_size (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int keySz = KEY16; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); } } printf(testingFmt, "wc_ecc_sig_size()"); if (ret == 0) { ret = wc_ecc_sig_size(&key); if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #endif return ret; } /* END test_wc_ecc_sig_size */ /* * Testing wc_ecc_ctx_new() */ static int test_wc_ecc_ctx_new (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) WC_RNG rng; ecEncCtx* cli = NULL; ecEncCtx* srv = NULL; ret = wc_InitRng(&rng); printf(testingFmt, "wc_ecc_ctx_new()"); if (ret == 0) { cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); } if (ret == 0 && (cli == NULL || srv == NULL)) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(cli); wc_ecc_ctx_free(srv); /* Test bad args. */ if (ret == 0) { /* wc_ecc_ctx_new_ex() will free if returned NULL. */ cli = wc_ecc_ctx_new(0, &rng); if (cli != NULL) { ret = WOLFSSL_FATAL_ERROR; } cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL); if (cli != NULL) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(cli); #endif return ret; } /* END test_wc_ecc_ctx_new */ /* * Tesing wc_ecc_reset() */ static int test_wc_ecc_ctx_reset (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) ecEncCtx* ctx = NULL; WC_RNG rng; ret = wc_InitRng(&rng); if (ret == 0) { if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) { ret = WOLFSSL_FATAL_ERROR; } } printf(testingFmt, "wc_ecc_ctx_reset()"); if (ret == 0) { ret = wc_ecc_ctx_reset(ctx, &rng); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_ctx_reset(NULL, &rng); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_reset(ctx, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(ctx); #endif return ret; } /* END test_wc_ecc_ctx_reset */ /* * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt() */ static int test_wc_ecc_ctx_set_peer_salt (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) WC_RNG rng; ecEncCtx* cliCtx = NULL; ecEncCtx* servCtx = NULL; const byte* cliSalt = NULL; const byte* servSalt = NULL; ret = wc_InitRng(&rng); if (ret == 0) { if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) || ( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) { ret = WOLFSSL_FATAL_ERROR; } } printf(testingFmt, "wc_ecc_ctx_get_own_salt()"); /* Test bad args. */ if (ret == 0) { cliSalt = wc_ecc_ctx_get_own_salt(NULL); if (cliSalt != NULL) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { cliSalt = wc_ecc_ctx_get_own_salt(cliCtx); servSalt = wc_ecc_ctx_get_own_salt(servCtx); if (cliSalt == NULL || servSalt == NULL) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_ecc_ctx_set_peer_salt()"); if (ret == 0) { ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(cliCtx); wc_ecc_ctx_free(servCtx); #endif return ret; } /* END test_wc_ecc_ctx_set_peer_salt */ /* * Testing wc_ecc_ctx_set_info() */ static int test_wc_ecc_ctx_set_info (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) ecEncCtx* ctx = NULL; WC_RNG rng; const char* optInfo = "Optional Test Info."; int optInfoSz = (int)XSTRLEN(optInfo); const char* badOptInfo = NULL; ret = wc_InitRng(&rng); if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) { ret = WOLFSSL_FATAL_ERROR; } printf(testingFmt, "wc_ecc_ctx_set_info()"); if (ret == 0) { ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(ctx); #endif return ret; } /* END test_wc_ecc_ctx_set_info */ /* * Testing wc_ecc_encrypt() and wc_ecc_decrypt() */ static int test_wc_ecc_encryptDecrypt (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \ defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) ecc_key srvKey, cliKey, tmpKey; WC_RNG rng; const char* msg = "EccBlock Size 16"; word32 msgSz = (word32)XSTRLEN(msg); #ifdef WOLFSSL_ECIES_OLD byte out[XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE]; #else byte out[KEY20 * 2 + 1 + XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE]; #endif word32 outSz = (word32)sizeof(out); byte plain[XSTRLEN(msg) + 1]; word32 plainSz = (word32)sizeof(plain); int keySz = KEY20; /* Init stack variables. */ XMEMSET(out, 0, outSz); XMEMSET(plain, 0, plainSz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&srvKey, 0, sizeof(srvKey)); XMEMSET(&cliKey, 0, sizeof(cliKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&cliKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &cliKey); } if (ret == 0) { ret = wc_ecc_init(&srvKey); } if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &srvKey); } if (ret == 0) { ret = wc_ecc_init(&tmpKey); } } #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { ret = wc_ecc_set_rng(&srvKey, &rng); } if (ret == 0) { ret = wc_ecc_set_rng(&cliKey, &rng); } #endif printf(testingFmt, "wc_ecc_encrypt()"); if (ret == 0) { ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, &outSz, NULL); } if (ret == 0) { ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz, NULL); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL, &outSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_ecc_decrypt()"); #ifdef WOLFSSL_ECIES_OLD if (ret == 0) { tmpKey.dp = cliKey.dp; ret = wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey); } #endif if (ret == 0) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz, NULL); } if (ret == 0) { ret = wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz, NULL); #ifdef WOLFSSL_ECIES_OLD /* NULL parameter allowed in new implementations - public key comes from * the message. */ if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz, NULL); } #endif if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (XMEMCMP(msg, plain, msgSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&tmpKey); wc_ecc_free(&cliKey); wc_ecc_free(&srvKey); #endif return ret; } /* END test_wc_ecc_encryptDecrypt */ /* * Testing wc_ecc_del_point() and wc_ecc_new_point() */ static int test_wc_ecc_del_point (void) { int ret = 0; #if defined(HAVE_ECC) ecc_point* pt; printf(testingFmt, "wc_ecc_new_point()"); pt = wc_ecc_new_point(); if (!pt) { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); wc_ecc_del_point(pt); #endif return ret; } /* END test_wc_ecc_del_point */ /* * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(), * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(), * and wc_ecc_cmp_point() */ static int test_wc_ecc_pointFns (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \ !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) ecc_key key; WC_RNG rng; ecc_point* point = NULL; ecc_point* cpypt = NULL; int idx = 0; int keySz = KEY32; byte der[DER_SZ(KEY32)]; word32 derlenChk = 0; word32 derSz = DER_SZ(KEY32); /* Init stack variables. */ XMEMSET(der, 0, derSz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); } } if (ret == 0) { point = wc_ecc_new_point(); if (!point) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { cpypt = wc_ecc_new_point(); if (!cpypt) { ret = WOLFSSL_FATAL_ERROR; } } /* Export */ printf(testingFmt, "wc_ecc_export_point_der()"); if (ret == 0) { ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL, &derlenChk); /* Check length value. */ if (derSz == derlenChk && ret == LENGTH_ONLY_E) { ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der, &derSz); } } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der, NULL); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); /* Import */ printf(testingFmt, "wc_ecc_import_point_der()"); if (ret == 0) { ret = wc_ecc_import_point_der(der, derSz, idx, point); /* Condition double checks wc_ecc_cmp_point(). */ if (ret == 0 && XMEMCMP(&key.pubkey, point, sizeof(key.pubkey))) { ret = wc_ecc_cmp_point(&key.pubkey, point); } } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_point_der(NULL, derSz, idx, point); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_import_point_der(der, derSz, idx, NULL); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_import_point_der(der, derSz, -1, point); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_import_point_der(der, derSz + 1, idx, point); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); /* Copy */ printf(testingFmt, "wc_ecc_copy_point()"); if (ret == 0) { ret = wc_ecc_copy_point(point, cpypt); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_copy_point(NULL, cpypt); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_copy_point(point, NULL); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_ecc_cmp_point()"); /* Compare point */ if (ret == 0) { ret = wc_ecc_cmp_point(point, cpypt); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_cmp_point(NULL, cpypt); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_cmp_point(point, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wc_ecc_point_is_at_infinity()"); /* At infinity if return == 1, otherwise return == 0. */ if (ret == 0) { ret = wc_ecc_point_is_at_infinity(point); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_point_is_at_infinity(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) #ifdef USE_ECC_B_PARAM printf(testingFmt, "wc_ecc_point_is_on_curve()"); /* On curve if ret == 0 */ if (ret == 0) { ret = wc_ecc_point_is_on_curve(point, idx); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_point_is_on_curve(NULL, idx); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_point_is_on_curve(point, 1000); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); #endif /* USE_ECC_B_PARAM */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ /* Free */ wc_ecc_del_point(point); wc_ecc_del_point(cpypt); wc_ecc_free(&key); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } #endif return ret; } /* END test_wc_ecc_pointFns */ /* * Testing wc_ecc_sahred_secret_ssh() */ static int test_wc_ecc_shared_secret_ssh (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \ !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) ecc_key key, key2; WC_RNG rng; int keySz = KEY32; int key2Sz = KEY24; byte secret[KEY32]; word32 secretLen = keySz; /* Init stack variables. */ XMEMSET(secret, 0, secretLen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&key2, 0, sizeof(key2)); /* Make keys */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key2); } if (ret == 0) { ret = wc_ecc_make_key(&rng, key2Sz, &key2); } } printf(testingFmt, "ecc_shared_secret_ssh()"); #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { ret = wc_ecc_set_rng(&key, &rng); } #endif if (ret == 0) { ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL); } if (ret == BAD_FUNC_ARG) { key.type = ECC_PUBLICKEY; ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen); if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&key2); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END test_wc_ecc_shared_secret_ssh */ /* * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex() */ static int test_wc_ecc_verify_hash_ex (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \ && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) ecc_key key; WC_RNG rng; mp_int r; mp_int s; unsigned char hash[] = "Everyone gets Friday off.EccSig"; unsigned char iHash[] = "Everyone gets Friday off......."; unsigned char shortHash[] = TEST_STRING; word32 hashlen = sizeof(hash); word32 iHashLen = sizeof(iHash); word32 shortHashLen = sizeof(shortHash); int keySz = KEY32; int sig = WOLFSSL_FATAL_ERROR; int ver = WOLFSSL_FATAL_ERROR; int verify_ok = 0; /* Initialize r and s. */ ret = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL); if (ret != MP_OKAY) { return MP_INIT_E; } ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); } } if (ret == 0) { ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s); if (ret == 0) { /* verify_ok should be 1. */ ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key); if (verify_ok != 1 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* verify_ok should be 0 */ ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen, &verify_ok, &key); if (verify_ok != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* verify_ok should be 0. */ ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, &verify_ok, &key); if (verify_ok != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } printf(testingFmt, "wc_ecc_sign_hash_ex()"); /* Test bad args. */ if (ret == 0) { if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s) == ECC_BAD_ARG_E) { sig = 0; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, sig == 0 ? passed : failed); printf(testingFmt, "wc_ecc_verify_hash_ex()"); /* Test bad args. */ if (ret == 0) { if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key) == ECC_BAD_ARG_E) { ver = 0; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen, &verify_ok, &key) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok, &key) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL, &key) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, &verify_ok, NULL) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ver == 0 ? passed : failed); wc_ecc_free(&key); mp_free(&r); mp_free(&s); if (wc_FreeRng(&rng)) { return WOLFSSL_FATAL_ERROR; } if (ret == 0 && (sig != 0 || ver != 0)) { ret = WOLFSSL_FATAL_ERROR; } #endif return ret; } /* END test_wc_ecc_verify_hash_ex */ /* * Testing wc_ecc_mulmod() */ static int test_wc_ecc_mulmod (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \ !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(WOLFSSL_VALIDATE_ECC_IMPORT)) ecc_key key1, key2, key3; WC_RNG rng; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key1); if (ret == 0) { ret = wc_ecc_init(&key2); } if (ret == 0) { ret = wc_ecc_init(&key3); } if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY32, &key1); } wc_FreeRng(&rng); } if (ret == 0) { ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af, ECC_SECP256R1); if (ret == 0) { ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy, key1.dp->prime, ECC_SECP256R1); } } printf(testingFmt, "wc_ecc_mulmod()"); if (ret == 0) { ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, 1); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, 1); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k, &key3.k, 1); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k, &key3.k, 1); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k, NULL, 1); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); wc_ecc_free(&key1); wc_ecc_free(&key2); wc_ecc_free(&key3); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif /* HAVE_ECC && !WOLFSSL_ATECC508A */ return ret; } /* END test_wc_ecc_mulmod */ /* * Testing wc_ecc_is_valid_idx() */ static int test_wc_ecc_is_valid_idx (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int iVal = -2; int iVal2 = 3000; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, 32, &key); } } printf(testingFmt, "wc_ecc_is_valid_idx()"); if (ret == 0) { ret = wc_ecc_is_valid_idx(key.idx); if (ret == 1) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */ if (ret == 0) { ret = wc_ecc_is_valid_idx(iVal2); } if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } printf(resultFmt, ret == 0 ? passed : failed); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif return ret; } /* END test_wc_ecc_is_valid_idx */ /* * Testing wc_ecc_get_curve_id_from_oid() */ static int test_wc_ecc_get_curve_id_from_oid (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07}; word32 len = sizeof(oid); printf(testingFmt, "wc_ecc_get_curve_id_from_oid()"); /* Bad Cases */ ret = wc_ecc_get_curve_id_from_oid(NULL, len); if (ret == BAD_FUNC_ARG) { ret = 0; } if (ret == 0) { ret = wc_ecc_get_curve_id_from_oid(oid, 0); if (ret == ECC_CURVE_INVALID) { ret = 0; } } /* Good Case */ if (ret == 0) { ret = wc_ecc_get_curve_id_from_oid(oid, len); if (ret == 7) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* END test_wc_ecc_get_curve_id_from_oid */ /* * Testing wc_ecc_sig_size_calc() */ static int test_wc_ecc_sig_size_calc (void) { int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) ecc_key key; WC_RNG rng; int sz = 0; printf(testingFmt, "wc_ecc_sig_size_calc()"); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, 16, &key); } sz = key.dp->size; } if (ret == 0) { ret = wc_ecc_sig_size_calc(sz); if (ret > 0) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); wc_ecc_free(&key); wc_FreeRng(&rng); #endif return ret; } /* END test_wc_ecc_sig_size_calc */ /* * Testing ToTraditional */ static int test_ToTraditional (void) { int ret = 0; #if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \ (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) XFILE f; byte input[TWOK_BUF]; word32 sz; printf(testingFmt, "ToTraditional()"); f = XFOPEN("./certs/server-keyPkcs8.der", "rb"); AssertTrue((f != XBADFILE)); sz = (word32)XFREAD(input, 1, sizeof(input), f); XFCLOSE(f); /* Good case */ ret = ToTraditional(input, sz); if (ret > 0) { ret = 0; } /* Bad cases */ if (ret == 0) { ret = ToTraditional(NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = ToTraditional(NULL, sz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = ToTraditional(input, 0); if (ret == ASN_PARSE_E || ret == BUFFER_E) { ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_ToTraditional*/ /* * Testing wc_EccPrivateKeyToDer */ static int test_wc_EccPrivateKeyToDer (void) { int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) byte output[ONEK_BUF]; ecc_key eccKey; WC_RNG rng; word32 inLen; printf(testingFmt, "wc_EccPrivateKeyToDer()"); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&eccKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &eccKey); } inLen = (word32)sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_EccPrivateKeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_EccPrivateKeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen); if (ret == LENGTH_ONLY_E) { ret = 0; } } if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /*Good Case */ if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen); if (ret > 0) { ret = 0; } } wc_ecc_free(&eccKey); } wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_wc_EccPrivateKeyToDer*/ /* * Testing wc_DhPublicKeyDecode */ static int test_wc_DhPublicKeyDecode(void) { int ret = 0; word32 inOutIdx; #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) DhKey key; AssertIntEQ(wc_InitDhKey(&key), 0); printf(testingFmt, "wc_DhPublicKeyDecode()"); AssertIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), BAD_FUNC_ARG); AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), BAD_FUNC_ARG); AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), BAD_FUNC_ARG); inOutIdx = 0; AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0), BAD_FUNC_ARG); inOutIdx = 0; AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0), BAD_FUNC_ARG); inOutIdx = 0; AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, sizeof_dh_pub_key_der_2048), 0); AssertTrue(key.p.used != 0 && key.g.used != 0 && key.q.used == 0 && key.pub.used != 0 && key.priv.used == 0); wc_FreeDhKey(&key); printf(resultFmt, passed); #endif (void)inOutIdx; return ret; } /* * Testing wc_Ed25519KeyToDer */ static int test_wc_Ed25519KeyToDer (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed25519_key ed25519Key; WC_RNG rng; word32 inLen; printf(testingFmt, "wc_Ed25519KeyToDer()"); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } inLen = (word32)sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed25519KeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519KeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Case */ if (ret == 0) { ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen); if (ret > 0) { ret = 0; } } wc_ed25519_free(&ed25519Key); } wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_wc_Ed25519KeyToDer*/ /* * Testing wc_Ed25519PrivateKeyToDer */ static int test_wc_Ed25519PrivateKeyToDer (void) { int ret = 0; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed25519_key ed25519PrivKey; WC_RNG rng; word32 inLen; printf(testingFmt, "wc_Ed25519PrivateKeyToDer()"); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&ed25519PrivKey); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey); } inLen = (word32)sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Case */ if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen); if (ret > 0) { ret = 0; } } wc_ed25519_free(&ed25519PrivKey); } wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_wc_Ed25519PrivateKeyToDer*/ /* * Testing wc_Ed448KeyToDer */ static int test_wc_Ed448KeyToDer (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed448_key ed448Key; WC_RNG rng; word32 inLen; printf(testingFmt, "wc_Ed448KeyToDer()"); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&ed448Key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } inLen = sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed448KeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448KeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448KeyToDer(&ed448Key, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Case */ if (ret == 0) { ret = wc_Ed448KeyToDer(&ed448Key, output, inLen); if (ret > 0) { ret = 0; } } wc_ed448_free(&ed448Key); } wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_wc_Ed448KeyToDer*/ /* * Testing wc_Ed448PrivateKeyToDer */ static int test_wc_Ed448PrivateKeyToDer (void) { int ret = 0; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed448_key ed448PrivKey; WC_RNG rng; word32 inLen; printf(testingFmt, "wc_Ed448PrivateKeyToDer()"); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&ed448PrivKey); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey); } inLen = sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen); if (ret > 0) { ret = 0; } } wc_ed448_free(&ed448PrivKey); } wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_wc_Ed448PrivateKeyToDer*/ /* * Testing wc_SetSubjectBuffer */ static int test_wc_SetSubjectBuffer (void) { int ret = 0; #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) Cert cert; FILE* file; byte* der; word32 derSz; printf(testingFmt, "wc_SetSubjectBuffer()"); derSz = FOURK_BUF; der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = -1; } if (ret == 0) { file = XFOPEN("./certs/ca-cert.der", "rb"); if (file != NULL) { derSz = (word32)XFREAD(der, 1, FOURK_BUF, file); XFCLOSE(file); } else { ret = -1; } } if (ret == 0) { ret = wc_InitCert(&cert); } if (ret == 0) { ret = wc_SetSubjectBuffer(&cert, der, derSz); } if (ret == 0) { ret = wc_SetSubjectBuffer(NULL, der, derSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_wc_SetSubjectBuffer*/ /* * Testing wc_SetSubjectKeyIdFromPublicKey_ex */ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) { int ret = 0; #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) WC_RNG rng; Cert cert; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) ed25519_key ed25519Key; #endif #if !defined(NO_RSA) && defined(HAVE_RSA) RsaKey rsaKey; int bits = 2048; #endif #if defined(HAVE_ECC) ecc_key eccKey; #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) ed448_key ed448Key; #endif printf(testingFmt, "wc_SetSubjectKeyIdFromPublicKey_ex()"); #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else ret = wc_InitRng(&rng); #endif wc_InitCert(&cert); #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, &ed25519Key); } wc_ed25519_free(&ed25519Key); } #endif #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) if (ret == 0) { /*RSA*/ ret = wc_InitRsaKey(&rsaKey, NULL); if (ret == 0) { MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey); } wc_FreeRsaKey(&rsaKey); } #endif #if defined(HAVE_ECC) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &eccKey); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey); } wc_ecc_free(&eccKey); } #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key); } wc_ed448_free(&ed448Key); } #endif printf(resultFmt, ret == 0 ? passed : failed); wc_FreeRng(&rng); #endif return ret; }/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/ /* * Testing wc_SetAuthKeyIdFromPublicKey_ex */ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) { int ret = 0; #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) WC_RNG rng; Cert cert; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) ed25519_key ed25519Key; #endif #if !defined(NO_RSA) && defined(HAVE_RSA) RsaKey rsaKey; int bits = 2048; #endif #if defined(HAVE_ECC) ecc_key eccKey; #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) ed448_key ed448Key; #endif printf(testingFmt, "wc_SetAuthKeyIdFromPublicKey_ex()"); #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else ret = wc_InitRng(&rng); #endif wc_InitCert(&cert); #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, &ed25519Key); } wc_ed25519_free(&ed25519Key); } #endif #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) if (ret == 0) { /*RSA*/ ret = wc_InitRsaKey(&rsaKey, NULL); if (ret == 0) { MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey); } wc_FreeRsaKey(&rsaKey); } #endif #if defined(HAVE_ECC) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &eccKey); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey); } wc_ecc_free(&eccKey); } #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key); } wc_ed448_free(&ed448Key); } #endif printf(resultFmt, ret == 0 ? passed : failed); wc_FreeRng(&rng); #endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/ return ret; }/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/ /* * Testing wc_PKCS7_New() */ static void test_wc_PKCS7_New (void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; void* heap = NULL; printf(testingFmt, "wc_PKCS7_New()"); pkcs7 = wc_PKCS7_New(heap, devId); AssertNotNull(pkcs7); printf(resultFmt, passed); wc_PKCS7_Free(pkcs7); #endif } /* END test-wc_PKCS7_New */ /* * Testing wc_PKCS7_Init() */ static void test_wc_PKCS7_Init (void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; void* heap = NULL; printf(testingFmt, "wc_PKCS7_Init()"); pkcs7 = wc_PKCS7_New(heap, devId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0); /* Pass in bad args. */ AssertIntEQ(wc_PKCS7_Init(NULL, heap, devId), BAD_FUNC_ARG); printf(resultFmt, passed); wc_PKCS7_Free(pkcs7); #endif } /* END test-wc_PKCS7_Init */ /* * Testing wc_PKCS7_InitWithCert() */ static void test_wc_PKCS7_InitWithCert (void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) unsigned char cert[sizeof(client_cert_der_2048)]; int certSz = (int)sizeof(cert); XMEMSET(cert, 0, certSz); XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048)); #elif defined(USE_CERT_BUFFERS_1024) unsigned char cert[sizeof(client_cert_der_1024)]; int certSz = (int)sizeof(cert); XMEMSET(cert, 0, certSz); XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024); #else unsigned char cert[ONEK_BUF]; XFILE fp; int certSz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; int certSz = (int)sizeof(cert); XMEMSET(cert, 0, certSz); XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256)); #else unsigned char cert[ONEK_BUF]; XFILE fp; int certSz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), fp); XFCLOSE(fp); #endif #else #error PKCS7 requires ECC or RSA #endif #ifdef HAVE_ECC /* bad test case from ZD 11011, malformed cert gives bad ECC key */ unsigned char certWithInvalidEccKey[] = { 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26, 0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3, 0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB, 0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6, 0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F, 0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53, 0x08, 0xA8, 0xB4}; #endif printf(testingFmt, "wc_PKCS7_InitWithCert()"); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); /* If initialization is not successful, it's free'd in init func. */ AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); /* Valid initialization usage. */ AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* Pass in bad args. No need free for null checks, free at end.*/ AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz), BAD_FUNC_ARG); #ifdef HAVE_ECC AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey, sizeof(certWithInvalidEccKey)), 0); #endif printf(resultFmt, passed); wc_PKCS7_Free(pkcs7); #endif } /* END test_wc_PKCS7_InitWithCert */ /* * Testing wc_PKCS7_EncodeData() */ static void test_wc_PKCS7_EncodeData (void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; byte output[FOURK_BUF]; byte data[] = "My encoded DER cert."; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) unsigned char cert[sizeof(client_cert_der_2048)]; unsigned char key[sizeof(client_key_der_2048)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); XMEMCPY(key, client_key_der_2048, keySz); #elif defined(USE_CERT_BUFFERS_1024) unsigned char cert[sizeof(sizeof_client_cert_der_1024)]; unsigned char key[sizeof_client_key_der_1024]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); XMEMCPY(key, client_key_der_1024, keySz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp); XFCLOSE(fp); #endif #endif XMEMSET(output, 0, sizeof(output)); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0); printf(testingFmt, "wc_PKCS7_EncodeData()"); pkcs7->content = data; pkcs7->contentSz = sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0); /* Test bad args. */ AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E); printf(resultFmt, passed); wc_PKCS7_Free(pkcs7); #endif } /* END test_wc_PKCS7_EncodeData */ #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \ !defined(NO_RSA) && !defined(NO_SHA256) /* RSA sign raw digest callback */ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz, byte* out, word32 outSz, byte* privateKey, word32 privateKeySz, int devid, int hashOID) { /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */ byte digInfoEncoding[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; int ret; byte digestInfo[ONEK_BUF]; byte sig[FOURK_BUF]; word32 digestInfoSz = 0; word32 idx = 0; RsaKey rsa; /* SHA-256 required only for this example callback due to above * digInfoEncoding[] */ if (pkcs7 == NULL || digest == NULL || out == NULL || (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) || (hashOID != SHA256h)) { return -1; } /* build DigestInfo */ XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding)); digestInfoSz += sizeof(digInfoEncoding); XMEMCPY(digestInfo + digestInfoSz, digest, digestSz); digestInfoSz += digestSz; /* set up RSA key */ ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid); if (ret != 0) { return ret; } ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz); /* sign DigestInfo */ if (ret == 0) { ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig), &rsa, pkcs7->rng); if (ret > 0) { if (ret > (int)outSz) { /* output buffer too small */ ret = -1; } else { /* success, ret holds sig size */ XMEMCPY(out, sig, ret); } } } wc_FreeRsaKey(&rsa); return ret; } #endif /* * Testing wc_PKCS7_EncodeSignedData() */ static void test_wc_PKCS7_EncodeSignedData(void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; WC_RNG rng; byte output[FOURK_BUF]; byte badOut[1]; word32 outputSz = (word32)sizeof(output); word32 badOutSz = 0; byte data[] = "Test data to encode."; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_2048, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); #elif defined(USE_CERT_BUFFERS_1024) byte key[sizeof_client_key_der_1024]; byte cert[sizeof(sizeof_client_cert_der_1024)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_1024, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, certSz); XMEMCPY(key, ecc_clikey_der_256, keySz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, ONEK_BUF, fp); XFCLOSE(fp); #endif #endif XMEMSET(output, 0, outputSz); AssertIntEQ(wc_InitRng(&rng), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); printf(testingFmt, "wc_PKCS7_EncodeSignedData()"); pkcs7->content = data; pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHAh; pkcs7->rng = &rng; AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); /* Pass in bad args. */ AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut, badOutSz), BAD_FUNC_ARG); pkcs7->hashOID = 0; /* bad hashOID */ AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG); #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \ !defined(NO_RSA) && !defined(NO_SHA256) /* test RSA sign raw digest callback, if using RSA and compiled in. * Example callback assumes SHA-256, so only run test if compiled in. */ wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = data; pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0); AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); #endif printf(resultFmt, passed); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); #endif } /* END test_wc_PKCS7_EncodeSignedData */ /* * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex() */ static void test_wc_PKCS7_EncodeSignedData_ex(void) { #if defined(HAVE_PKCS7) int ret, i; PKCS7* pkcs7; WC_RNG rng; byte outputHead[FOURK_BUF/2]; byte outputFoot[FOURK_BUF/2]; word32 outputHeadSz = (word32)sizeof(outputHead); word32 outputFootSz = (word32)sizeof(outputFoot); byte data[FOURK_BUF]; wc_HashAlg hash; enum wc_HashType hashType = WC_HASH_TYPE_SHA; byte hashBuf[WC_MAX_DIGEST_SIZE]; word32 hashSz = wc_HashGetDigestSize(hashType); #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_2048, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); #elif defined(USE_CERT_BUFFERS_1024) byte key[sizeof_client_key_der_1024]; byte cert[sizeof(sizeof_client_cert_der_1024)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_1024, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue((fp != XBADFILE)); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp); XFCLOSE(fp); #endif #endif /* initialize large data with sequence */ for (i=0; i<(int)sizeof(data); i++) data[i] = i & 0xff; XMEMSET(outputHead, 0, outputHeadSz); XMEMSET(outputFoot, 0, outputFootSz); AssertIntEQ(wc_InitRng(&rng), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); printf(testingFmt, "wc_PKCS7_EncodeSignedData()"); pkcs7->content = NULL; /* not used for ex */ pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHAh; pkcs7->rng = &rng; /* calculate hash for content */ ret = wc_HashInit(&hash, hashType); if (ret == 0) { ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); if (ret == 0) { ret = wc_HashFinal(&hash, hashType, hashBuf); } wc_HashFree(&hash, hashType); } AssertIntEQ(ret, 0); /* Perform PKCS7 sign using hash directly */ AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0); AssertIntGT(outputHeadSz, 0); AssertIntGT(outputFootSz, 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* required parameter even on verify when using _ex */ pkcs7->contentSz = (word32)sizeof(data); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, outputFootSz), 0); wc_PKCS7_Free(pkcs7); /* assembly complete PKCS7 sign and use normal verify */ { byte* output = (byte*)XMALLOC(outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); word32 outputSz = 0; AssertNotNull(output); XMEMCPY(&output[outputSz], outputHead, outputHeadSz); outputSz += outputHeadSz; XMEMCPY(&output[outputSz], data, sizeof(data)); outputSz += sizeof(data); XMEMCPY(&output[outputSz], outputFoot, outputFootSz); outputSz += outputFootSz; AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } /* Pass in bad args. */ AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG); pkcs7->hashOID = 0; /* bad hashOID */ AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead, outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead, outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead, outputHeadSz, outputFoot, outputFootSz), BUFFER_E); #endif AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL, outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM /* can pass in 0 buffer length with streaming API */ AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG); #endif AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E); #endif printf(resultFmt, passed); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); #endif } /* END test_wc_PKCS7_EncodeSignedData_ex */ #if defined(HAVE_PKCS7) static int CreatePKCS7SignedData(unsigned char* output, int outputSz, byte* data, word32 dataSz, int withAttribs, int detachedSig) { PKCS7* pkcs7; WC_RNG rng; static byte messageTypeOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 }; static byte messageType[] = { 0x13, 2, '1', '9' }; PKCS7Attrib attribs[] = { { messageTypeOid, sizeof(messageTypeOid), messageType, sizeof(messageType) } }; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_2048, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); #elif defined(USE_CERT_BUFFERS_1024) byte key[sizeof_client_key_der_1024]; byte cert[sizeof(sizeof_client_cert_der_1024)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_1024, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; FILE* fp; int certSz; int keySz; fp = fopen("./certs/1024/client-cert.der", "rb"); AssertNotNull(fp); certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp); fclose(fp); fp = fopen("./certs/1024/client-key.der", "rb"); AssertNotNull(fp); keySz = fread(key, 1, sizeof_client_key_der_1024, fp); fclose(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; FILE* fp; int certSz, keySz; fp = fopen("./certs/client-ecc-cert.der", "rb"); AssertNotNull(fp); certSz = fread(cert, 1, sizeof_cliecc_cert_der_256, fp); fclose(fp); fp = fopen("./certs/client-ecc-key.der", "rb"); AssertNotNull(fp); keySz = fread(key, 1, sizeof_ecc_clikey_der_256, fp); fclose(fp); #endif #endif XMEMSET(output, 0, outputSz); AssertIntEQ(wc_InitRng(&rng), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); printf(testingFmt, "wc_PKCS7_VerifySignedData()"); pkcs7->content = data; pkcs7->contentSz = dataSz; pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHAh; pkcs7->rng = &rng; if (withAttribs) { /* include a signed attribute */ pkcs7->signedAttribs = attribs; pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib)); } if (detachedSig) { AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0); } AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); if (detachedSig) { pkcs7->content = data; pkcs7->contentSz = dataSz; } AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); return outputSz; } #endif /* * Testing wc_PKCS_VerifySignedData() */ static void test_wc_PKCS7_VerifySignedData(void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; byte output[FOURK_BUF]; word32 outputSz = sizeof(output); byte data[] = "Test data to encode."; byte badOut[1]; word32 badOutSz = 0; byte badContent[] = "This is different content than was signed"; AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 0, 0)), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); /* Test bad args. */ AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM /* can pass in 0 buffer length with streaming API */ AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut, badOutSz), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut, badOutSz), BAD_FUNC_ARG); #endif wc_PKCS7_Free(pkcs7); /* Invalid content should error, use detached signature so we can * easily change content */ AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 1, 1)), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); pkcs7->content = badContent; pkcs7->contentSz = sizeof(badContent); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E); wc_PKCS7_Free(pkcs7); /* Test success case with detached signature and valid content */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); pkcs7->content = data; pkcs7->contentSz = sizeof(data); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); printf(resultFmt, passed); #endif } /* END test_wc_PKCS7_VerifySignedData() */ #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ !defined(NO_AES_256) static const byte defKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; static byte aesHandle[32]; /* simulated hardware key handle */ /* return 0 on success */ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out, void* usrCtx) { int ret; Aes aes; if (usrCtx == NULL) { /* no simulated handle passed in */ return -1; } switch (encryptOID) { case AES256CBCb: if (ivSz != AES_BLOCK_SIZE) return BAD_FUNC_ARG; break; default: WOLFSSL_MSG("Unsupported content cipher type for test"); return ALGO_ID_E; }; /* simulate using handle to get key */ ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID); if (ret == 0) { ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION); if (ret == 0) ret = wc_AesCbcDecrypt(&aes, out, in, inSz); wc_AesFree(&aes); } (void)aad; (void)aadSz; (void)authTag; (void)authTagSz; (void)pkcs7; return ret; } /* returns key size on success */ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, word32 keyIdSz, byte* orginKey, word32 orginKeySz, byte* out, word32 outSz, int keyWrapAlgo, int type, int direction) { int ret = -1; if (out == NULL) return BAD_FUNC_ARG; if (keyId[0] != 0x00) { return -1; } if (type != (int)PKCS7_KEKRI) { return -1; } switch (keyWrapAlgo) { case AES256_WRAP: /* simulate setting a handle for later decryption but use key * as handle in the test case here */ ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz, aesHandle, sizeof(aesHandle), NULL); if (ret < 0) return ret; ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle); if (ret < 0) return ret; /* return key size on success */ return sizeof(defKey); default: WOLFSSL_MSG("Unsupported key wrap algorithm in example"); return BAD_KEYWRAP_ALG_E; }; (void)cekSz; (void)cek; (void)outSz; (void)keyIdSz; (void)direction; (void)orginKey; /* used with KAKRI */ (void)orginKeySz; return ret; } #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */ /* * Testing wc_PKCS7_EncodeEnvelopedData() */ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; #ifdef ECC_TIMING_RESISTANT WC_RNG rng; #endif word32 tempWrd32 = 0; byte* tmpBytePtr = NULL; const char input[] = "Test data to encode."; int i; int testSz = 0; #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) byte* rsaCert = NULL; byte* rsaPrivKey = NULL; word32 rsaCertSz; word32 rsaPrivKeySz; #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \ !defined(USE_CERT_BUFFERS_2048) ) static const char* rsaClientCert = "./certs/client-cert.der"; static const char* rsaClientKey = "./certs/client-key.der"; rsaCertSz = (word32)sizeof(rsaClientCert); rsaPrivKeySz = (word32)sizeof(rsaClientKey); #endif #endif #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) byte* eccCert = NULL; byte* eccPrivKey = NULL; word32 eccCertSz; word32 eccPrivKeySz; #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256) static const char* eccClientCert = "./certs/client-ecc-cert.der"; static const char* eccClientKey = "./certs/ecc-client-key.der"; #endif #endif /* Generic buffer size. */ byte output[ONEK_BUF]; byte decoded[sizeof(input)/sizeof(char)]; int decodedSz = 0; #ifndef NO_FILESYSTEM XFILE certFile; XFILE keyFile; #endif #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) /* RSA certs and keys. */ #if defined(USE_CERT_BUFFERS_1024) /* Allocate buffer space. */ AssertNotNull(rsaCert = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ rsaCertSz = (word32)sizeof_client_cert_der_1024; XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz); AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_1024; XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz); #elif defined(USE_CERT_BUFFERS_2048) /* Allocate buffer */ AssertNotNull(rsaCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ rsaCertSz = (word32)sizeof_client_cert_der_2048; XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz); AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_2048; XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz); #else /* File system. */ certFile = XFOPEN(rsaClientCert, "rb"); AssertTrue(certFile != XBADFILE); rsaCertSz = (word32)FOURK_BUF; AssertNotNull(rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile); XFCLOSE(certFile); keyFile = XFOPEN(rsaClientKey, "rb"); AssertTrue(keyFile != XBADFILE); AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)FOURK_BUF; rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile); XFCLOSE(keyFile); #endif /* USE_CERT_BUFFERS */ #endif /* NO_RSA */ /* ECC */ #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) #ifdef USE_CERT_BUFFERS_256 AssertNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ eccCertSz = (word32)sizeof_cliecc_cert_der_256; XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); #else /* File system. */ certFile = XFOPEN(eccClientCert, "rb"); AssertTrue(certFile != XBADFILE); eccCertSz = (word32)FOURK_BUF; AssertNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile); XFCLOSE(certFile); keyFile = XFOPEN(eccClientKey, "rb"); AssertTrue(keyFile != XBADFILE); eccPrivKeySz = (word32)FOURK_BUF; AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile); XFCLOSE(keyFile); #endif /* USE_CERT_BUFFERS_256 */ #endif /* END HAVE_ECC */ /* Silence. */ (void)keyFile; (void)certFile; const pkcs7EnvelopedVector testVectors[] = { /* DATA is a global variable defined in the makefile. */ #if !defined(NO_RSA) #ifndef NO_DES3 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif /* NO_DES3 */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif #ifndef NO_AES_192 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif #ifndef NO_AES_256 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif #endif /* NO_AES && HAVE_AES_CBC */ #endif /* NO_RSA */ #if defined(HAVE_ECC) #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && !defined(NO_AES_128) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif #if !defined(NO_SHA256) && !defined(NO_AES_256) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif #if defined(WOLFSSL_SHA512) && !defined(NO_AES_256) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif #endif /* NO_AES && HAVE_AES_CBC*/ #endif /* END HAVE_ECC */ }; /* END pkcs7EnvelopedVector */ #ifdef ECC_TIMING_RESISTANT AssertIntEQ(wc_InitRng(&rng), 0); #endif printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()"); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0); testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert, (word32)(testVectors + i)->certSz), 0); #ifdef ECC_TIMING_RESISTANT pkcs7->rng = &rng; #endif pkcs7->content = (byte*)(testVectors + i)->content; pkcs7->contentSz = (testVectors + i)->contentSz; pkcs7->contentOID = (testVectors + i)->contentOID; pkcs7->encryptOID = (testVectors + i)->encryptOID; pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID; pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID; pkcs7->privateKey = (testVectors + i)->privateKey; pkcs7->privateKeySz = (testVectors + i)->privateKeySz; AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, (word32)sizeof(output)), 0); decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)); AssertIntGE(decodedSz, 0); /* Verify the size of each buffer. */ AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz); /* Don't free the last time through the loop. */ if (i < testSz - 1 ){ wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); } } /* END test loop. */ /* Test bad args. */ AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG); printf(resultFmt, passed); /* Decode. */ printf(testingFmt, "wc_PKCS7_DecodeEnvelopedData()"); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) /* only a failure for KARI test cases */ tempWrd32 = pkcs7->singleCertSz; pkcs7->singleCertSz = 0; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->singleCertSz = tempWrd32; tmpBytePtr = pkcs7->singleCert; pkcs7->singleCert = NULL; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->singleCert = tmpBytePtr; #endif tempWrd32 = pkcs7->privateKeySz; pkcs7->privateKeySz = 0; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->privateKeySz = tempWrd32; tmpBytePtr = pkcs7->privateKey; pkcs7->privateKey = NULL; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->privateKey = tmpBytePtr; wc_PKCS7_Free(pkcs7); #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256) /* test of decrypt callback with KEKRI enveloped data */ { int envelopedSz; const byte keyId[] = { 0x00 }; AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); pkcs7->content = (byte*)input; pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char)); pkcs7->contentOID = DATA; pkcs7->encryptOID = AES256CBCb; AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)defKey, sizeof(defKey), (byte*)keyId, sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0); AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0); AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output, (word32)sizeof(output))), 0); wc_PKCS7_Free(pkcs7); /* decode envelopedData */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0); AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0); AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, envelopedSz, decoded, sizeof(decoded))), 0); wc_PKCS7_Free(pkcs7); } #endif /* !NO_AES && !NO_AES_256 */ printf(resultFmt, passed); #ifndef NO_RSA if (rsaCert) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } if (rsaPrivKey) { XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /*NO_RSA */ #ifdef HAVE_ECC if (eccCert) { XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } if (eccPrivKey) { XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_ECC */ #ifdef ECC_TIMING_RESISTANT wc_FreeRng(&rng); #endif #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) { byte out[7]; byte *cms; word32 cmsSz; XFILE cmsFile; XMEMSET(out, 0, sizeof(out)); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb"); AssertTrue(cmsFile != XBADFILE); cmsSz = (word32)FOURK_BUF; AssertNotNull(cms = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile); XFCLOSE(cmsFile); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048, sizeof_client_cert_der_2048), 0); pkcs7->privateKey = (byte*)client_key_der_2048; pkcs7->privateKeySz = sizeof_client_key_der_2048; AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out, sizeof(out)), 0); XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertIntEQ(XMEMCMP(out, "test", 4), 0); wc_PKCS7_Free(pkcs7); } #endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */ #endif /* HAVE_PKCS7 */ } /* END test_wc_PKCS7_EncodeEnvelopedData() */ /* * Testing wc_PKCS7_EncodeEncryptedData() */ static void test_wc_PKCS7_EncodeEncryptedData (void) { #if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA) PKCS7* pkcs7 = NULL; byte* tmpBytePtr = NULL; byte encrypted[TWOK_BUF]; byte decoded[TWOK_BUF]; word32 tmpWrd32 = 0; int tmpInt = 0; int decodedSz; int encryptedSz; int testSz; int i; const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; #ifndef NO_DES3 byte desKey[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; byte des3Key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; #endif #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 byte aes128Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif #ifndef NO_AES_192 byte aes192Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif #ifndef NO_AES_256 byte aes256Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif #endif /* !NO_AES && HAVE_AES_CBC */ const pkcs7EncryptedVector testVectors[] = { #ifndef NO_DES3 {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)}, {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)}, #endif /* !NO_DES3 */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, sizeof(aes128Key)}, #endif #ifndef NO_AES_192 {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, sizeof(aes192Key)}, #endif #ifndef NO_AES_256 {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, sizeof(aes256Key)}, #endif #endif /* !NO_AES && HAVE_AES_CBC */ }; testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); for (i = 0; i < testSz; i++) { AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0); pkcs7->content = (byte*)testVectors[i].content; pkcs7->contentSz = testVectors[i].contentSz; pkcs7->contentOID = testVectors[i].contentOID; pkcs7->encryptOID = testVectors[i].encryptOID; pkcs7->encryptionKey = testVectors[i].encryptionKey; pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; pkcs7->heap = HEAP_HINT; /* encode encryptedData */ encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)); AssertIntGT(encryptedSz, 0); /* Decode encryptedData */ decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0); /* Keep values for last itr. */ if (i < testSz - 1) { wc_PKCS7_Free(pkcs7); } } if (pkcs7 == NULL || testSz == 0) { AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0); } printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()"); AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted, sizeof(encrypted)),BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL, sizeof(encrypted)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, 0), BAD_FUNC_ARG); /* Testing the struct. */ tmpBytePtr = pkcs7->content; pkcs7->content = NULL; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->content = tmpBytePtr; tmpWrd32 = pkcs7->contentSz; pkcs7->contentSz = 0; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->contentSz = tmpWrd32; tmpInt = pkcs7->encryptOID; pkcs7->encryptOID = 0; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->encryptOID = tmpInt; tmpBytePtr = pkcs7->encryptionKey; pkcs7->encryptionKey = NULL; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->encryptionKey = tmpBytePtr; tmpWrd32 = pkcs7->encryptionKeySz; pkcs7->encryptionKeySz = 0; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->encryptionKeySz = tmpWrd32; printf(resultFmt, passed); printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()"); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0, decoded, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, NULL, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, 0), BAD_FUNC_ARG); /* Test struct fields */ tmpBytePtr = pkcs7->encryptionKey; pkcs7->encryptionKey = NULL; AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); pkcs7->encryptionKey = tmpBytePtr; pkcs7->encryptionKeySz = 0; AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); printf(resultFmt, passed); wc_PKCS7_Free(pkcs7); #endif } /* END test_wc_PKCS7_EncodeEncryptedData() */ /* * Testing wc_PKCS7_Degenerate() */ static void test_wc_PKCS7_Degenerate(void) { #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) PKCS7* pkcs7; char fName[] = "./certs/test-degenerate.p7b"; XFILE f; byte der[4096]; word32 derSz; int ret; printf(testingFmt, "wc_PKCS7_Degenerate()"); AssertNotNull(f = XFOPEN(fName, "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); /* test degenerate success */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); #ifndef NO_RSA AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #else AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #endif wc_PKCS7_Free(pkcs7); /* test with turning off degenerate cases */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */ AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E); wc_PKCS7_Free(pkcs7); printf(resultFmt, passed); #endif } /* END test_wc_PKCS7_Degenerate() */ #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ defined(ASN_BER_TO_DER) && !defined(NO_DES3) static byte berContent[] = { 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30, 0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48, 0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30, 0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3, 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, 0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62, 0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A, 0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72, 0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8, 0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7, 0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32, 0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF, 0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76, 0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A, 0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72, 0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7, 0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09, 0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A, 0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7, 0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37, 0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C, 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16, 0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03, 0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C, 0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86, 0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A, 0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9, 0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C, 0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F, 0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0, 0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1, 0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0, 0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94, 0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D, 0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75, 0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D, 0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F, 0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF, 0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48, 0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81, 0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE, 0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A, 0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32, 0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36, 0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7, 0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19, 0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42, 0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A, 0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67, 0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD, 0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF, 0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D, 0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7, 0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87, 0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA, 0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B, 0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D, 0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4, 0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E, 0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7, 0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4, 0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A, 0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11, 0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D, 0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B, 0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85, 0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C, 0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3, 0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64, 0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A, 0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC, 0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36, 0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C, 0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69, 0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0, 0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1, 0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27, 0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C, 0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80, 0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41, 0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44, 0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B, 0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E, 0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56, 0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D, 0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1, 0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7, 0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40, 0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6, 0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23, 0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0, 0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39, 0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C, 0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C, 0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7, 0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD, 0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C, 0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8, 0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4, 0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99, 0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9, 0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61, 0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5, 0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B, 0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A, 0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71, 0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66, 0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD, 0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF, 0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8, 0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5, 0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91, 0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C, 0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A, 0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE, 0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B, 0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3, 0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1, 0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06, 0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11, 0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75, 0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A, 0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49, 0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6, 0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26, 0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4, 0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D, 0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF, 0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C, 0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26, 0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA, 0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB, 0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC, 0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81, 0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7, 0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18, 0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D, 0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01, 0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB, 0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44, 0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C, 0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70, 0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B, 0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36, 0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7, 0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E, 0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D, 0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06, 0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92, 0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03, 0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C, 0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED, 0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A, 0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2, 0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50, 0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16, 0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4, 0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF, 0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E, 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; #endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */ /* * Testing wc_PKCS7_BER() */ static void test_wc_PKCS7_BER(void) { #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ defined(ASN_BER_TO_DER) PKCS7* pkcs7; char fName[] = "./certs/test-ber-exp02-05-2022.p7b"; XFILE f; byte der[4096]; #ifndef NO_DES3 byte decoded[2048]; #endif word32 derSz; int ret; printf(testingFmt, "wc_PKCS7_BER()"); AssertNotNull(f = XFOPEN(fName, "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); #ifndef NO_RSA AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #else AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #endif wc_PKCS7_Free(pkcs7); #ifndef NO_DES3 /* decode BER content */ AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); #ifndef NO_RSA AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); #else AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); #endif AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); pkcs7->privateKey = der; pkcs7->privateKeySz = derSz; #ifndef NO_RSA #ifdef WOLFSSL_SP_MATH AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E); #else AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded)), 0); #endif #else AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN); #endif wc_PKCS7_Free(pkcs7); #endif /* !NO_DES3 */ printf(resultFmt, passed); #endif } /* END test_wc_PKCS7_BER() */ static void test_PKCS7_signed_enveloped(void) { #if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \ !defined(NO_FILESYSTEM) XFILE f; PKCS7* pkcs7; #ifdef HAVE_AES_CBC PKCS7* inner; #endif void* pt; WC_RNG rng; unsigned char key[FOURK_BUF/2]; unsigned char cert[FOURK_BUF/2]; unsigned char env[FOURK_BUF]; int envSz = FOURK_BUF; int keySz; int certSz; unsigned char sig[FOURK_BUF * 2]; int sigSz = FOURK_BUF * 2; #ifdef HAVE_AES_CBC unsigned char decoded[FOURK_BUF]; int decodedSz = FOURK_BUF; #endif printf(testingFmt, "PKCS7_signed_enveloped"); /* load cert */ AssertNotNull(f = XFOPEN(cliCertDerFile, "rb")); AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0); XFCLOSE(f); /* load key */ AssertNotNull(f = XFOPEN(cliKeyFile, "rb")); AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0); XFCLOSE(f); keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL); /* sign cert for envelope */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = cert; pkcs7->contentSz = certSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); #ifdef HAVE_AES_CBC /* create envelope */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = sig; pkcs7->contentSz = sigSz; pkcs7->contentOID = DATA; pkcs7->encryptOID = AES256CBCb; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0); wc_PKCS7_Free(pkcs7); #endif /* create bad signed enveloped data */ sigSz = FOURK_BUF * 2; AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = env; pkcs7->contentSz = envSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; /* Set no certs in bundle for this test. Hang on to the pointer though to * free it later. */ pt = (void*)pkcs7->certList; pkcs7->certList = NULL; /* no certs in bundle */ AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */ wc_PKCS7_Free(pkcs7); /* check verify fails */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), PKCS7_SIGNEEDS_CHECK); /* try verifying the signature manually */ { RsaKey rKey; word32 idx = 0; byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ + WC_MAX_DIGEST_SIZE]; int digestSz; AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0); AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0); digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz, digest, sizeof(digest), &rKey); AssertIntGT(digestSz, 0); AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz); AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0); AssertIntEQ(wc_FreeRsaKey(&rKey), 0); /* verify was success */ } wc_PKCS7_Free(pkcs7); /* initializing the PKCS7 struct with the signing certificate should pass */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); wc_PKCS7_Free(pkcs7); /* create valid degenerate bundle */ sigSz = FOURK_BUF * 2; AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); pkcs7->content = env; pkcs7->contentSz = envSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0); AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); /* check verify */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); AssertNotNull(pkcs7->content); #ifdef HAVE_AES_CBC /* check decode */ AssertNotNull(inner = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0); inner->privateKey = key; inner->privateKeySz = keySz; AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content, pkcs7->contentSz, decoded, decodedSz)), 0); wc_PKCS7_Free(inner); #endif wc_PKCS7_Free(pkcs7); #ifdef HAVE_AES_CBC /* check cert set */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0); AssertNotNull(pkcs7->singleCert); AssertIntNE(pkcs7->singleCertSz, 0); wc_PKCS7_Free(pkcs7); #endif printf(resultFmt, passed); #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */ } static void test_wc_PKCS7_NoDefaultSignedAttribs (void) { #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) PKCS7* pkcs7; void* heap = NULL; printf(testingFmt, "wc_PKCS7_NoDefaultSignedAttribs()"); pkcs7 = wc_PKCS7_New(heap, devId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0); AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0); wc_PKCS7_Free(pkcs7); printf(resultFmt, passed); #endif } static void test_wc_PKCS7_SetOriEncryptCtx (void) { #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) PKCS7* pkcs7; void* heap = NULL; WOLFSSL_CTX* ctx; ctx = NULL; printf(testingFmt, "wc_PKCS7_SetOriEncryptCtx()"); pkcs7 = wc_PKCS7_New(heap, devId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0); AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0); wc_PKCS7_Free(pkcs7); printf(resultFmt, passed); #endif } static void test_wc_PKCS7_SetOriDecryptCtx (void) { #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) PKCS7* pkcs7; void* heap = NULL; WOLFSSL_CTX* ctx; ctx = NULL; printf(testingFmt, "wc_PKCS7_SetOriDecryptCtx()"); pkcs7 = wc_PKCS7_New(heap, devId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0); AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0); wc_PKCS7_Free(pkcs7); printf(resultFmt, passed); #endif } static void test_wc_PKCS7_DecodeCompressedData(void) { #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) && defined(HAVE_LIBZ) PKCS7* pkcs7; void* heap = NULL; byte out[4096]; byte *decompressed; int outSz, decompressedSz; const char* cert = "./certs/client-cert.pem"; byte* cert_buf = NULL; size_t cert_sz = 0; printf(testingFmt, "wc_PKCS7_DecodeCompressedData()"); AssertIntEQ(load_file(cert, &cert_buf, &cert_sz), 0); AssertNotNull((decompressed = (byte*)XMALLOC(cert_sz, heap, DYNAMIC_TYPE_TMP_BUFFER))); decompressedSz = (int)cert_sz; AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId))); pkcs7->content = (byte*)cert_buf; pkcs7->contentSz = (word32)cert_sz; pkcs7->contentOID = DATA; AssertIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out, sizeof(out))), 0); wc_PKCS7_Free(pkcs7); /* compressed key should be smaller than when started */ AssertIntLT(outSz, cert_sz); /* test decompression */ AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId))); AssertIntEQ(pkcs7->contentOID, 0); /* fail case with out buffer too small */ AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz, decompressed, outSz), 0); /* success case */ AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz, decompressed, decompressedSz), cert_sz); AssertIntEQ(pkcs7->contentOID, DATA); AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); decompressed = NULL; /* test decompression function with different 'max' inputs */ outSz = sizeof(out); AssertIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)), 0); AssertIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER, out, outSz, 0, heap), 0); AssertNull(decompressed); AssertIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER, out, outSz, 0, heap), 0); AssertNotNull(decompressed); AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); decompressed = NULL; AssertIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5, out, outSz, 0, heap), 0); AssertNotNull(decompressed); AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); if (cert_buf) free(cert_buf); wc_PKCS7_Free(pkcs7); printf(resultFmt, passed); #endif } static void test_wc_i2d_PKCS12(void) { #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \ && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA) WC_PKCS12* pkcs12 = NULL; unsigned char der[FOURK_BUF * 2]; unsigned char* pt; int derSz; unsigned char out[FOURK_BUF * 2]; int outSz = FOURK_BUF * 2; const char p12_f[] = "./certs/test-servercert.p12"; XFILE f; printf(testingFmt, "wc_i2d_PKCS12"); f = XFOPEN(p12_f, "rb"); AssertNotNull(f); derSz = (int)XFREAD(der, 1, sizeof(der), f); AssertIntGT(derSz, 0); XFCLOSE(f); AssertNotNull(pkcs12 = wc_PKCS12_new()); AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0); AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E); AssertIntEQ(outSz, derSz); outSz = derSz - 1; pt = out; AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0); outSz = derSz; AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz); AssertIntEQ((pt == out), 0); pt = NULL; AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz); XFREE(pt, NULL, DYNAMIC_TYPE_PKCS); wc_PKCS12_free(pkcs12); printf(resultFmt, passed); #endif } /* Testing wc_SignatureGetSize() for signature type ECC */ static int test_wc_SignatureGetSize_ecc(void) { int ret = 0; #ifndef NO_SIG_WRAPPER #if defined(HAVE_ECC) && !defined(NO_ECC256) enum wc_SignatureType sig_type; word32 key_len; /* Initialize ECC Key */ ecc_key ecc; const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; const char* qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; const char* d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; ret = wc_ecc_init(&ecc); if (ret == 0) { ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); } printf(testingFmt, "wc_SigntureGetSize_ecc()"); if (ret == 0) { /* Input for signature type ECC */ sig_type = WC_SIGNATURE_TYPE_ECC; key_len = sizeof(ecc_key); ret = wc_SignatureGetSize(sig_type, &ecc, key_len); /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_ECC; ret = wc_SignatureGetSize(sig_type, NULL, key_len); } if (ret >= 0) { key_len = (word32) 0; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); } if (ret == BAD_FUNC_ARG) { ret = SIG_TYPE_E; } } } else { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&ecc); #else ret = SIG_TYPE_E; #endif if (ret == SIG_TYPE_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif /* NO_SIG_WRAPPER */ return ret; }/* END test_wc_SignatureGetSize_ecc() */ /* Testing wc_SignatureGetSize() for signature type rsa */ static int test_wc_SignatureGetSize_rsa(void) { int ret = 0; #ifndef NO_SIG_WRAPPER #ifndef NO_RSA enum wc_SignatureType sig_type; word32 key_len; word32 idx = 0; /* Initialize RSA Key */ RsaKey rsa_key; byte* tmp = NULL; size_t bytes; #ifdef USE_CERT_BUFFERS_1024 bytes = (size_t)sizeof_client_key_der_1024; if (bytes < (size_t)sizeof_client_key_der_1024) bytes = (size_t)sizeof_client_cert_der_1024; #elif defined(USE_CERT_BUFFERS_2048) bytes = (size_t)sizeof_client_key_der_2048; if (bytes < (size_t)sizeof_client_cert_der_2048) bytes = (size_t)sizeof_client_cert_der_2048; #else bytes = FOURK_BUF; #endif tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp != NULL) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); #elif !defined(NO_FILESYSTEM) file = XFOPEN(clientKey, "rb"); if (file != XBADFILE) { bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file); XFCLOSE(file); } else { ret = WOLFSSL_FATAL_ERROR; } #else ret = WOLFSSL_FATAL_ERROR; #endif } else { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); } if (ret == 0) { ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes); } printf(testingFmt, "wc_SigntureGetSize_rsa()"); if (ret == 0) { /* Input for signature type RSA */ sig_type = WC_SIGNATURE_TYPE_RSA; key_len = sizeof(RsaKey); ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_RSA; ret = wc_SignatureGetSize(sig_type, NULL, key_len); } #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { #else if (ret == 0) { #endif key_len = (word32)0; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); } if (ret == BAD_FUNC_ARG) { ret = SIG_TYPE_E; } } } else { ret = WOLFSSL_FATAL_ERROR; } wc_FreeRsaKey(&rsa_key); XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else ret = SIG_TYPE_E; #endif if (ret == SIG_TYPE_E) { ret = 0; }else { ret = WOLFSSL_FATAL_ERROR; } printf(resultFmt, ret == 0 ? passed : failed); #endif /* NO_SIG_WRAPPER */ return ret; }/* END test_wc_SignatureGetSize_rsa(void) */ /*----------------------------------------------------------------------------* | hash.h Tests *----------------------------------------------------------------------------*/ static int test_wc_HashInit(void) { int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ wc_HashAlg hash; /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 WC_HASH_TYPE_MD5, #endif #ifndef NO_SHA WC_HASH_TYPE_SHA, #endif #ifndef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, #endif #ifndef NO_SHA256 WC_HASH_TYPE_SHA256, #endif #ifndef WOLFSSL_SHA384 WC_HASH_TYPE_SHA384, #endif #ifndef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif }; /* dynamically finds the length */ int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); /* For loop to test various arguments... */ for (i = 0; i < enumlen; i++) { /* check for bad args */ if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) { ret = 1; break; } wc_HashFree(&hash, enumArray[i]); /* check for null ptr */ if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) { ret = 1; break; } } /* end of for loop */ printf(testingFmt, "wc_HashInit()"); if (ret==0) { /* all tests have passed */ printf(resultFmt, passed); } else { /* a test has failed */ printf(resultFmt, failed); } return ret; } /* end of test_wc_HashInit */ /* * Unit test function for wc_HashSetFlags() */ static int test_wc_HashSetFlags(void) { int ret = 0; #ifdef WOLFSSL_HASH_FLAGS wc_HashAlg hash; word32 flags = 0; int i, j; printf(testingFmt, "wc_HashSetFlags()"); /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 WC_HASH_TYPE_MD5, #endif #ifndef NO_SHA WC_HASH_TYPE_SHA, #endif #ifdef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, #endif #ifndef NO_SHA256 WC_HASH_TYPE_SHA256, #endif #ifdef WOLFSSL_SHA384 WC_HASH_TYPE_SHA384, #endif #ifdef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif #ifdef WOLFSSL_SHA3 WC_HASH_TYPE_SHA3_224, #endif }; enum wc_HashType notSupported[] = { WC_HASH_TYPE_MD5_SHA, WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, WC_HASH_TYPE_BLAKE2B, WC_HASH_TYPE_BLAKE2S, WC_HASH_TYPE_NONE, }; /* dynamically finds the length */ int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); /* For loop to test various arguments... */ for (i = 0; i < enumlen; i++) { ret = wc_HashInit(&hash, enumArray[i]); if (ret == 0) { ret = wc_HashSetFlags(&hash, enumArray[i], flags); } if (ret == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { ret = 0; } } if (ret == 0) { ret = wc_HashSetFlags(NULL, enumArray[i], flags); if (ret == BAD_FUNC_ARG) { ret = 0; } } wc_HashFree(&hash, enumArray[i]); } /* For loop to test not supported cases */ int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType)); for (j = 0; ret == 0 && j < notSupportedLen; j++){ ret = wc_HashInit(&hash, notSupported[j]); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG){ ret = wc_HashSetFlags(&hash, notSupported[j], flags); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_HashFree(&hash, notSupported[j]); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_HashSetFlags */ /* * Unit test function for wc_HashGetFlags() */ static int test_wc_HashGetFlags(void) { int ret = 0; #ifdef WOLFSSL_HASH_FLAGS wc_HashAlg hash; word32 flags = 0; int i, j; printf(testingFmt, "wc_HashGetFlags()"); /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 WC_HASH_TYPE_MD5, #endif #ifndef NO_SHA WC_HASH_TYPE_SHA, #endif #ifdef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, #endif #ifndef NO_SHA256 WC_HASH_TYPE_SHA256, #endif #ifdef WOLFSSL_SHA384 WC_HASH_TYPE_SHA384, #endif #ifdef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif #ifdef WOLFSSL_SHA3 WC_HASH_TYPE_SHA3_224, #endif }; enum wc_HashType notSupported[] = { WC_HASH_TYPE_MD5_SHA, WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, WC_HASH_TYPE_BLAKE2B, WC_HASH_TYPE_BLAKE2S, WC_HASH_TYPE_NONE, }; int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); /* For loop to test various arguments... */ for (i = 0; i < enumlen; i++) { ret = wc_HashInit(&hash, enumArray[i]); if (ret == 0) { ret = wc_HashGetFlags(&hash, enumArray[i], &flags); } if (ret == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { ret = 0; } } if (ret == 0) { ret = wc_HashGetFlags(NULL, enumArray[i], &flags); if (ret == BAD_FUNC_ARG) { ret = 0; } } wc_HashFree(&hash, enumArray[i]); if (ret != 0) { break; } } /* For loop to test not supported cases */ int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType)); for (j = 0; ret == 0 && j < notSupportedLen; j++){ ret = wc_HashInit(&hash, notSupported[j]); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG){ ret = wc_HashGetFlags(&hash, notSupported[j], &flags); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_HashFree(&hash, notSupported[j]); if (ret == 0) { ret = -1; } if (ret == BAD_FUNC_ARG) { ret = 0; } } } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; } /* END test_wc_HashGetFlags */ /*----------------------------------------------------------------------------* | Compatibility Tests *----------------------------------------------------------------------------*/ static void test_wolfSSL_lhash(void) { #ifdef OPENSSL_ALL const char testStr[] = "Like a true nature's child\n" "We were born\n" "Born to be wild"; printf(testingFmt, "wolfSSL_LH_strhash()"); AssertIntEQ(lh_strhash(testStr), 0x5b7541dc); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_NAME(void) { #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ defined(OPENSSL_EXTRA)) X509* x509; const unsigned char* c; unsigned char buf[4096]; int bytes; XFILE f; const X509_NAME* a; const X509_NAME* b; X509_NAME* d2i_name = NULL; int sz; unsigned char* tmp; char file[] = "./certs/ca-cert.der"; #ifndef OPENSSL_EXTRA_X509_SMALL byte empty[] = { /* CN=empty emailAddress= */ 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70, 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x00 }; #endif printf(testingFmt, "wolfSSL_X509_NAME()"); #ifndef OPENSSL_EXTRA_X509_SMALL /* test compile of deprecated function, returns 0 */ AssertIntEQ(CRYPTO_thread_id(), 0); #endif AssertNotNull(a = X509_NAME_new()); X509_NAME_free((X509_NAME*)a); f = XFOPEN(file, "rb"); AssertTrue(f != XBADFILE); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); c = buf; AssertNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes)); /* test cmp function */ AssertNotNull(a = X509_get_issuer_name(x509)); AssertNotNull(b = X509_get_subject_name(x509)); #ifndef OPENSSL_EXTRA_X509_SMALL AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ #endif tmp = buf; AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); if (sz > 0 && tmp == buf) { printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ printf(" Expected pointer to be incremented\n"); abort(); } #ifndef OPENSSL_EXTRA_X509_SMALL tmp = buf; AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); #endif /* retry but with the function creating a buffer */ tmp = NULL; AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); AssertNotNull(b = X509_NAME_dup((X509_NAME*)a)); #ifndef OPENSSL_EXTRA_X509_SMALL AssertIntEQ(X509_NAME_cmp(a, b), 0); #endif X509_NAME_free((X509_NAME*)b); X509_NAME_free(d2i_name); X509_free(x509); #ifndef OPENSSL_EXTRA_X509_SMALL /* test with an empty domain component */ tmp = empty; sz = sizeof(empty); AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); AssertIntEQ(X509_NAME_entry_count(d2i_name), 2); /* size of empty emailAddress will be 0 */ tmp = buf; AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress, (char*)tmp, sizeof(buf)), 0); /* should contain no organization name */ tmp = buf; AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName, (char*)tmp, sizeof(buf)), -1); X509_NAME_free(d2i_name); #endif printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ } static void test_wolfSSL_X509_NAME_hash(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO) BIO* bio; X509* x509 = NULL; printf(testingFmt, "wolfSSL_X509_NAME_hash"); AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); AssertIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0xF6CF410E); AssertIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0x677DD39A); X509_free(x509); BIO_free(bio); printf(resultFmt, passed); #endif } #ifndef NO_BIO static void test_wolfSSL_X509_INFO(void) { #if defined(OPENSSL_ALL) && !defined(NO_RSA) STACK_OF(X509_INFO) *info_stack; X509_INFO *info; BIO *cert; int i; /* PEM in hex format to avoid null terminator */ byte data[] = { 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d }; /* PEM in hex format to avoid null terminator */ byte data2[] = { 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72, 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71, 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d }; printf(testingFmt, "wolfSSL_X509_INFO"); AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { AssertNotNull(info = sk_X509_INFO_value(info_stack, i)); AssertNotNull(info->x509); AssertNull(info->crl); } sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); /* This case should fail due to invalid input. */ AssertNotNull(cert = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data)); AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); AssertNotNull(cert = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2)); AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); printf(resultFmt, passed); #endif } #endif static void test_wolfSSL_X509_subject_name_hash(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) X509* x509; X509_NAME* subjectName = NULL; unsigned long ret = 0; printf(testingFmt, "wolfSSL_X509_subject_name_hash()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); ret = X509_subject_name_hash(x509); AssertIntNE(ret, 0); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_issuer_name_hash(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) X509* x509; X509_NAME* issuertName = NULL; unsigned long ret = 0; printf(testingFmt, "wolfSSL_X509_issuer_name_hash()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509)); ret = X509_issuer_name_hash(x509); AssertIntNE(ret, 0); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_check_host(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_SHA) && !defined(NO_RSA) X509* x509; const char altName[] = "example.com"; printf(testingFmt, "wolfSSL_X509_check_host()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), WOLFSSL_FAILURE); X509_free(x509); AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), WOLFSSL_FAILURE); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_check_email(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) X509* x509; const char goodEmail[] = "info@wolfssl.com"; const char badEmail[] = "disinfo@wolfssl.com"; printf(testingFmt, "wolfSSL_X509_check_email()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); /* Should fail on non-matching email address */ AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), WOLFSSL_FAILURE); /* Should succeed on matching email address */ AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0), WOLFSSL_SUCCESS); /* Should compute length internally when not provided */ AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), WOLFSSL_SUCCESS); /* Should fail when email address is NULL */ AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), WOLFSSL_FAILURE); X509_free(x509); /* Should fail when x509 is NULL */ AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), WOLFSSL_FAILURE); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ } static void test_wolfSSL_DES(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) const_DES_cblock myDes; DES_cblock iv; DES_key_schedule key; word32 i; DES_LONG dl; unsigned char msg[] = "hello wolfssl"; printf(testingFmt, "wolfSSL_DES()"); DES_check_key(1); DES_set_key(&myDes, &key); /* check, check of odd parity */ XMEMSET(myDes, 4, sizeof(const_DES_cblock)); myDes[0] = 6; /*set even parity*/ XMEMSET(key, 5, sizeof(DES_key_schedule)); AssertIntEQ(DES_set_key_checked(&myDes, &key), -1); AssertIntNE(key[0], myDes[0]); /* should not have copied over key */ /* set odd parity for success case */ DES_set_odd_parity(&myDes); AssertIntEQ(DES_check_key_parity(&myDes), 1); printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]); AssertIntEQ(DES_set_key_checked(&myDes, &key), 0); for (i = 0; i < sizeof(DES_key_schedule); i++) { AssertIntEQ(key[i], myDes[i]); } AssertIntEQ(DES_is_weak_key(&myDes), 0); /* check weak key */ XMEMSET(myDes, 1, sizeof(const_DES_cblock)); XMEMSET(key, 5, sizeof(DES_key_schedule)); AssertIntEQ(DES_set_key_checked(&myDes, &key), -2); AssertIntNE(key[0], myDes[0]); /* should not have copied over key */ /* now do unchecked copy of a weak key over */ DES_set_key_unchecked(&myDes, &key); /* compare arrays, should be the same */ for (i = 0; i < sizeof(DES_key_schedule); i++) { AssertIntEQ(key[i], myDes[i]); } AssertIntEQ(DES_is_weak_key(&myDes), 1); /* check DES_key_sched API */ XMEMSET(key, 1, sizeof(DES_key_schedule)); AssertIntEQ(DES_key_sched(&myDes, NULL), 0); AssertIntEQ(DES_key_sched(NULL, &key), 0); AssertIntEQ(DES_key_sched(&myDes, &key), 0); /* compare arrays, should be the same */ for (i = 0; i < sizeof(DES_key_schedule); i++) { AssertIntEQ(key[i], myDes[i]); } /* DES_cbc_cksum should return the last 4 of the last 8 bytes after * DES_cbc_encrypt on the input */ XMEMSET(iv, 0, sizeof(DES_cblock)); XMEMSET(myDes, 5, sizeof(DES_key_schedule)); AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0); AssertIntEQ(dl, 480052723); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ } static void test_wc_PemToDer(void) { #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) int ret; DerBuffer* pDer = NULL; const char* ca_cert = "./certs/server-cert.pem"; byte* cert_buf = NULL; size_t cert_sz = 0; int eccKey = 0; EncryptedInfo info; printf(testingFmt, "wc_PemToDer()"); XMEMSET(&info, 0, sizeof(info)); ret = load_file(ca_cert, &cert_buf, &cert_sz); if (ret == 0) { ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE, &pDer, NULL, &info, &eccKey); AssertIntEQ(ret, 0); wc_FreeDer(&pDer); } if (cert_buf) free(cert_buf); #ifdef HAVE_ECC { const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem"; byte key_buf[256] = {0}; /* Test fail of loading a key with cert type */ AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0); key_buf[0] = '\n'; XMEMCPY(key_buf + 1, cert_buf, cert_sz); AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE, &pDer, NULL, &info, &eccKey)), 0); #ifdef OPENSSL_EXTRA AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE, &pDer, NULL, &info, &eccKey)), 0); #endif wc_FreeDer(&pDer); if (cert_buf) free(cert_buf); } #endif printf(resultFmt, passed); #endif } static void test_wc_AllocDer(void) { #if !defined(NO_CERTS) int ret; DerBuffer* pDer = NULL; word32 testSize = 1024; printf(testingFmt, "wc_AllocDer()"); ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT); AssertIntEQ(ret, 0); AssertNotNull(pDer); wc_FreeDer(&pDer); printf(resultFmt, passed); #endif } static void test_wc_CertPemToDer(void) { #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) int ret; const char* ca_cert = "./certs/ca-cert.pem"; byte* cert_buf = NULL; size_t cert_sz = 0, cert_dersz = 0; byte* cert_der = NULL; printf(testingFmt, "wc_CertPemToDer()"); ret = load_file(ca_cert, &cert_buf, &cert_sz); if (ret == 0) { cert_dersz = cert_sz; /* DER will be smaller than PEM */ cert_der = (byte*)malloc(cert_dersz); if (cert_der) { ret = wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz, CERT_TYPE); AssertIntGE(ret, 0); } } if (cert_der) free(cert_der); if (cert_buf) free(cert_buf); #endif } static void test_wc_PubKeyPemToDer(void) { #ifdef WOLFSSL_PEM_TO_DER #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) int ret; const char* key = "./certs/ecc-client-keyPub.pem"; byte* cert_buf = NULL; size_t cert_sz = 0, cert_dersz = 0; byte* cert_der = NULL; printf(testingFmt, "wc_PubKeyPemToDer()"); ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz); AssertIntGE(ret, BAD_FUNC_ARG); ret = load_file(key, &cert_buf, &cert_sz); if (ret == 0) { cert_dersz = cert_sz; /* DER will be smaller than PEM */ cert_der = (byte*)malloc(cert_dersz); if (cert_der) { ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz); AssertIntGE(ret, 0); } } if (cert_der) free(cert_der); if (cert_buf) free(cert_buf); #endif #endif } static void test_wc_PemPubKeyToDer(void) { #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) int ret; const char* key = "./certs/ecc-client-keyPub.pem"; size_t cert_dersz = 1024; byte* cert_der = (byte*)malloc(cert_dersz); printf(testingFmt, "wc_PemPubKeyToDer()"); ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz); AssertIntGE(ret, BAD_FUNC_ARG); if (cert_der) { ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz); AssertIntGE(ret, 0); free(cert_der); } #endif } static void test_wolfSSL_certs(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) X509* x509ext; #ifdef OPENSSL_ALL X509* x509; WOLFSSL_X509_EXTENSION* ext; ASN1_OBJECT* obj; #endif WOLFSSL* ssl; WOLFSSL_CTX* ctx; STACK_OF(ASN1_OBJECT)* sk; ASN1_STRING* asn1_str; AUTHORITY_KEYID* akey; BASIC_CONSTRAINTS* bc; int crit; printf(testingFmt, "wolfSSL_certs()"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE); #endif AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS); #endif AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif #ifdef HAVE_PK_CALLBACKS AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS); #endif /* HAVE_PK_CALLBACKS */ /* create and use x509 */ #ifdef OPENSSL_ALL x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); #endif x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509ext); AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* with loading in a new cert the check on private key should now fail */ AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif #if defined(USE_CERT_BUFFERS_2048) AssertIntEQ(SSL_use_certificate_ASN1(ssl, (unsigned char*)server_cert_der_2048, sizeof_server_cert_der_2048), WOLFSSL_SUCCESS); #endif #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) /************* Get Digest of Certificate ******************/ { byte digest[64]; /* max digest size */ word32 digestSz; XMEMSET(digest, 0, sizeof(digest)); AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz), WOLFSSL_SUCCESS); AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz), WOLFSSL_SUCCESS); AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz), WOLFSSL_FAILURE); } #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */ /* test and checkout X509 extensions */ bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints, &crit, NULL); AssertNotNull(bc); AssertIntEQ(crit, 0); #ifdef OPENSSL_ALL ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc); AssertNotNull(ext); X509_EXTENSION_free(ext); AssertNotNull(ext = X509_EXTENSION_new()); X509_EXTENSION_set_critical(ext, 1); AssertNotNull(obj = OBJ_nid2obj(NID_basic_constraints)); AssertIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS); ASN1_OBJECT_free(obj); X509_EXTENSION_free(ext); AssertNotNull(ext = X509_EXTENSION_new()); X509_EXTENSION_set_critical(ext, 0); AssertIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE); asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL); AssertIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS); ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy * and X509_get_ext_d2i has created new */ X509_EXTENSION_free(ext); #endif BASIC_CONSTRAINTS_free(bc); asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL); AssertNotNull(asn1_str); AssertIntEQ(crit, 1); AssertIntEQ(asn1_str->type, NID_key_usage); #ifdef OPENSSL_ALL ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str); AssertNotNull(ext); X509_EXTENSION_free(ext); #endif ASN1_STRING_free(asn1_str); #ifdef OPENSSL_ALL sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL); AssertNotNull(sk); ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk); AssertNotNull(ext); X509_EXTENSION_free(ext); sk_ASN1_OBJECT_pop_free(sk, NULL); #else sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage, &crit, NULL); AssertNull(sk); #endif akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext, NID_authority_key_identifier, &crit, NULL); AssertNotNull(akey); #ifdef OPENSSL_ALL ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey); AssertNotNull(ext); X509_EXTENSION_free(ext); #endif wolfSSL_AUTHORITY_KEYID_free(akey); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_private_key_usage_period, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name, &crit, NULL); /* AssertNotNull(sk); no alt names set */ sk_GENERAL_NAME_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit, NULL); /* AssertNotNull(sk); no auth info set */ sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_certificate_policies, &crit, NULL); #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT) AssertNull(sk); #else /* AssertNotNull(sk); no cert policy set */ #endif sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); /* test invalid cases */ crit = 0; sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL); AssertNull(sk); AssertIntEQ(crit, -1); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL); AssertNull(sk); AssertIntEQ(SSL_get_hit(ssl), 0); #ifdef OPENSSL_ALL X509_free(x509); #endif X509_free(x509ext); SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !NO_CERTS */ } static void test_wolfSSL_X509_check_private_key(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) X509* x509; EVP_PKEY* pkey = NULL; const byte* key; printf(testingFmt, "wolfSSL_X509_check_private_key()"); /* Check with correct key */ AssertNotNull((x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM))); key = client_key_der_2048; AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, (long)sizeof_client_key_der_2048)); AssertIntEQ(X509_check_private_key(x509, pkey), 1); EVP_PKEY_free(pkey); pkey = NULL; /* Check with wrong key */ key = server_key_der_2048; AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, (long)sizeof_server_key_der_2048)); AssertIntEQ(X509_check_private_key(x509, pkey), 0); /* test for incorrect parameter */ AssertIntEQ(X509_check_private_key(NULL, pkey), 0); AssertIntEQ(X509_check_private_key(x509, NULL), 0); AssertIntEQ(X509_check_private_key(NULL, NULL), 0); EVP_PKEY_free(pkey); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_TIME_print(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \ && (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY)) && defined(USE_CERT_BUFFERS_2048) BIO* bio; X509* x509; const unsigned char* der = client_cert_der_2048; ASN1_TIME* t; unsigned char buf[25]; printf(testingFmt, "wolfSSL_ASN1_TIME_print()"); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "Feb 10 19:49:52 2021 GMT", sizeof(buf) - 1), 0); /* create a bad time and test results */ AssertNotNull(t = X509_get_notAfter(x509)); AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS); t->data[8] = 0; t->data[3] = 0; AssertIntNE(ASN1_TIME_print(bio, t), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_FAILURE); BIO_free(bio); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_UTCTIME_print(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO) BIO* bio; ASN1_UTCTIME* utc = NULL; unsigned char buf[25]; const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */ const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */ printf(testingFmt, "ASN1_UTCTIME_print()"); /* NULL parameter check */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0); BIO_free(bio); /* Valid date */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL, DYNAMIC_TYPE_ASN1)); utc->type = ASN_UTC_TIME; utc->length = ASN_UTC_TIME_SIZE; XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0); XMEMSET(buf, 0, sizeof(buf)); BIO_free(bio); /* Invalid format */ AssertNotNull(bio = BIO_new(BIO_s_mem())); utc->type = ASN_UTC_TIME; utc->length = ASN_UTC_TIME_SIZE; XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); XFREE(utc, NULL, DYNAMIC_TYPE_ASN1); BIO_free(bio); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ } static void test_wolfSSL_ASN1_TIME_diff(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) ASN1_TIME* fromTime; ASN1_TIME* toTime; int daysDiff; int secsDiff; printf(testingFmt, "test_wolfSSL_ASN1_TIME_diff"); AssertNotNull((fromTime = ASN1_TIME_new())); /* Feb 22, 2003, 21:15:15 */ AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1); AssertNotNull((toTime = ASN1_TIME_new())); /* Dec 19, 2010, 18:10:11 */ AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); AssertIntEQ(daysDiff, 2856); AssertIntEQ(secsDiff, 75296); ASN1_TIME_free(fromTime); ASN1_TIME_free(toTime); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void) { #if defined(OPENSSL_EXTRA) WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime; unsigned char nullstr[32]; printf(testingFmt, "test_wolfSSL_ASN1_GENERALIZEDTIME_free"); XMEMSET(nullstr, 0, 32); asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (asn1_gtime) { XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); } printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_private_keys(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) WOLFSSL* ssl; WOLFSSL_CTX* ctx; EVP_PKEY* pkey = NULL; printf(testingFmt, "wolfSSL_private_keys()"); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); #ifndef NO_RSA #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); /* Have to load a cert before you can check the private key against that * certificates public key! */ #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif #ifdef USE_CERT_BUFFERS_2048 { const unsigned char* server_key = (const unsigned char*)server_key_der_2048; unsigned char buf[FOURK_BUF]; word32 bufSz; AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* Should mismatch now that a different private key loaded */ AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, (unsigned char*)server_key, sizeof_server_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* After loading back in DER format of original key, should match */ AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif /* test loading private key to the WOLFSSL_CTX */ AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* Should mismatch now that a different private key loaded */ AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, (unsigned char*)server_key, sizeof_server_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* After loading back in DER format of original key, should match */ AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif /* pkey not set yet, expecting to fail */ AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE); /* set PKEY and test again */ AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS); /* reuse PKEY structure and test * this should be checked with a memory management sanity checker */ AssertFalse(server_key == (const unsigned char*)server_key_der_2048); server_key = (const unsigned char*)server_key_der_2048; AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS); /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */ bufSz = FOURK_BUF; AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz, (byte*)server_key_der_2048, sizeof_server_key_der_2048, RSAk, NULL, 0)), 0); server_key = (const unsigned char*)buf; AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)bufSz)); } #endif EVP_PKEY_free(pkey); SSL_free(ssl); /* frees x509 also since loaded into ssl */ SSL_CTX_free(ctx); #endif /* end of RSA private key match tests */ #ifdef HAVE_ECC #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); SSL_CTX_free(ctx); #endif /* end of ECC private key match tests */ #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); SSL_CTX_free(ctx); #endif /* end of Ed25519 private key match tests */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); SSL_CTX_free(ctx); #endif /* end of Ed448 private key match tests */ EVP_cleanup(); /* test existence of no-op macros in wolfssl/openssl/ssl.h */ CONF_modules_free(); ENGINE_cleanup(); CONF_modules_unload(); (void)ssl; (void)ctx; (void)pkey; printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ } static void test_wolfSSL_PEM_read_PrivateKey(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ && !defined(NO_FILESYSTEM) && !defined(NO_BIO) XFILE file; const char* fname = "./certs/server-key.pem"; EVP_PKEY* pkey; RSA* rsa; WOLFSSL_EVP_PKEY_CTX* ctx; unsigned char* sig; size_t sigLen; const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; size_t tbsLen = sizeof(tbs); printf(testingFmt, "test_wolfSSL_PEM_read_PrivateKey()"); /* Check error case. */ AssertNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); /* Read in an RSA key. */ file = XFOPEN(fname, "rb"); AssertTrue(file != XBADFILE); AssertNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); XFCLOSE(file); /* Make sure the key is usable by signing some data with it. */ AssertNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); AssertIntGT((sigLen = RSA_size(rsa)), 0); AssertNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen), WOLFSSL_SUCCESS); XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_PEM_PrivateKey(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) #ifndef NO_BIO BIO* bio = NULL; #endif EVP_PKEY* pkey = NULL; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; #ifndef NO_BIO /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); /* test loading RSA key using BIO */ #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/server-key.pem"; const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; size_t sz; byte* buf; EVP_PKEY* pkey2; EVP_PKEY* pkey3; RSA* rsa_key = NULL; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); XREWIND(file); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) { AssertIntEQ(XFREAD(buf, 1, sz, file), sz); } XFCLOSE(file); /* Test using BIO new mem and loading PEM private key */ bio = BIO_new_mem_buf(buf, (int)sz); AssertNotNull(bio); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey2 = EVP_PKEY_new()); pkey2->type = EVP_PKEY_RSA; /* Test parameter copy */ AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); EVP_PKEY_free(pkey2); EVP_PKEY_free(pkey); pkey = NULL; /* Qt unit test case : rsa pkcs8 key */ file = XFOPEN(fname_rsa_p8, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); XREWIND(file); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey3 = EVP_PKEY_new()); AssertNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); AssertIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); #endif RSA_free(rsa_key); EVP_PKEY_free(pkey3); EVP_PKEY_free(pkey); pkey = NULL; } #endif /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/ecc-key.pem"; const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; size_t sz; byte* buf; EVP_PKEY* pkey2; EVP_PKEY* pkey3; EC_KEY* ec_key; int nid = 0; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); XREWIND(file); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading PEM private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey2 = EVP_PKEY_new()); AssertNotNull(pkey3 = EVP_PKEY_new()); pkey2->type = EVP_PKEY_EC; /* Test parameter copy */ AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); /* Qt unit test case 1*/ AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); #endif /* Test default digest */ AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); AssertIntEQ(nid, NID_sha256); EC_KEY_free(ec_key); EVP_PKEY_free(pkey3); EVP_PKEY_free(pkey2); EVP_PKEY_free(pkey); pkey = NULL; /* Qt unit test case ec pkcs8 key */ file = XFOPEN(fname_ecc_p8, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); XREWIND(file); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey3 = EVP_PKEY_new()); /* Qt unit test case */ AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); #endif EC_KEY_free(ec_key); EVP_PKEY_free(pkey3); EVP_PKEY_free(pkey); pkey = NULL; } #endif #if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) { #define BIO_PEM_TEST_CHAR 'a' EVP_PKEY* pkey2 = NULL; unsigned char extra[10]; int i; BIO* pub_bio = NULL; printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE); AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertNull(pkey); AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); AssertIntGT(BIO_pending(bio), 0); AssertIntEQ(BIO_pending(bio), 1679); /* Check if the pubkey API writes only the public key */ #ifdef WOLFSSL_KEY_GEN AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); AssertIntGT(BIO_pending(pub_bio), 0); /* Previously both the private key and the pubkey calls would write * out the private key and the PEM header was the only difference. * The public PEM should be significantly shorter than the * private key versison. */ AssertIntEQ(BIO_pending(pub_bio), 451); #endif /* test creating new EVP_PKEY with good args */ AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0); /* test of reuse of EVP_PKEY */ AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); AssertIntEQ(BIO_pending(bio), 0); AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), SSL_SUCCESS); AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */ AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); AssertNotNull(pkey); if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); } AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ AssertIntEQ(BIO_read(bio, extra, 10), 10); for (i = 0; i < 10; i++) { AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR); } BIO_free(pub_bio); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); pkey = NULL; EVP_PKEY_free(pkey2); } #endif /* key is DES encrypted */ #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ !defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5) && \ defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA) { XFILE f; wc_pem_password_cb* passwd_cb; void* passwd_cb_userdata; SSL_CTX* ctx; char passwd[] = "bad password"; #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); #endif #else #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); #endif #endif AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx)); /* fail case with password call back */ AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void*)passwd)); BIO_free(bio); AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, (void*)passwd)); BIO_free(bio); f = XFOPEN("./certs/server-keyEnc.pem", "rb"); AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE)); /* use callback that works */ AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, (void*)"yassl123")); AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(bio); bio = NULL; SSL_CTX_free(ctx); } #endif /* !defined(NO_DES3) */ #endif /* !NO_BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { unsigned char buf[2048]; size_t bytes; XFILE f; SSL_CTX* ctx; #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); #endif #else #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); #endif #endif f = XFOPEN("./certs/ecc-key.der", "rb"); AssertTrue((f != XBADFILE)); bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); server_key = buf; pkey = NULL; AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes)); AssertNull(pkey); AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes)); AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); pkey = NULL; SSL_CTX_free(ctx); } #endif printf(resultFmt, passed); #ifndef NO_BIO (void)bio; #endif (void)pkey; (void)server_key; #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ } #ifndef NO_BIO static void test_wolfSSL_PEM_bio_RSAKey(void) { #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) RSA* rsa = NULL; BIO* bio = NULL; printf(testingFmt, "wolfSSL_PEM_bio_RSAKey"); /* PrivateKey */ AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \ NULL), WOLFSSL_SUCCESS); BIO_free(bio); RSA_free(rsa); /* PUBKEY */ AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); BIO_free(bio); RSA_free(rsa); /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ AssertNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb")); AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); RSA_free(rsa); #ifdef HAVE_ECC /* ensure that non-rsa keys do not work */ AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); RSA_free(rsa); #endif /* HAVE_ECC */ printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ } static void test_wolfSSL_PEM_RSAPrivateKey(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) RSA* rsa = NULL; RSA* rsa_dup = NULL; BIO* bio = NULL; printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()"); AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa)); AssertPtrNE(rsa_dup, rsa); #endif /* test if valgrind complains about unreleased memory */ RSA_up_ref(rsa); RSA_free(rsa); BIO_free(bio); RSA_free(rsa); RSA_free(rsa_dup); #ifdef HAVE_ECC AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); BIO_free(bio); #endif /* HAVE_ECC */ printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ } static void test_wolfSSL_PEM_bio_DSAKey(void) { #ifndef HAVE_SELFTEST #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA) DSA* dsa = NULL; BIO* bio = NULL; printf(testingFmt, "wolfSSL_PEM_bio_DSAKey"); /* PrivateKey */ AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ(BN_num_bytes(dsa->g), 128); AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); BIO_free(bio); DSA_free(dsa); /* PUBKEY */ AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); AssertIntEQ(BN_num_bytes(dsa->g), 128); AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); BIO_free(bio); DSA_free(dsa); #ifdef HAVE_ECC /* ensure that non-dsa keys do not work */ AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); DSA_free(dsa); #endif /* HAVE_ECC */ printf(resultFmt, passed); #endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \ !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \ !defined(NO_FILESYSTEM) && !defined(NO_DSA) */ #endif /* HAVE_SELFTEST */ } static void test_wolfSSL_PEM_bio_ECKey(void) { #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) EC_KEY* ec = NULL; BIO* bio = NULL; printf(testingFmt, "wolfSSL_PEM_bio_ECKey"); /* PrivateKey */ AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ NULL),WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ NULL), WOLFSSL_SUCCESS); BIO_free(bio); EC_KEY_free(ec); /* PUBKEY */ AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); BIO_free(bio); EC_KEY_free(ec); #ifndef NO_RSA /* ensure that non-ec keys do not work */ AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); EC_KEY_free(ec); #endif /* HAVE_ECC */ printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ } static void test_wolfSSL_PEM_PUBKEY(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) BIO* bio = NULL; EVP_PKEY* pkey = NULL; /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL))); /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/ecc-client-keyPub.pem"; size_t sz; byte* buf; EVP_PKEY* pkey2; EC_KEY* ec_key; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); XFSEEK(file, 0, XSEEK_END); sz = XFTELL(file); XREWIND(file); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading PEM private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; /* Qt unit test case*/ AssertNotNull(pkey2 = EVP_PKEY_new()); AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0); #endif EC_KEY_free(ec_key); EVP_PKEY_free(pkey2); EVP_PKEY_free(pkey); pkey = NULL; } #endif (void)bio; (void)pkey; #endif } #endif /* !NO_BIO */ static void test_DSA_do_sign_verify(void) { #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_DSA) unsigned char digest[WC_SHA_DIGEST_SIZE]; DSA_SIG* sig; DSA* dsa; word32 bytes; byte sigBin[DSA_SIG_SIZE]; int dsacheck; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ printf(testingFmt, "DSA_do_sign_verify()"); XMEMSET(digest, 202, sizeof(digest)); AssertNotNull(dsa = DSA_new()); AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1); AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1); AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1); AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa)); AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1); DSA_SIG_free(sig); DSA_free(dsa); #endif #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ } static void test_wolfSSL_tmp_dh(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) byte buff[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; DSA* dsa; DH* dh; #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH* dh2; #endif BIO* bio; SSL* ssl; SSL_CTX* ctx; printf(testingFmt, "wolfSSL_tmp_dh()"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); bio = BIO_new_mem_buf((void*)buff, bytes); AssertNotNull(bio); dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); AssertNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) AssertNotNull(dh2 = wolfSSL_DH_dup(dh)); #endif AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); #ifndef NO_WOLFSSL_SERVER AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS); #else AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR); #endif BIO_free(bio); DSA_free(dsa); DH_free(dh); #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH_free(dh2); #endif SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_ctrl(void) { #if defined (OPENSSL_EXTRA) && !defined(NO_BIO) byte buff[6000]; BIO* bio; int bytes; BUF_MEM* ptr = NULL; printf(testingFmt, "wolfSSL_crtl()"); bytes = sizeof(buff); bio = BIO_new_mem_buf((void*)buff, bytes); AssertNotNull(bio); AssertNotNull(BIO_s_socket()); AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS); /* needs tested after stubs filled out @TODO SSL_ctrl SSL_CTX_ctrl */ BIO_free(bio); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */ } static void test_wolfSSL_EVP_PKEY_new_mac_key(void) { #ifdef OPENSSL_EXTRA static const unsigned char pw[] = "password"; static const int pwSz = sizeof(pw) - 1; size_t checkPwSz = 0; const unsigned char* checkPw = NULL; WOLFSSL_EVP_PKEY* key = NULL; printf(testingFmt, "wolfSSL_EVP_PKEY_new_mac_key()"); AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz)); AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz)); AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz)); if (key) { AssertIntEQ(key->type, EVP_PKEY_HMAC); AssertIntEQ(key->save_type, EVP_PKEY_HMAC); AssertIntEQ(key->pkey_sz, pwSz); AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0); } AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz)); AssertIntEQ((int)checkPwSz, pwSz); if (checkPw) { AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0); } wolfSSL_EVP_PKEY_free(key); AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0)); if (key) { AssertIntEQ(key->pkey_sz, 0); } checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); (void)checkPw; AssertIntEQ((int)checkPwSz, 0); wolfSSL_EVP_PKEY_free(key); AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0)); if (key) { AssertIntEQ(key->pkey_sz, 0); } checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); (void)checkPw; AssertIntEQ((int)checkPwSz, 0); wolfSSL_EVP_PKEY_free(key); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_EVP_Digest(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) const char* in = "abc"; int inLen = (int)XSTRLEN(in); byte out[WC_SHA256_DIGEST_SIZE]; unsigned int outLen; const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; printf(testingFmt, "wolfSSL_EVP_Digest()"); AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1); AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE); AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0); printf(resultFmt, passed); #endif /* OPEN_EXTRA && ! NO_SHA256 */ } static void test_wolfSSL_EVP_Digest_all(void) { #ifdef OPENSSL_EXTRA const char* digests[] = { #ifndef NO_MD5 "MD5", #endif #ifndef NO_SHA "SHA", #endif #ifdef WOLFSSL_SHA224 "SHA224", #endif #ifndef NO_SHA256 "SHA256", #endif #ifdef WOLFSSL_SHA384 "SHA384", #endif #ifdef WOLFSSL_SHA512 "SHA512", #endif #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) "SHA512_224", #endif #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) "SHA512_256", #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 "SHA3_224", #endif #ifndef WOLFSSL_NOSHA3_256 "SHA3_256", #endif "SHA3_384", #ifndef WOLFSSL_NOSHA3_512 "SHA3_512", #endif #endif /* WOLFSSL_SHA3 */ NULL }; const char** d; const unsigned char in[] = "abc"; int inLen = XSTR_SIZEOF(in); byte out[WC_MAX_DIGEST_SIZE]; unsigned int outLen; printf(testingFmt, "wolfSSL_EVP_Digest_all"); for (d = digests; *d != NULL; d++) { AssertIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1); AssertIntGT(outLen, 0); AssertIntEQ(EVP_MD_size(*d), outLen); } printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_MD_size(void) { #ifdef OPENSSL_EXTRA WOLFSSL_EVP_MD_CTX mdCtx; printf(testingFmt, "wolfSSL_EVP_MD_size()"); #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifndef WOLFSSL_NOSHA3_256 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #ifndef WOLFSSL_NOSHA3_512 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #endif /* WOLFSSL_SHA3 */ #ifndef NO_SHA256 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifndef NO_MD5 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifdef WOLFSSL_SHA224 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifdef WOLFSSL_SHA384 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifdef WOLFSSL_SHA512 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifndef NO_SHA wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif /* error case */ wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG); /* Cleanup is valid on uninit'ed struct */ AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_EVP_MD_pkey_type(void) { #ifdef OPENSSL_EXTRA const WOLFSSL_EVP_MD* md; printf(testingFmt, "test_wolfSSL_EVP_MD_pkey_type()"); #ifndef NO_MD5 AssertNotNull(md = EVP_md5()); AssertIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption); #endif #ifndef NO_SHA AssertNotNull(md = EVP_sha1()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption); #endif #ifdef WOLFSSL_SHA224 AssertNotNull(md = EVP_sha224()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption); #endif AssertNotNull(md = EVP_sha256()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption); #ifdef WOLFSSL_SHA384 AssertNotNull(md = EVP_sha384()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption); #endif #ifdef WOLFSSL_SHA512 AssertNotNull(md = EVP_sha512()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption); #endif printf(resultFmt, passed); #endif } #ifdef OPENSSL_EXTRA static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey, size_t testKeySz, const char* testData, size_t testDataSz, const byte* testResult, size_t testResultSz) { unsigned char check[WC_MAX_DIGEST_SIZE]; size_t checkSz = -1; WOLFSSL_EVP_PKEY* key; WOLFSSL_EVP_MD_CTX mdCtx; printf(testingFmt, "wolfSSL_EVP_MD_hmac_signing()"); AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey, (int)testKeySz)); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)testDataSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, (int)testResultSz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,(int)testResultSz); AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)testDataSz), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, (int)testResultSz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,(int)testResultSz); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, (unsigned int)testDataSz - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,(int)testResultSz); AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, (unsigned int)testDataSz - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_PKEY_free(key); } #endif static void test_wolfSSL_EVP_MD_hmac_signing(void) { #ifdef OPENSSL_EXTRA static const unsigned char testKey[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; static const char testData[] = "Hi There"; #ifdef WOLFSSL_SHA224 static const unsigned char testResultSha224[] = { 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22 }; #endif #ifndef NO_SHA256 static const unsigned char testResultSha256[] = { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; #endif #ifdef WOLFSSL_SHA384 static const unsigned char testResultSha384[] = { 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 }; #endif #ifdef WOLFSSL_SHA512 static const unsigned char testResultSha512[] = { 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 }; #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 static const unsigned char testResultSha3_224[] = { 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70, 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d, 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a, 0xf3, 0xc8, 0x60, 0xf7 }; #endif #ifndef WOLFSSL_NOSHA3_256 static const unsigned char testResultSha3_256[] = { 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96, 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51, 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd, 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb }; #endif #ifndef WOLFSSL_NOSHA3_384 static const unsigned char testResultSha3_384[] = { 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a, 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61, 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e, 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a, 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e, 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd }; #endif #ifndef WOLFSSL_NOSHA3_512 static const unsigned char testResultSha3_512[] = { 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5, 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac, 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53, 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba, 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f, 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2, 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05, 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e }; #endif #endif #ifndef NO_SHA256 test_hmac_signing(wolfSSL_EVP_sha256(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha256, sizeof(testResultSha256)); #endif #ifdef WOLFSSL_SHA224 test_hmac_signing(wolfSSL_EVP_sha224(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha224, sizeof(testResultSha224)); #endif #ifdef WOLFSSL_SHA384 test_hmac_signing(wolfSSL_EVP_sha384(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha384, sizeof(testResultSha384)); #endif #ifdef WOLFSSL_SHA512 test_hmac_signing(wolfSSL_EVP_sha512(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha512, sizeof(testResultSha512)); #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_224, sizeof(testResultSha3_224)); #endif #ifndef WOLFSSL_NOSHA3_256 test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_256, sizeof(testResultSha3_256)); #endif #ifndef WOLFSSL_NOSHA3_384 test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_384, sizeof(testResultSha3_384)); #endif #ifndef WOLFSSL_NOSHA3_512 test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_512, sizeof(testResultSha3_512)); #endif #endif printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_EVP_MD_rsa_signing(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ defined(USE_CERT_BUFFERS_2048) WOLFSSL_EVP_PKEY* privKey; WOLFSSL_EVP_PKEY* pubKey; WOLFSSL_EVP_PKEY_CTX* keyCtx; const char testData[] = "Hi There"; WOLFSSL_EVP_MD_CTX mdCtx; size_t checkSz = -1; int sz = 2048 / 8; const unsigned char* cp; const unsigned char* p; unsigned char check[2048/8]; size_t i; int paddings[] = { RSA_PKCS1_PADDING, #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) RSA_PKCS1_PSS_PADDING, #endif }; printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()"); cp = client_key_der_2048; AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp, sizeof_client_key_der_2048))); p = client_keypub_der_2048; AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, sizeof_client_keypub_der_2048))); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,sz); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); /* Check all signing padding types */ for (i = 0; i < sizeof(paddings)/sizeof(int); i++) { wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, paddings[i]), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,sz); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, paddings[i]), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); } wolfSSL_EVP_PKEY_free(pubKey); wolfSSL_EVP_PKEY_free(privKey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_MD_ecc_signing(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) WOLFSSL_EVP_PKEY* privKey; WOLFSSL_EVP_PKEY* pubKey; const char testData[] = "Hi There"; WOLFSSL_EVP_MD_CTX mdCtx; size_t checkSz = -1; const unsigned char* cp; const unsigned char* p; unsigned char check[2048/8]; printf(testingFmt, "wolfSSL_EVP_MD_ecc_signing()"); cp = ecc_clikey_der_256; privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp, sizeof_ecc_clikey_der_256); AssertNotNull(privKey); p = ecc_clikeypub_der_256; AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256))); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_PKEY_free(pubKey); wolfSSL_EVP_PKEY_free(privKey); printf(resultFmt, passed); #endif } static void test_wolfSSL_CTX_add_extra_chain_cert(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) char caFile[] = "./certs/client-ca.pem"; char clientFile[] = "./certs/client-cert.pem"; SSL_CTX* ctx; X509* x509; BIO *bio = NULL; X509 *cert = NULL; X509 *ca; STACK_OF(X509) *chain = NULL; STACK_OF(X509) *chain2 = NULL; printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) /* additional test of getting EVP_PKEY key size from X509 * Do not run with user RSA because wolfSSL_RSA_size is not currently * allowed with user RSA */ { EVP_PKEY* pkey; #if defined(HAVE_ECC) X509* ecX509; #endif /* HAVE_ECC */ AssertNotNull(pkey = X509_get_pubkey(x509)); /* current RSA key is 2048 bit (256 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 256); EVP_PKEY_free(pkey); #if defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer( cliecc_cert_der_256, sizeof_cliecc_cert_der_256, SSL_FILETYPE_ASN1)); #else AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile, SSL_FILETYPE_PEM)); #endif pkey = X509_get_pubkey(ecX509); AssertNotNull(pkey); /* current ECC key is 256 bit (32 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 32); X509_free(ecX509); EVP_PKEY_free(pkey); #endif /* HAVE_ECC */ } #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */ AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); #ifdef WOLFSSL_ENCRYPTED_KEYS AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); #endif SSL_CTX_free(ctx); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif /* Test haproxy use case */ AssertNotNull(bio = BIO_new_file(svrCertFile, "r")); /* Read Certificate */ AssertNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); AssertNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL)); AssertNotNull(chain = sk_X509_new_null()); AssertIntEQ(sk_X509_push(chain, ca), 1); AssertNotNull(chain2 = X509_chain_up_ref(chain)); AssertNotNull(ca = sk_X509_shift(chain2)); AssertIntEQ(SSL_CTX_use_certificate(ctx, cert), 1); AssertIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1); BIO_free(bio); X509_free(cert); sk_X509_pop_free(chain, X509_free); sk_X509_pop_free(chain2, X509_free); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */ } #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static void test_wolfSSL_ERR_peek_last_error_line(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; int line = 0; int flag = ERR_TXT_STRING; const char* file = NULL; const char* data = NULL; printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()"); /* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = wolfTLSv1_1_client_method; server_cb.method = wolfTLSv1_2_server_method; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); #endif FreeTcpReady(&ready); AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0); AssertNotNull(data); /* check clearing error state */ ERR_remove_state(0); AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0); ERR_peek_last_error_line(NULL, &line); AssertIntEQ(line, 0); ERR_peek_last_error_line(&file, NULL); AssertNull(file); /* retry connection to fill error queue */ XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); client_cb.method = wolfTLSv1_1_client_method; server_cb.method = wolfTLSv1_2_server_method; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); FreeTcpReady(&ready); /* check that error code was stored */ AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0); ERR_peek_last_error_line(NULL, &line); AssertIntNE(line, 0); ERR_peek_last_error_line(&file, NULL); AssertNotNull(file); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif printf(resultFmt, passed); printf("\nTesting error print out\n"); ERR_print_errors_fp(stdout); printf("Done testing print out\n\n"); fflush(stdout); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */ } #endif #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) static int verify_cb(int ok, X509_STORE_CTX *ctx) { (void) ok; (void) ctx; printf("ENTER verify_cb\n"); return SSL_SUCCESS; } #endif static void test_wolfSSL_X509_Name_canon(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) const long ex_hash1 = 0x0fdb2da4; const long ex_hash2 = 0x9f3e8c9e; X509_NAME *name = NULL; X509 *x509 = NULL; FILE* file = NULL; unsigned long hash = 0; byte digest[WC_MAX_DIGEST_SIZE] = {0}; byte *pbuf = NULL; word32 len = 0; (void) ex_hash2; printf(testingFmt, "test_wolfSSL_X509_Name_canon()"); file = XFOPEN(caCertFile, "rb"); AssertNotNull(file); AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); AssertNotNull(name = X509_get_issuer_name(x509)); AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); hash = (((unsigned long)digest[3] << 24) | ((unsigned long)digest[2] << 16) | ((unsigned long)digest[1] << 8) | ((unsigned long)digest[0])); AssertIntEQ(hash, ex_hash1); XFCLOSE(file); X509_free(x509); XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); pbuf = NULL; file = XFOPEN(cliCertFile, "rb"); AssertNotNull(file); AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); AssertNotNull(name = X509_get_issuer_name(x509)); AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); hash = (((unsigned long)digest[3] << 24) | ((unsigned long)digest[2] << 16) | ((unsigned long)digest[1] << 8) | ((unsigned long)digest[0])); AssertIntEQ(hash, ex_hash2); XFCLOSE(file); X509_free(x509); XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) const int MAX_DIR = 4; const char paths[][32] = { "./certs/ed25519", "./certs/ecc", "./certs/crl", "./certs/", }; char CertCrl_path[MAX_FILENAME_SZ]; char *p; X509_STORE* str; X509_LOOKUP* lookup; WOLFSSL_STACK* sk = NULL; int len, total_len, i; (void) sk; printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()"); XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); /* illegal string */ AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", SSL_FILETYPE_PEM,NULL), 0); /* free store */ X509_STORE_free(str); /* short folder string */ AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", SSL_FILETYPE_PEM,NULL), 1); #if defined(WOLFSSL_INT_H) /* only available when including internal.h */ AssertNotNull(sk = lookup->dirs->dir_entry); #endif /* free store */ X509_STORE_free(str); /* typical function check */ p = &CertCrl_path[0]; total_len = 0; for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { len = (int)XSTRLEN((const char*)&paths[i]); total_len += len; XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); p += len; if (i != 0) *(p++) = SEPARATOR_CHAR; } AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, SSL_FILETYPE_PEM,NULL), 1); #if defined(WOLFSSL_INT_H) /* only available when including internal.h */ AssertNotNull(sk = lookup->dirs->dir_entry); #endif X509_STORE_free(str); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_LOOKUP_ctrl_file(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) X509_STORE_CTX* ctx; X509_STORE* str; X509_LOOKUP* lookup; X509* cert1; X509* x509Ca; X509* x509Svr; X509* issuer; WOLFSSL_STACK* sk = NULL; X509_NAME* caName; X509_NAME* issuerName; FILE* file1 = NULL; int i, cert_count, cmp; char der[] = "certs/ca-cert.der"; #ifdef HAVE_CRL char pem[][100] = { "./certs/crl/crl.pem", "./certs/crl/crl2.pem", "./certs/crl/caEccCrl.pem", "./certs/crl/eccCliCRL.pem", "./certs/crl/eccSrvCRL.pem", "" }; #endif printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_file()"); AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb")); AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); fclose(file1); AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, SSL_FILETYPE_PEM,NULL), 1); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); AssertIntEQ((cert_count = sk_X509_num(sk)), 1); /* check if CA cert is loaded into the store */ for (i = 0; i < cert_count; i++) { x509Ca = sk_X509_value(sk, i); AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); } AssertNotNull((x509Svr = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); AssertNull(X509_STORE_CTX_get0_current_issuer(NULL)); issuer = X509_STORE_CTX_get0_current_issuer(ctx); AssertNotNull(issuer); caName = X509_get_subject_name(x509Ca); AssertNotNull(caName); issuerName = X509_get_subject_name(issuer); AssertNotNull(issuerName); cmp = X509_NAME_cmp(caName, issuerName); AssertIntEQ(cmp, 0); /* load der format */ X509_free(issuer); X509_STORE_CTX_free(ctx); X509_STORE_free(str); sk_X509_pop_free(sk, NULL); X509_free(x509Svr); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, SSL_FILETYPE_ASN1,NULL), 1); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); AssertIntEQ((cert_count = sk_X509_num(sk)), 1); /* check if CA cert is loaded into the store */ for (i = 0; i < cert_count; i++) { x509Ca = sk_X509_value(sk, i); AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); } X509_STORE_free(str); sk_X509_pop_free(sk, NULL); X509_free(cert1); #ifdef HAVE_CRL AssertNotNull(str = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, SSL_FILETYPE_PEM,NULL), 1); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, "certs/server-revoked-cert.pem", SSL_FILETYPE_PEM,NULL), 1); if (str) { AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); /* since store hasn't yet known the revoked cert*/ AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); } for (i = 0; pem[i][0] != '\0'; i++) { AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], SSL_FILETYPE_PEM, NULL), 1); } if (str) { /* since store knows crl list */ AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } AssertIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0); X509_STORE_free(str); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup()"); X509_STORE_CTX_cleanup(NULL); X509_STORE_CTX_trusted_stack(NULL, NULL); AssertTrue(1); /* to confirm previous call gives no harm */ printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) #ifdef WOLFSSL_SIGNER_DER_CERT int cmp; #endif X509_STORE_CTX* ctx; X509_STORE* str; X509* x509Ca; X509* x509Svr; X509* issuer; X509_NAME* caName; X509_NAME* issuerName; printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_current_issuer()"); AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull((x509Ca = wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS); AssertNotNull((x509Svr = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); AssertNull(X509_STORE_CTX_get0_current_issuer(NULL)); issuer = X509_STORE_CTX_get0_current_issuer(ctx); AssertNotNull(issuer); caName = X509_get_subject_name(x509Ca); AssertNotNull(caName); issuerName = X509_get_subject_name(issuer); #ifdef WOLFSSL_SIGNER_DER_CERT AssertNotNull(issuerName); cmp = X509_NAME_cmp(caName, issuerName); AssertIntEQ(cmp, 0); #else AssertNotNull(issuerName); #endif X509_free(issuer); X509_STORE_CTX_free(ctx); X509_free(x509Svr); X509_STORE_free(str); X509_free(x509Ca); printf(resultFmt, passed); #endif } static void test_wolfSSL_PKCS7_certs(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) STACK_OF(X509)* sk = NULL; STACK_OF(X509_INFO)* info_sk = NULL; PKCS7 *p7 = NULL; BIO* bio; const byte* p = NULL; int buflen = 0; int i; printf(testingFmt, "wolfSSL_PKCS7_certs()"); /* Test twice. Once with d2i and once without to test * that everything is free'd correctly. */ for (i = 0; i < 2; i++) { AssertNotNull(p7 = PKCS7_new()); p7->version = 1; p7->hashOID = SHAh; AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); AssertIntEQ(sk_X509_INFO_num(info_sk), 2); AssertNotNull(sk = sk_X509_new_null()); while (sk_X509_INFO_num(info_sk)) { X509_INFO* info; AssertNotNull(info = sk_X509_INFO_shift(info_sk)); AssertIntEQ(sk_X509_push(sk, info->x509), 1); info->x509 = NULL; X509_INFO_free(info); } sk_X509_INFO_free(info_sk); BIO_free(bio); bio = BIO_new(BIO_s_mem()); AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1); AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0); if (i == 0) { PKCS7_free(p7); AssertNotNull(d2i_PKCS7(&p7, &p, buflen)); /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */ ((WOLFSSL_PKCS7*)p7)->certs = NULL; /* PKCS7_free free's the certs */ AssertNotNull(wolfSSL_PKCS7_to_stack(p7)); } BIO_free(bio); PKCS7_free(p7); } printf(resultFmt, passed); #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */ } static void test_wolfSSL_X509_STORE_CTX(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE_CTX* ctx; X509_STORE* str; X509* x509; #ifdef OPENSSL_ALL X509* x5092; STACK_OF(X509) *sk, *sk2, *sk3; #endif printf(testingFmt, "wolfSSL_X509_STORE_CTX()"); AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS); #ifdef OPENSSL_ALL /* sk_X509_new only in OPENSSL_ALL */ sk = sk_X509_new(); AssertNotNull(sk); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS); #else AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS); #endif AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0); X509_STORE_CTX_set_error(ctx, -5); X509_STORE_CTX_set_error(NULL, -5); X509_STORE_CTX_free(ctx); #ifdef OPENSSL_ALL sk_X509_pop_free(sk, NULL); #endif X509_STORE_free(str); X509_free(x509); AssertNotNull(ctx = X509_STORE_CTX_new()); X509_STORE_CTX_set_verify_cb(ctx, verify_cb); X509_STORE_CTX_free(ctx); #ifdef OPENSSL_ALL /* test X509_STORE_CTX_get(1)_chain */ AssertNotNull((x509 = X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM))); AssertNotNull((sk = sk_X509_new())); AssertIntEQ(sk_X509_push(sk, x509), 1); AssertNotNull((str = X509_STORE_new())); AssertNotNull((ctx = X509_STORE_CTX_new())); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL))); AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx))); AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */ AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */ X509_STORE_CTX_free(ctx); X509_STORE_free(str); /* CTX certs not freed yet */ X509_free(x5092); sk_X509_pop_free(sk, NULL); /* sk3 is dup so free here */ sk_X509_pop_free(sk3, NULL); #endif /* test X509_STORE_CTX_get/set_ex_data */ { int i = 0, tmpData = 5; void* tmpDataRet; AssertNotNull(ctx = X509_STORE_CTX_new()); #ifdef HAVE_EX_DATA for (i = 0; i < MAX_EX_DATA; i++) { AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), WOLFSSL_SUCCESS); tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); AssertNotNull(tmpDataRet); AssertIntEQ(tmpData, *(int*)tmpDataRet); } #else AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), WOLFSSL_FAILURE); tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); AssertNull(tmpDataRet); #endif X509_STORE_CTX_free(ctx); } /* test X509_STORE_get/set_ex_data */ { int i = 0, tmpData = 99; void* tmpDataRet; AssertNotNull(str = X509_STORE_new()); #ifdef HAVE_EX_DATA for (i = 0; i < MAX_EX_DATA; i++) { AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), WOLFSSL_SUCCESS); tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); AssertNotNull(tmpDataRet); AssertIntEQ(tmpData, *(int*)tmpDataRet); } #else AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), WOLFSSL_FAILURE); tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); AssertNull(tmpDataRet); #endif X509_STORE_free(str); } printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } static void test_wolfSSL_X509_STORE_set_flags(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE* store; X509* x509; printf(testingFmt, "wolfSSL_X509_STORE_set_flags()"); AssertNotNull((store = wolfSSL_X509_STORE_new())); AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS); #ifdef HAVE_CRL AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS); #else AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), NOT_COMPILED_IN); #endif wolfSSL_X509_free(x509); wolfSSL_X509_STORE_free(store); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } static void test_wolfSSL_X509_LOOKUP_load_file(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) WOLFSSL_X509_STORE* store; WOLFSSL_X509_LOOKUP* lookup; printf(testingFmt, "wolfSSL_X509_LOOKUP_load_file()"); AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem", X509_FILETYPE_PEM), 1); AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile, WOLFSSL_FILETYPE_PEM), 1); AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E); } AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); } wolfSSL_X509_STORE_free(store); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } static void test_wolfSSL_X509_STORE_CTX_set_time(void) { #if defined(OPENSSL_EXTRA) WOLFSSL_X509_STORE_CTX* ctx; time_t c_time; printf(testingFmt, "wolfSSL_X509_set_time()"); AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); c_time = 365*24*60*60; wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time); AssertTrue( (ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME); AssertTrue(ctx->param->check_time == c_time); wolfSSL_X509_STORE_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_CTX_get0_set1_param(void) { #if defined(OPENSSL_EXTRA) int ret; SSL_CTX* ctx; WOLFSSL_X509_VERIFY_PARAM* pParam; WOLFSSL_X509_VERIFY_PARAM* pvpm; char testIPv4[] = "127.0.0.1"; char testhostName[] = "foo.hoge.com"; printf(testingFmt, "wolfSSL_CTX_get0_set1_param()"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertNull(SSL_CTX_get0_param(NULL)); AssertNotNull(pParam = SSL_CTX_get0_param(ctx)); pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL); AssertNotNull(pvpm); XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName, (int)XSTRLEN(testhostName)); wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4); wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01); ret = SSL_CTX_set1_param(ctx, pvpm); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName, (int)XSTRLEN(testhostName))); AssertIntEQ(0x01, pParam->hostFlags); AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); /* test for incorrect patameter */ AssertIntEQ(1,SSL_CTX_set1_param(ctx, NULL)); AssertIntEQ(1,SSL_CTX_set1_param(NULL, pvpm)); AssertIntEQ(1,SSL_CTX_set1_param(NULL, NULL)); SSL_CTX_free(ctx); XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/ } static void test_wolfSSL_get0_param(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) SSL_CTX* ctx; SSL* ssl; WOLFSSL_X509_VERIFY_PARAM* pParam; printf(testingFmt, "wolfSSL_get0_param()"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); pParam = SSL_get0_param(ssl); (void)pParam; SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/ } static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void) { #if defined(OPENSSL_EXTRA) const char host[] = "www.example.com"; WOLFSSL_X509_VERIFY_PARAM* pParam; printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()"); AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host)); AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void) { #if defined(OPENSSL_EXTRA) unsigned char buf[16] = {0}; WOLFSSL_X509_VERIFY_PARAM* param; printf(testingFmt, "test_wolfSSL_X509_VERIFY_PARAM_set1_ip()"); AssertNotNull(param = X509_VERIFY_PARAM_new()); /* test 127.0.0.1 */ buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0); /* test 2001:db8:3333:4444:5555:6666:7777:8888 */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68; buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102; buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0); /* test 2001:db8:: */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0); /* test ::1234:5678 */ buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0; buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0); /* test 2001:db8::1234:5678 */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678", sizeof(param->ipasc)), 0); /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/ /* 2001:db8:1::ab9:c0a8:102 */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185; buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102", sizeof(param->ipasc)), 0); XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_X509_STORE_CTX_get0_store(void) { #if defined(OPENSSL_EXTRA) X509_STORE* store; X509_STORE_CTX* ctx; X509_STORE_CTX* ctx_no_init; printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_store()"); AssertNotNull((store = X509_STORE_new())); AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull(ctx_no_init = X509_STORE_CTX_new()); AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS); AssertNull(X509_STORE_CTX_get0_store(NULL)); /* should return NULL if ctx has not bee initialized */ AssertNull(X509_STORE_CTX_get0_store(ctx_no_init)); AssertNotNull(X509_STORE_CTX_get0_store(ctx)); wolfSSL_X509_STORE_CTX_free(ctx); wolfSSL_X509_STORE_CTX_free(ctx_no_init); X509_STORE_free(store); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_CTX_set_client_CA_list(void) { #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO) WOLFSSL_CTX* ctx; WOLFSSL* ssl; X509_NAME* name = NULL; STACK_OF(X509_NAME)* names = NULL; STACK_OF(X509_NAME)* ca_list = NULL; int i, names_len; printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* Send two X501 names in cert request */ names = SSL_load_client_CA_file(cliCertFile); AssertNotNull(names); ca_list = SSL_load_client_CA_file(caCertFile); AssertNotNull(ca_list); AssertIntEQ(sk_X509_NAME_push(names, sk_X509_NAME_value(ca_list, 0)), 1); SSL_CTX_set_client_CA_list(ctx, names); /* This should only free the stack structure */ sk_X509_NAME_free(ca_list); AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx)); AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names)); AssertIntGT((names_len = sk_X509_NAME_num(names)), 0); for (i=0; iport, 0, 0, NULL); AssertNotNull(ctx_client = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx_client, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx_client, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx_client, cliKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl_client = wolfSSL_new(ctx_client)); AssertIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS); AssertNotNull(ca_list = SSL_get_client_CA_list(ssl_client)); /* We are expecting two cert names to be sent */ AssertIntEQ(sk_X509_NAME_num(ca_list), 2); AssertNotNull(names = SSL_CTX_get_client_CA_list(ctx)); for (i=0; icallbacks; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method()); WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; int ret, err = 0; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; port = ((func_args*)args)->signal->port; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL); CloseSocket(sfd); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); do { err = 0; /* Reset error */ ret = wolfSSL_accept(ssl); if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); } } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); } else { if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } static void keyLog_callback(const WOLFSSL* ssl, const char* line ) { AssertNotNull(ssl); AssertNotNull(line); XFILE fp; const byte lf = '\n'; fp = XFOPEN("./MyKeyLog.txt", "a"); XFWRITE( line, 1, strlen(line),fp); XFWRITE( (void*)&lf,1,1,fp); XFCLOSE(fp); } #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ static void test_wolfSSL_CTX_set_keylog_callback(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) SSL_CTX* ctx; printf( testingFmt, "wolfSSL_CTX_set_keylog_callback()"); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); SSL_CTX_set_keylog_callback(ctx, keyLog_callback ); SSL_CTX_free(ctx); SSL_CTX_set_keylog_callback(NULL, NULL); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ } static void test_wolfSSL_CTX_get_keylog_callback(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) SSL_CTX* ctx; printf( testingFmt, "wolfSSL_CTX_get_keylog_callback()"); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL); SSL_CTX_set_keylog_callback(ctx, keyLog_callback ); AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback); SSL_CTX_set_keylog_callback(ctx, NULL ); AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ } static void test_wolfSSL_Tls12_Key_Logging_test(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) /* This test is intended for checking whether keylog callback is called * in client during TLS handshake between the client and a server. */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; callback_functions client_cbf; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; XFILE fp; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); printf(testingFmt, "wolfSSL_Tls12_Key_Logging_test()"); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); ready.port = 22222; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_2_server_method; server_args.callbacks = &server_cbf; server_args.signal = &ready; /* clean up keylog file */ fp = XFOPEN("./MyKeyLog.txt", "w"); XFCLOSE(fp); /* start server task */ start_thread(server_task, &server_args, &serverThread); wait_tcp_ready(&server_args); /* run as a TLS1.2 client */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* set keylog callback */ wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback); /* get connected the server task */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* check if the keylog file exists */ char buff[300] = {0}; int found = 0; fp = XFOPEN("./MyKeyLog.txt", "r"); AssertNotNull(fp); while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) { if(0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) { found = 1; break; } } XFCLOSE(fp); /* a log starting with "CLIENT_RANDOM " should exit in the file */ AssertNotNull( found ); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ } static void test_wolfSSL_Tls13_Key_Logging_test(void) { #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \ defined(HAVE_SECRET_CALLBACK) /* This test is intended for checking whether keylog callback is called * in client during TLS handshake between the client and a server. */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; callback_functions client_cbf; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; XFILE fp; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); printf(testingFmt, "wolfSSL_Tls13_Key_Logging_test()"); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); ready.port = 22222; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */ server_args.callbacks = &server_cbf; server_args.signal = &ready; /* clean up keylog file */ fp = XFOPEN("./MyKeyLog.txt", "w"); XFCLOSE(fp); /* start server task */ start_thread(server_task, &server_args, &serverThread); wait_tcp_ready(&server_args); /* run as a TLS1.2 client */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* set keylog callback */ wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback); /* get connected the server task */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* check if the keylog file exists */ char buff[300] = {0}; int found[4] = {0}; fp = XFOPEN("./MyKeyLog.txt", "r"); AssertNotNull(fp); while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) { if(0 == strncmp(buff,"CLIENT_HANDSHAKE_TRAFFIC_SECRET ", sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) { found[0] = 1; continue; } else if(0 == strncmp(buff,"SERVER_HANDSHAKE_TRAFFIC_SECRET ", sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) { found[1] = 1; continue; } else if(0 == strncmp(buff,"CLIENT_TRAFFIC_SECRET_0 ", sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) { found[2] = 1; continue; } else if(0 == strncmp(buff,"SERVER_TRAFFIC_SECRET_0 ", sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) { found[3] = 1; continue; } } XFCLOSE(fp); int numfnd = 0; for( uint i = 0; i < 4; i++) { if( found[i] != 0) numfnd++; } AssertIntEQ( numfnd,4 ); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */ } #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) static void post_auth_version_cb(WOLFSSL* ssl) { /* do handshake and then test version error */ AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl)); AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE); #if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE) /* check was added to error queue */ AssertIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION); /* check the string matches expected string */ AssertStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL), "WRONG_SSL_VERSION"); #endif } static void post_auth_cb(WOLFSSL* ssl) { /* do handshake and then test version error */ AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); AssertStrEQ("TLSv1.3", wolfSSL_get_version(ssl)); AssertNull(wolfSSL_get_peer_certificate(ssl)); AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS); } static void set_post_auth_cb(WOLFSSL* ssl) { if (!wolfSSL_is_server(ssl)) { AssertIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0); } else { wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL); } } #endif static void test_wolfSSL_Tls13_postauth(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) tcp_ready ready; func_args client_args; func_args server_args; callback_functions server_cbf; callback_functions client_cbf; THREAD_TYPE serverThread; printf(testingFmt, "wolfSSL_Tls13_postauth()"); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; /* test version failure doing post auth with TLS 1.2 connection */ XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_2_server_method; server_cbf.ssl_ready = set_post_auth_cb; client_cbf.ssl_ready = set_post_auth_cb; server_cbf.on_result = post_auth_version_cb; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); /* tests on post auth with TLS 1.3 */ XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_3_server_method; server_cbf.ssl_ready = set_post_auth_cb; client_cbf.ssl_ready = set_post_auth_cb; server_cbf.on_result = post_auth_cb; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); FreeTcpReady(&ready); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_NID(void) { #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) int sigType; int nameSz; X509* cert; EVP_PKEY* pubKeyTmp; X509_NAME* name; char commonName[80]; char countryName[80]; char localityName[80]; char stateName[80]; char orgName[80]; char orgUnit[80]; printf(testingFmt, "wolfSSL_X509_NID()"); /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ /* convert cert from DER to internal WOLFSSL_X509 struct */ AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048, sizeof_client_cert_der_2048)); /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ /* extract PUBLIC KEY from cert */ AssertNotNull(pubKeyTmp = X509_get_pubkey(cert)); /* extract signatureType */ AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0); /* extract subjectName info */ AssertNotNull(name = X509_get_subject_name(cert)); AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, NULL, 0)), 0); AssertIntEQ(nameSz, 15); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, commonName, sizeof(commonName))), 0); AssertIntEQ(nameSz, 15); AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, commonName, 9)), 0); AssertIntEQ(nameSz, 8); AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, countryName, sizeof(countryName))), 0); AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, localityName, sizeof(localityName))), 0); AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, orgName, sizeof(orgName))), 0); AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); EVP_PKEY_free(pubKeyTmp); X509_free(cert); printf(resultFmt, passed); #endif } static void test_wolfSSL_CTX_set_srp_username(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(WC_NO_RNG) WOLFSSL_CTX* ctx; WOLFSSL* ssl; const char *username = "TESTUSER"; const char *password = "TESTPASSWORD"; int r; printf(testingFmt, "wolfSSL_CTX_set_srp_username()"); ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); AssertIntEQ(r,SSL_SUCCESS); wolfSSL_CTX_free(ctx); ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); AssertIntEQ(r,SSL_SUCCESS); r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); AssertIntEQ(r,SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(SSL_get_srp_username(ssl)); AssertStrEQ(SSL_get_srp_username(ssl), username); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ /* && !NO_SHA256 && !WC_NO_RNG */ } static void test_wolfSSL_CTX_set_srp_password(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(WC_NO_RNG) WOLFSSL_CTX* ctx; const char *username = "TESTUSER"; const char *password = "TESTPASSWORD"; int r; printf(testingFmt, "wolfSSL_CTX_set_srp_password()"); ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); AssertIntEQ(r,SSL_SUCCESS); wolfSSL_CTX_free(ctx); ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); AssertIntEQ(r,SSL_SUCCESS); r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); AssertIntEQ(r,SSL_SUCCESS); wolfSSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ /* && !NO_SHA256 && !WC_NO_RNG */ } static void test_wolfSSL_X509_STORE(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) X509_STORE *store; #ifdef HAVE_CRL X509_STORE_CTX *storeCtx; X509_CRL *crl; X509 *ca, *cert; const char crlPem[] = "./certs/crl/crl.revoked"; const char srvCert[] = "./certs/server-revoked-cert.pem"; const char caCert[] = "./certs/ca-cert.pem"; XFILE fp; printf(testingFmt, "test_wolfSSL_X509_STORE"); AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, SSL_FILETYPE_PEM))); AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(cert); X509_free(ca); /* should fail to verify now after adding in CRL */ AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); fp = XFOPEN(crlPem, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); XFCLOSE(fp); AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED); X509_CRL_free(crl); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(cert); X509_free(ca); #endif /* HAVE_CRL */ #ifndef WOLFCRYPT_ONLY { SSL_CTX* ctx; SSL* ssl; int i; for (i = 0; i < 2; i++) { #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertNotNull(store = (X509_STORE *)X509_STORE_new()); SSL_CTX_set_cert_store(ctx, store); AssertNotNull(store = (X509_STORE *)X509_STORE_new()); SSL_CTX_set_cert_store(ctx, store); AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), SSL_SUCCESS); AssertIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); if (i == 0) { AssertIntEQ(SSL_set0_verify_cert_store(ssl, store), SSL_SUCCESS); } else { AssertIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS); X509_STORE_free(store); } SSL_free(ssl); SSL_CTX_free(ctx); } } #endif printf(resultFmt, passed); #endif return; } static void test_wolfSSL_X509_STORE_load_locations(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) SSL_CTX *ctx; X509_STORE *store; const char ca_file[] = "./certs/ca-cert.pem"; const char client_pem_file[] = "./certs/client-cert.pem"; const char client_der_file[] = "./certs/client-cert.der"; const char ecc_file[] = "./certs/ecc-key.pem"; const char certs_path[] = "./certs/"; const char bad_path[] = "./bad-path/"; #ifdef HAVE_CRL const char crl_path[] = "./certs/crl/"; const char crl_file[] = "./certs/crl/crl.pem"; #endif printf(testingFmt, "wolfSSL_X509_STORE_load_locations"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); #endif AssertNotNull(store = SSL_CTX_get_cert_store(ctx)); AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS); /* Test bad arguments */ AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE); #ifdef HAVE_CRL /* Test with CRL */ AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS); #endif /* Test with CA */ AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS); /* Test with client_cert and certs path */ AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) /* Clear nodes */ ERR_clear_error(); #endif SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_X509_STORE_get0_objects(void) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) X509_STORE *store; X509_STORE *store_cpy; SSL_CTX *ctx; X509_OBJECT *obj; STACK_OF(X509_OBJECT) *objs; int i; printf(testingFmt, "wolfSSL_X509_STORE_get0_objects"); /* Setup store */ #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); #endif AssertNotNull(store_cpy = X509_STORE_new()); AssertNotNull(store = SSL_CTX_get_cert_store(ctx)); AssertIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), WOLFSSL_SUCCESS); #ifdef HAVE_CRL AssertIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), WOLFSSL_SUCCESS); #endif /* Store ready */ /* Similar to HaProxy ssl_set_cert_crl_file use case */ AssertNotNull(objs = X509_STORE_get0_objects(store)); #ifdef HAVE_CRL #ifdef WOLFSSL_SIGNER_DER_CERT AssertIntEQ(sk_X509_OBJECT_num(objs), 4); #else AssertIntEQ(sk_X509_OBJECT_num(objs), 1); #endif #else #ifdef WOLFSSL_SIGNER_DER_CERT AssertIntEQ(sk_X509_OBJECT_num(objs), 3); #else AssertIntEQ(sk_X509_OBJECT_num(objs), 0); #endif #endif for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i); switch (X509_OBJECT_get_type(obj)) { case X509_LU_X509: AssertNotNull(X509_OBJECT_get0_X509(obj)); AssertIntEQ(X509_STORE_add_cert(store_cpy, X509_OBJECT_get0_X509(obj)), WOLFSSL_SUCCESS); break; case X509_LU_CRL: #ifdef HAVE_CRL AssertNotNull(X509_OBJECT_get0_X509_CRL(obj)); AssertIntEQ(X509_STORE_add_crl(store_cpy, X509_OBJECT_get0_X509_CRL(obj)), WOLFSSL_SUCCESS); break; #endif case X509_LU_NONE: default: Fail(("X509_OBJECT_get_type should return x509 or crl " "(when built with crl support)"), ("Unrecognized X509_OBJECT type or none")); } } X509_STORE_free(store_cpy); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_BN(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) BIGNUM* a; BIGNUM* b; BIGNUM* c; BIGNUM* d; ASN1_INTEGER* ai; printf(testingFmt, "wolfSSL_BN()"); AssertNotNull(b = BN_new()); AssertNotNull(c = BN_new()); AssertNotNull(d = BN_new()); ai = ASN1_INTEGER_new(); AssertNotNull(ai); /* at the moment hard setting since no set function */ ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[1] = 0x01; /* length of integer */ ai->data[2] = 0x03; AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL)); ASN1_INTEGER_free(ai); AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS); AssertIntEQ(BN_set_word(c, 5), SSL_SUCCESS); /* a + 3 = */ AssertIntEQ(BN_add_word(NULL, 3), WOLFSSL_FAILURE); AssertIntEQ(BN_add_word(a, 3), WOLFSSL_SUCCESS); /* check result 3 + 3*/ AssertIntEQ(BN_get_word(a), 6); /* set a back to 3 */ AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS); /* a - 3 = */ AssertIntEQ(BN_sub_word(NULL, 3), WOLFSSL_FAILURE); AssertIntEQ(BN_sub_word(a, 3), WOLFSSL_SUCCESS); /* check result 3 - 3*/ AssertIntEQ(BN_get_word(a), 0); /* set a back to 3 */ AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS); /* a^b mod c = */ AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE); AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS); /* check result 3^2 mod 5 */ AssertIntEQ(BN_get_word(d), 4); /* a*b = */ AssertIntEQ(BN_mul(d, NULL, b, NULL), WOLFSSL_FAILURE); AssertIntEQ(BN_mul(d, a, b, NULL), WOLFSSL_SUCCESS); /* check result 3*2 */ AssertIntEQ(BN_get_word(d), 6); /* c/b = */ AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE); AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS); /* check result 5/2 */ AssertIntEQ(BN_get_word(d), 2); /* check quotient */ AssertIntEQ(BN_get_word(a), 1); /* check remainder */ /* set a back to 3 */ AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS); /* a*b mod c = */ AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE); AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS); /* check result 3*2 mod 5 */ AssertIntEQ(BN_get_word(d), 1); AssertIntEQ(BN_set_word(a, 16), SSL_SUCCESS); AssertIntEQ(BN_set_word(b, 24), SSL_SUCCESS); #ifdef WOLFSSL_KEY_GEN /* gcd of a and b */ AssertIntEQ(BN_gcd(d, NULL, b, NULL), SSL_FAILURE); AssertIntEQ(BN_gcd(d, a, b, NULL), SSL_SUCCESS); /* check result gcd(16, 24) */ AssertIntEQ(BN_get_word(d), 8); #endif /* WOLFSSL_KEY_GEN */ /* set b back to 2 */ AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS); /* BN_mod_inverse test */ BIGNUM *r = BN_new(); BIGNUM *val = BN_mod_inverse(r,b,c,NULL); AssertIntEQ((int)(BN_get_word(r) & 0x03), 3); BN_free(val); #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \ defined(WOLFSSL_SP_INT_NEGATIVE)) AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS); AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS); AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS); AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE); AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS); #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) { char* ret; AssertNotNull(ret = BN_bn2dec(c)); AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0); XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); } #endif AssertIntEQ(BN_get_word(c), 4); #endif BN_free(a); BN_free(b); BN_free(c); BN_clear_free(d); /* check that converting NULL and the null string returns an error */ a = NULL; AssertIntLE(BN_hex2bn(&a, NULL), 0); AssertIntLE(BN_hex2bn(&a, ""), 0); AssertNull(a); /* check that getting a string and a bin of the same number are equal, * and that the comparison works EQ, LT and GT */ AssertIntGT(BN_hex2bn(&a, "03"), 0); AssertNotNull(b = BN_new()); AssertIntEQ(BN_set_word(b, 3), SSL_SUCCESS); AssertNotNull(c = BN_new()); AssertIntEQ(BN_set_word(c, 4), SSL_SUCCESS); AssertIntEQ(BN_cmp(a, b), 0); AssertIntLT(BN_cmp(a, c), 0); AssertIntGT(BN_cmp(c, b), 0); AssertIntEQ(BN_set_word(a, 0), 1); AssertIntEQ(BN_is_zero(a), 1); AssertIntEQ(BN_set_bit(a, 0x45), 1); AssertIntEQ(BN_is_zero(a), 0); AssertIntEQ(BN_is_bit_set(a, 0x45), 1); AssertIntEQ(BN_clear_bit(a, 0x45), 1); AssertIntEQ(BN_is_bit_set(a, 0x45), 0); AssertIntEQ(BN_is_zero(a), 1); BN_free(a); BN_free(b); BN_free(c); #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT) { BIGNUM *ap; BIGNUM bv; BIGNUM cv; BIGNUM dv; AssertNotNull(ap = BN_new()); BN_init(&bv); BN_init(&cv); BN_init(&dv); AssertIntEQ(BN_set_word(ap, 3), SSL_SUCCESS); AssertIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS); AssertIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS); /* a^b mod c = */ AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE); AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS); /* check result 3^2 mod 5 */ AssertIntEQ(BN_get_word(&dv), 4); /* a*b mod c = */ AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE); AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS); /* check result 3*2 mod 5 */ AssertIntEQ(BN_get_word(&dv), 1); BN_free(ap); } #endif #ifdef WOLFSSL_KEY_GEN AssertNotNull(a = BN_new()); AssertIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL), SSL_SUCCESS); AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), SSL_SUCCESS); BN_free(a); #endif printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ } #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #define TEST_ARG 0x1234 static void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { (void)write_p; (void)version; (void)content_type; (void)buf; (void)len; (void)ssl; AssertTrue(arg == (void*)TEST_ARG); } #endif #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED #if defined(SESSION_CERTS) #include "wolfssl/internal.h" #endif static int msgCb(SSL_CTX *ctx, SSL *ssl) { (void) ctx; (void) ssl; #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) STACK_OF(X509)* sk; X509* x509; int i, num; BIO* bio; #endif printf("\n===== msgcb called ====\n"); #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL); AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2); AssertNotNull(SSL_get0_verified_chain(ssl)); #endif #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) bio = BIO_new(BIO_s_file()); BIO_set_fp(bio, stdout, BIO_NOCLOSE); sk = SSL_get_peer_cert_chain(ssl); AssertNotNull(sk); if (!sk) { BIO_free(bio); return SSL_FAILURE; } num = sk_X509_num(sk); AssertTrue(num > 0); for (i = 0; i < num; i++) { x509 = sk_X509_value(sk,i); AssertNotNull(x509); if (!x509) break; printf("Certificate at index [%d] = :\n",i); X509_print(bio,x509); printf("\n\n"); } BIO_free(bio); #endif return SSL_SUCCESS; } #endif #endif static void test_wolfSSL_msgCb(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_WOLFSSL_SERVER) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; printf(testingFmt, "test_wolfSSL_msgCb"); /* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); #ifndef WOLFSSL_NO_TLS12 client_cb.method = wolfTLSv1_2_client_method; server_cb.method = wolfTLSv1_2_server_method; #else client_cb.method = wolfTLSv1_3_client_method; server_cb.method = wolfTLSv1_3_server_method; #endif server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, msgCb); join_thread(serverThread); #endif FreeTcpReady(&ready); #ifndef SINGLE_THREADED AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_either_side(void) { #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \ !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; printf(testingFmt, "test_wolfSSL_either_side"); /* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); /* Use different CTX for client and server */ client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method()); AssertNotNull(client_cb.ctx); server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method()); AssertNotNull(server_cb.ctx); /* we are responsible for free'ing WOLFSSL_CTX */ server_cb.isSharedCtx = client_cb.isSharedCtx = 1; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); #endif wolfSSL_CTX_free(client_cb.ctx); wolfSSL_CTX_free(server_cb.ctx); FreeTcpReady(&ready); #ifndef SINGLE_THREADED AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_DTLS_either_side(void) { #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \ !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(WOLFSSL_DTLS) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; printf(testingFmt, "test_wolfSSL_DTLS_either_side"); /* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); /* Use different CTX for client and server */ client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method()); AssertNotNull(client_cb.ctx); server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method()); AssertNotNull(server_cb.ctx); /* we are responsible for free'ing WOLFSSL_CTX */ server_cb.isSharedCtx = client_cb.isSharedCtx = 1; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); #endif wolfSSL_CTX_free(client_cb.ctx); wolfSSL_CTX_free(server_cb.ctx); FreeTcpReady(&ready); #ifndef SINGLE_THREADED AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif printf(resultFmt, passed); #endif } static void test_generate_cookie(void) { #if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO) SSL_CTX* ctx; SSL* ssl; byte buf[FOURK_BUF] = {0}; printf(testingFmt, "test_generate_cookie"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method())); AssertNotNull(ssl = SSL_new(ctx)); /* Test unconnected */ AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E); wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie); wolfSSL_SetCookieCtx(ssl, ctx); AssertNotNull(wolfSSL_GetCookieCtx(ssl)); AssertNull(wolfSSL_GetCookieCtx(NULL)); SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_set_options(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) SSL* ssl; SSL_CTX* ctx; char appData[] = "extra msg"; unsigned char protos[] = { 7, 't', 'l', 's', '/', '1', '.', '2', 8, 'h', 't', 't', 'p', '/', '1', '.', '1' }; unsigned int len = sizeof(protos); void *arg = (void *)TEST_ARG; printf(testingFmt, "wolfSSL_set_options()"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_SSLv2)), 0); AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE); AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) & SSL_OP_NO_COMPRESSION)); SSL_CTX_free(ctx); #ifndef NO_WOLFSSL_SERVER ctx = SSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = SSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_set_msg_callback(ctx, msg_cb) == SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); #ifdef HAVE_EX_DATA AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_SUCCESS); AssertNotNull(SSL_get_app_data((const WOLFSSL*)ssl)); if (ssl) { AssertIntEQ(XMEMCMP(SSL_get_app_data((const WOLFSSL*)ssl), appData, sizeof(appData)), 0); } #else AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_FAILURE); AssertNull(SSL_get_app_data((const WOLFSSL*)ssl)); #endif AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1); AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE | WOLFSSL_OP_NO_SSLv2)), 0); AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE); AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) & SSL_OP_NO_COMPRESSION)); AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS); SSL_set_msg_callback_arg(ssl, arg); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == 0); #else AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS); #endif #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) #if defined(HAVE_ALPN) && !defined(NO_BIO) #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == 0); #else AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == SSL_SUCCESS); #endif #endif /* HAVE_ALPN && !NO_BIO */ #endif SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } static void test_wolfSSL_sk_SSL_CIPHER(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) SSL* ssl; SSL_CTX* ctx; STACK_OF(SSL_CIPHER) *sk, *dup; printf(testingFmt, "wolfSSL_sk_SSL_CIPHER_*()"); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(sk = SSL_get_ciphers(ssl)); AssertNotNull(dup = sk_SSL_CIPHER_dup(sk)); AssertIntGT(sk_SSL_CIPHER_num(sk), 0); AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dup)); /* error case because connection has not been established yet */ AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1); sk_SSL_CIPHER_free(dup); /* sk is pointer to internal struct that should be free'd in SSL_free */ SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } static void test_wolfSSL_set1_curves_list(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_RSA) SSL* ssl = NULL; SSL_CTX* ctx = NULL; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE); AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE); AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS); AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE); AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE); AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS); SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_set1_sigalgs_list(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) SSL* ssl; SSL_CTX* ctx; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE); #ifndef NO_RSA #ifndef NO_SHA256 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"), WOLFSSL_FAILURE); #ifdef WC_RSA_PSS AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"), WOLFSSL_SUCCESS); #endif #ifdef WOLFSSL_SHA512 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS); #elif defined(WOLFSSL_SHA384) AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"), WOLFSSL_FAILURE); #endif #endif #ifdef HAVE_ECC #ifndef NO_SHA256 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"), WOLFSSL_SUCCESS); #ifdef WOLFSSL_SHA512 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS); #elif defined(WOLFSSL_SHA384) AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS); #endif #endif #endif #ifdef HAVE_ED25519 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS); #endif #ifdef HAVE_ED448 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS); #endif #ifndef NO_DSA #ifndef NO_SHA256 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"), WOLFSSL_SUCCESS); #endif #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"), WOLFSSL_SUCCESS); #endif #endif SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } /* Testing wolfSSL_set_tlsext_status_type function. * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined. */ static void test_wolfSSL_set_tlsext_status_type(void){ #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) SSL* ssl; SSL_CTX* ctx; printf(testingFmt, "wolfSSL_set_tlsext_status_type()"); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp), SSL_SUCCESS); AssertIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp); SSL_free(ssl); SSL_CTX_free(ctx); #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */ } #ifndef NO_BIO static void test_wolfSSL_PEM_read_bio(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) byte buff[6000]; XFILE f; int bytes; X509* x509; BIO* bio = NULL; BUF_MEM* buf; printf(testingFmt, "wolfSSL_PEM_read_bio()"); f = XFOPEN(cliCertFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1); AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1); AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1); AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf)); BIO_free(bio); BUF_MEM_free(buf); X509_free(x509); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } #if defined(OPENSSL_EXTRA) static long bioCallback(BIO *bio, int cmd, const char* argp, int argi, long argl, long ret) { (void)bio; (void)cmd; (void)argp; (void)argi; (void)argl; return ret; } #endif static void test_wolfSSL_BIO(void) { #if defined(OPENSSL_EXTRA) const unsigned char* p; byte buff[20]; BIO* bio1; BIO* bio2; BIO* bio3; char* bufPt; int i; printf(testingFmt, "wolfSSL_BIO()"); for (i = 0; i < 20; i++) { buff[i] = i; } /* test BIO_free with NULL */ AssertIntEQ(BIO_free(NULL), WOLFSSL_FAILURE); /* Creating and testing type BIO_s_bio */ AssertNotNull(bio1 = BIO_new(BIO_s_bio())); AssertNotNull(bio2 = BIO_new(BIO_s_bio())); AssertNotNull(bio3 = BIO_new(BIO_s_bio())); /* read/write before set up */ AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET); AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET); AssertIntEQ(BIO_set_nbio(bio1, 1), 1); AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS); AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS); AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10); XMEMCPY(bufPt, buff, 10); AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10); /* write buffer full */ AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS); AssertIntEQ((int)BIO_ctrl_pending(bio1), 0); /* write the other direction with pair */ AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8); XMEMCPY(bufPt, buff, 8); AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR); /* try read */ AssertIntEQ((int)BIO_ctrl_pending(bio1), 8); AssertIntEQ((int)BIO_ctrl_pending(bio2), 20); /* try read using ctrl function */ AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8); AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8); AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20); AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20); AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20); for (i = 0; i < 20; i++) { AssertIntEQ((int)bufPt[i], i); } AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8); for (i = 0; i < 8; i++) { AssertIntEQ((int)bufPt[i], i); } AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1); /* new pair */ AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE); BIO_free(bio2); /* free bio2 and automatically remove from pair */ AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS); AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR); /* test wrap around... */ AssertIntEQ(BIO_reset(bio1), 0); AssertIntEQ(BIO_reset(bio3), 0); /* fill write buffer, read only small amount then write again */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); XMEMCPY(bufPt, buff, 20); AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4); for (i = 0; i < 4; i++) { AssertIntEQ(bufPt[i], i); } /* try writing over read index */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4); XMEMSET(bufPt, 0, 4); AssertIntEQ((int)BIO_ctrl_pending(bio3), 20); /* read and write 0 bytes */ AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0); /* should read only to end of write buffer then need to read again */ AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16); for (i = 0; i < 16; i++) { AssertIntEQ(bufPt[i], buff[4 + i]); } AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(BIO_nread0(bio3, &bufPt), 4); for (i = 0; i < 4; i++) { AssertIntEQ(bufPt[i], 0); } /* read index should not have advanced with nread0 */ AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4); for (i = 0; i < 4; i++) { AssertIntEQ(bufPt[i], 0); } /* write and fill up buffer checking reset of index state */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); XMEMCPY(bufPt, buff, 20); /* test reset on data in bio1 write buffer */ AssertIntEQ(BIO_reset(bio1), 0); AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20); AssertNotNull(p); XMEMCPY(bufPt, buff, 20); AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6); for (i = 0; i < 6; i++) { AssertIntEQ(bufPt[i], i); } /* test case of writing twice with offset read index */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); BIO_free(bio1); BIO_free(bio3); #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) { BIO* bioA = NULL; BIO* bioB = NULL; AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG); AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS); BIO_free(bioA); bioA = NULL; BIO_free(bioB); bioB = NULL; } #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ /* BIOs with file pointers */ #if !defined(NO_FILESYSTEM) { XFILE f1; XFILE f2; BIO* f_bio1; BIO* f_bio2; unsigned char cert[300]; char testFile[] = "tests/bio_write_test.txt"; char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n"; AssertNotNull(f_bio1 = BIO_new(BIO_s_file())); AssertNotNull(f_bio2 = BIO_new(BIO_s_file())); AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0); f1 = XFOPEN(svrCertFile, "rwb"); AssertTrue((f1 != XBADFILE)); AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS); AssertIntEQ(BIO_write_filename(f_bio2, testFile), WOLFSSL_SUCCESS); AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); AssertIntEQ(BIO_tell(f_bio1),sizeof(cert)); AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg)); AssertIntEQ(BIO_tell(f_bio2),sizeof(msg)); AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert)); AssertIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg)); AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS); AssertIntEQ(BIO_reset(f_bio2), 0); AssertIntEQ(BIO_tell(NULL),-1); AssertIntEQ(BIO_tell(f_bio2),0); AssertIntEQ(BIO_seek(f_bio2, 4), 0); AssertIntEQ(BIO_tell(f_bio2),4); BIO_free(f_bio1); BIO_free(f_bio2); AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb")); AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); BIO_free(f_bio1); } #endif /* !defined(NO_FILESYSTEM) */ /* BIO info callback */ { const char* testArg = "test"; BIO* cb_bio; AssertNotNull(cb_bio = BIO_new(BIO_s_mem())); BIO_set_callback(cb_bio, bioCallback); AssertNotNull(BIO_get_callback(cb_bio)); BIO_set_callback(cb_bio, NULL); AssertNull(BIO_get_callback(cb_bio)); BIO_set_callback_arg(cb_bio, (char*)testArg); AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg); AssertNull(BIO_get_callback_arg(NULL)); BIO_free(cb_bio); } /* BIO_vfree */ AssertNotNull(bio1 = BIO_new(BIO_s_bio())); BIO_vfree(NULL); BIO_vfree(bio1); printf(resultFmt, passed); #endif } #endif /* !NO_BIO */ static void test_wolfSSL_ASN1_STRING(void) { #if defined(OPENSSL_EXTRA) ASN1_STRING* str = NULL; const char data[] = "hello wolfSSL"; printf(testingFmt, "wolfSSL_ASN1_STRING()"); AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING); AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1); AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0); ASN1_STRING_free(str); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_BIT_STRING(void) { #ifdef OPENSSL_ALL ASN1_BIT_STRING* str; printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()"); AssertNotNull(str = ASN1_BIT_STRING_new()); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0); ASN1_BIT_STRING_free(str); printf(resultFmt, passed); #endif } static void test_wolfSSL_a2i_ASN1_INTEGER(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) BIO *bio, *out; ASN1_INTEGER* ai; char buf[] = "123456\n12345\n112345678912345678901234567890\n"; char tmp[1024]; int tmpSz; const char expected1[] = "123456"; const char expected2[] = "112345678912345678901234567890"; printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()"); AssertNotNull(bio = BIO_new_mem_buf(buf, -1)); AssertNotNull(out = BIO_new(BIO_s_mem())); AssertNotNull(ai = ASN1_INTEGER_new()); /* read first line */ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS); AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); AssertIntEQ(tmpSz, 6); AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0); /* fail on second line (not % 2) */ AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS); /* read 3rd long line */ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS); AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); AssertIntEQ(tmpSz, 30); AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0); BIO_free(out); BIO_free(bio); ASN1_INTEGER_free(ai); printf(resultFmt, passed); #endif } static void test_wolfSSL_a2i_IPADDRESS(void) { #if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO) const unsigned char* data; int dataSz = 0; ASN1_OCTET_STRING *st; const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1}; const unsigned char ipv6_exp[] = { 0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77 }; const unsigned char ipv6_home[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; printf(testingFmt, "test_wolfSSL_a2i_IPADDRESS()"); AssertNull(st = a2i_IPADDRESS("127.0.0.1bad")); AssertNotNull(st = a2i_IPADDRESS("127.0.0.1")); data = ASN1_STRING_get0_data(st); dataSz = ASN1_STRING_length(st); AssertIntEQ(dataSz, WOLFSSL_IP4_ADDR_LEN); AssertIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0); ASN1_STRING_free(st); AssertNotNull(st = a2i_IPADDRESS("::1")); data = ASN1_STRING_get0_data(st); dataSz = ASN1_STRING_length(st); AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN); AssertIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0); ASN1_STRING_free(st); AssertNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777")); data = ASN1_STRING_get0_data(st); dataSz = ASN1_STRING_length(st); AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN); AssertIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0); ASN1_STRING_free(st); printf(resultFmt, passed); #endif } static void test_wolfSSL_DES_ecb_encrypt(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2; WOLFSSL_DES_key_schedule key; printf(testingFmt, "wolfSSL_DES_ecb_encrypt()"); XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule)); XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock)); XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock)); XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock)); XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock)); XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock)); XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock)); /* Encrypt messages */ wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT); wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT); /* Decrypt messages */ int ret1 = 0; int ret2 = 0; wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT); ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret1,0); wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT); ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret2,0); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_TIME_adj(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ && !defined(USER_TIME) && !defined(TIME_OVERRIDES) const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; const byte asn_utc_time = ASN_UTC_TIME; #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) const byte asn_gen_time = ASN_GENERALIZED_TIME; #endif WOLFSSL_ASN1_TIME *asn_time, *s; int offset_day; long offset_sec; char date_str[CTC_DATE_SIZE + 1]; time_t t; printf(testingFmt, "wolfSSL_ASN1_TIME_adj()"); AssertNotNull(s = wolfSSL_ASN1_TIME_new()); /* UTC notation test */ /* 2000/2/15 20:30:00 */ t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; offset_day = 7; offset_sec = 45 * mini; /* offset_sec = -45 * min;*/ AssertNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec)); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); /* negative offset */ offset_sec = -45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); XMEMSET(date_str, 0, sizeof(date_str)); /* Generalized time will overflow time_t if not long */ #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_OPENSSL); /* GeneralizedTime notation test */ /* 2055/03/01 09:00:00 */ t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day; offset_day = 12; offset_sec = 10 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_gen_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); XMEMSET(date_str, 0, sizeof(date_str)); #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */ /* if WOLFSSL_ASN1_TIME struct is not allocated */ s = NULL; t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day; offset_day = 7; offset_sec = 45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_TIME_to_tm(void) { #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \ && !defined(NO_ASN_TIME) ASN1_TIME asnTime; struct tm tm; printf(testingFmt, "wolfSSL_ASN1_TIME_to_tm()"); XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1); AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); AssertIntEQ(tm.tm_sec, 15); AssertIntEQ(tm.tm_min, 15); AssertIntEQ(tm.tm_hour, 21); AssertIntEQ(tm.tm_mday, 22); AssertIntEQ(tm.tm_mon, 1); AssertIntEQ(tm.tm_year, 100); AssertIntEQ(tm.tm_isdst, 0); #ifdef XMKTIME AssertIntEQ(tm.tm_wday, 2); AssertIntEQ(tm.tm_yday, 52); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_cmp_time(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ && !defined(USER_TIME) && !defined(TIME_OVERRIDES) WOLFSSL_ASN1_TIME asn_time; time_t t; printf(testingFmt, "wolfSSL_X509_cmp_time()"); AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1); AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_time_adj(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \ !defined(NO_ASN_TIME) X509* x509; time_t t, not_before, not_after; printf(testingFmt, "wolfSSL_X509_time_adj()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer( client_cert_der_2048, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); t = 0; not_before = XTIME(0); not_after = XTIME(0) + (60 * 24 * 30); /* 30 days after */ AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); /* Check X509_gmtime_adj, too. */ AssertNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after)); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\ && !defined(NO_RSA) X509* x509; #ifndef NO_BIO BIO* bio; X509_STORE_CTX* ctx; X509_STORE* store; #endif char der[] = "certs/ca-cert.der"; XFILE fp; printf(testingFmt, "wolfSSL_X509()"); AssertNotNull(x509 = X509_new()); X509_free(x509); #ifndef NO_BIO x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM); AssertNotNull(bio = BIO_new(BIO_s_mem())); #ifdef WOLFSSL_CERT_GEN AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); #endif AssertNotNull(ctx = X509_STORE_CTX_new()); AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR); AssertNotNull(store = X509_STORE_new()); AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS); AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS); X509_STORE_CTX_free(ctx); X509_STORE_free(store); X509_free(x509); BIO_free(bio); #endif /** d2i_X509_fp test **/ fp = XFOPEN(der, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); AssertNotNull(x509); X509_free(x509); XFCLOSE(fp); fp = XFOPEN(der, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); AssertNotNull(x509); X509_free(x509); XFCLOSE(fp); /* X509_up_ref test */ AssertIntEQ(X509_up_ref(NULL), 0); AssertNotNull(x509 = X509_new()); /* refCount = 1 */ AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */ AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */ X509_free(x509); /* refCount = 2 */ X509_free(x509); /* refCount = 1 */ X509_free(x509); /* refCount = 0, free */ printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_get_ext_count(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) int ret = 0; WOLFSSL_X509* x509; const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; FILE* f; printf(testingFmt, "wolfSSL_X509_get_ext_count()"); /* NULL parameter check */ AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_get_ext_count(x509), 5); wolfSSL_X509_free(x509); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_get_ext_count(x509), 5); wolfSSL_X509_free(x509); AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); printf(testingFmt, "wolfSSL_X509_get_ext_count() valid input"); AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); printf(resultFmt, ret == 4 ? passed : failed); printf(testingFmt, "wolfSSL_X509_get_ext_count() NULL argument"); AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE); printf(resultFmt, ret == WOLFSSL_FAILURE ? passed : failed); wolfSSL_X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_sign2(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)) WOLFSSL_X509 *x509, *ca; const unsigned char *der; const unsigned char *pt; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME *name; WOLFSSL_ASN1_TIME *notBefore, *notAfter; int derSz; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; time_t t; const unsigned char expected[] = { #ifdef WOLFSSL_AKID_NAME 0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b, 0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c, 0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2, 0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4, 0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8, 0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef, 0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc, 0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7, 0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01, 0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c, 0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1, 0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e, 0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43, 0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52, 0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c, 0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3, 0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a, 0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4, 0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5, 0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15, 0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x44, 0x30, 0x82, 0x01, 0x40, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30, 0x81, 0xd3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcb, 0x30, 0x81, 0xc8, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0xa1, 0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x2e, 0xd1, 0xec, 0xbc, 0x99, 0xfe, 0x50, 0x38, 0x47, 0x47, 0x88, 0x51, 0xcf, 0xe4, 0x88, 0x76, 0xdf, 0x89, 0x8f, 0xea, 0x91, 0xbc, 0xd6, 0xc6, 0x91, 0xc9, 0xcc, 0x33, 0x77, 0x5d, 0xdd, 0x4b, 0xc9, 0xf6, 0x10, 0x54, 0xe2, 0x04, 0x89, 0x51, 0xdb, 0xe1, 0x00, 0x0c, 0x61, 0x03, 0x26, 0x86, 0x35, 0xac, 0x96, 0x23, 0x9d, 0xef, 0xd9, 0x95, 0xe4, 0xb4, 0x83, 0x9e, 0x0f, 0x47, 0x30, 0x08, 0x96, 0x28, 0x7f, 0x2d, 0xe3, 0x23, 0x30, 0x3b, 0xb0, 0x46, 0xe8, 0x21, 0x78, 0xb4, 0xc0, 0xbc, 0x9f, 0x60, 0x02, 0xd4, 0x16, 0x2d, 0xe5, 0x5a, 0x00, 0x65, 0x15, 0x95, 0x81, 0x93, 0x80, 0x06, 0x3e, 0xf7, 0xdf, 0x0c, 0x2b, 0x3f, 0x14, 0xfc, 0xc3, 0x79, 0xfd, 0x59, 0x5c, 0xa7, 0xc3, 0xe0, 0xa8, 0xd4, 0x53, 0x4f, 0x13, 0x0a, 0xa3, 0xfe, 0x1d, 0x63, 0x4e, 0x84, 0xb2, 0x98, 0x19, 0x06, 0xe0, 0x60, 0x3a, 0xc9, 0x49, 0x73, 0x00, 0xe3, 0x72, 0x2f, 0x68, 0x27, 0x9f, 0x14, 0x18, 0xb7, 0x57, 0xb9, 0x1d, 0xa8, 0xb3, 0x05, 0x6c, 0xf5, 0x4b, 0x0e, 0xac, 0x26, 0x7a, 0xfe, 0xc1, 0xab, 0x1f, 0x27, 0xf1, 0x1e, 0x21, 0x33, 0x31, 0xb6, 0x43, 0xb0, 0xf8, 0x74, 0x69, 0x6a, 0xb1, 0x9b, 0xcb, 0xe4, 0xd3, 0xa2, 0x8e, 0x8a, 0x55, 0xef, 0x81, 0xf3, 0x4a, 0x44, 0x90, 0x4d, 0x08, 0xb8, 0x31, 0x90, 0x1a, 0x82, 0x52, 0x56, 0xeb, 0xf0, 0x50, 0x5b, 0x9f, 0x87, 0x98, 0x54, 0xfe, 0x6a, 0x60, 0x41, 0x16, 0xdb, 0xdc, 0xff, 0x89, 0x4c, 0x98, 0x00, 0xb1, 0x87, 0x6c, 0xe7, 0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14, 0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab, 0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0 #else 0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b, 0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c, 0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2, 0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4, 0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8, 0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef, 0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc, 0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7, 0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01, 0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c, 0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1, 0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e, 0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43, 0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52, 0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c, 0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3, 0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a, 0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4, 0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5, 0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15, 0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x2a, 0x3d, 0x94, 0x37, 0xae, 0xd6, 0x28, 0x12, 0xed, 0x6d, 0x95, 0xc9, 0x05, 0x89, 0x4b, 0x5c, 0x5e, 0x88, 0xed, 0x9e, 0x14, 0x89, 0x79, 0x65, 0x7b, 0x5c, 0xdb, 0xcd, 0x21, 0xc5, 0xfc, 0x7a, 0x05, 0xd2, 0x33, 0x54, 0xa1, 0x1b, 0xb2, 0xc6, 0xd8, 0x3e, 0x88, 0x7d, 0x58, 0xfd, 0xd0, 0xca, 0x71, 0x58, 0xd5, 0x37, 0x81, 0xe0, 0xef, 0x65, 0xfc, 0x1b, 0xf1, 0x5d, 0xdd, 0x26, 0x68, 0x12, 0xfb, 0x12, 0x24, 0xd5, 0x45, 0x4f, 0x41, 0xad, 0xee, 0x3f, 0x16, 0x40, 0xb2, 0x59, 0xe6, 0x5b, 0x76, 0xe7, 0x47, 0x11, 0xa4, 0xe1, 0x2f, 0x0d, 0xe8, 0x13, 0x13, 0x49, 0xb0, 0x01, 0x11, 0x15, 0xb5, 0xb3, 0x93, 0x4f, 0x28, 0xdc, 0xd0, 0x30, 0x03, 0x48, 0x02, 0x95, 0x2d, 0xd9, 0x26, 0x87, 0x1f, 0x19, 0xa1, 0x03, 0x5c, 0x7c, 0xde, 0x54, 0xd4, 0x98, 0x85, 0x34, 0xcc, 0x54, 0xf1, 0x24, 0x43, 0xa6, 0x87, 0xfa, 0xb6, 0x62, 0xee, 0xa3, 0x4a, 0xb3, 0xce, 0x1c, 0x2e, 0xbf, 0x94, 0xef, 0x4c, 0x75, 0x75, 0x55, 0x1d, 0xc9, 0xc2, 0xe4, 0xe5, 0x24, 0xb2, 0x0a, 0x93, 0xf0, 0xff, 0x2e, 0x43, 0x99, 0xad, 0x4e, 0x83, 0x11, 0x52, 0xf4, 0xb9, 0x92, 0x30, 0xe1, 0x02, 0x2f, 0xa5, 0xf2, 0x21, 0xb1, 0xf4, 0xe9, 0x57, 0xbd, 0xba, 0x17, 0x56, 0xd7, 0x31, 0xcb, 0x63, 0xa3, 0xd5, 0xcf, 0xc9, 0xd9, 0xa6, 0x4f, 0x51, 0x6c, 0x52, 0x4c, 0x53, 0x88, 0x9a, 0x2e, 0xb9, 0x72, 0x02, 0x6e, 0x1b, 0x21, 0x93, 0xa1, 0x88, 0x1b, 0x35, 0x0e, 0x9e, 0x2b, 0x63, 0x81, 0xba, 0xb4, 0x6b, 0x28, 0x01, 0x56, 0xe1, 0x0e, 0x13, 0x73, 0xf6, 0xd6, 0xa0, 0xd2, 0xfd, 0xc9, 0x4d, 0xbd, 0xa8, 0xa9, 0x22, 0x9e, 0xc7, 0x13, 0x76, 0x5a, 0x9c, 0xd3, 0x9a, 0xf4, 0x0c, 0x52, 0xe6, 0x47, 0xcb #endif }; printf(testingFmt, "wolfSSL_X509_sign2"); pt = ca_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, sizeof_ca_key_der_2048)); pt = client_cert_der_2048; AssertNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt, sizeof_client_cert_der_2048)); pt = ca_cert_der_2048; AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); AssertIntEQ(notAfter->length, 13); AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); wolfSSL_X509_sign(x509, priv, EVP_sha256()); AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(derSz, sizeof(expected)); AssertIntEQ(XMEMCMP(der, expected, derSz), 0); wolfSSL_X509_free(ca); wolfSSL_X509_free(x509); wolfSSL_EVP_PKEY_free(priv); wolfSSL_ASN1_TIME_free(notBefore); wolfSSL_ASN1_TIME_free(notAfter); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_sign(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) int ret; char *cn; word32 cnSz; X509_NAME *name; X509 *x509, *ca; DecodedCert dCert; EVP_PKEY *pub; EVP_PKEY *priv; EVP_MD_CTX *mctx; #if defined(USE_CERT_BUFFERS_1024) const unsigned char* rsaPriv = client_key_der_1024; const unsigned char* rsaPub = client_keypub_der_1024; const unsigned char* certIssuer = client_cert_der_1024; long clientKeySz = (long)sizeof_client_key_der_1024; long clientPubKeySz = (long)sizeof_client_keypub_der_1024; long certIssuerSz = (long)sizeof_client_cert_der_1024; #elif defined(USE_CERT_BUFFERS_2048) const unsigned char* rsaPriv = client_key_der_2048; const unsigned char* rsaPub = client_keypub_der_2048; const unsigned char* certIssuer = client_cert_der_2048; long clientKeySz = (long)sizeof_client_key_der_2048; long clientPubKeySz = (long)sizeof_client_keypub_der_2048; long certIssuerSz = (long)sizeof_client_cert_der_2048; #endif byte sn[16]; int snSz = sizeof(sn); printf(testingFmt, "wolfSSL_X509_sign"); /* Set X509_NAME fields */ AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); /* Get private and public keys */ AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, clientKeySz)); AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); AssertNotNull(x509 = X509_new()); /* Set version 3 */ AssertIntNE(X509_set_version(x509, 2L), 0); /* Set subject name, add pubkey, and sign certificate */ AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); X509_NAME_free(name); AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); #ifdef WOLFSSL_ALT_NAMES /* Add some subject alt names */ AssertIntNE(wolfSSL_X509_add_altname(NULL, "ipsum", ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, NULL, ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, "sphygmomanometer", ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, "supercalifragilisticexpialidocious", ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", ASN_DNS_TYPE), SSL_SUCCESS); #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) { unsigned char ip4_type[] = {127,128,0,255}; unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, 0xff, 0xee, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x00, 0x33, 0x22, 0x11}; AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type, sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type, sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS); } #endif #endif /* WOLFSSL_ALT_NAMES */ /* test valid sign case */ ret = X509_sign(x509, priv, EVP_sha256()); /* test valid X509_sign_ctx case */ AssertNotNull(mctx = EVP_MD_CTX_new()); AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1); AssertIntGT(X509_sign_ctx(x509, mctx), 0); #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) AssertIntEQ(X509_get_ext_count(x509), 1); #endif #if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)) AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); #endif AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz), WOLFSSL_SUCCESS); DEBUG_WRITE_CERT_X509(x509, "signed.der"); /* Variation in size depends on ASN.1 encoding when MSB is set */ #ifndef WOLFSSL_ALT_NAMES /* Valid case - size should be 798-797 with 16 byte serial number */ AssertTrue((ret == 781 + snSz) || (ret == 782 + snSz)); #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) /* Valid case - size should be 955-956 with 16 byte serial number */ AssertTrue((ret == 939 + snSz) || (ret == 940 + snSz)); #else /* Valid case - size should be 926-927 with 16 byte serial number */ AssertTrue((ret == 910 + snSz) || (ret == 911 + snSz)); #endif /* check that issuer name is as expected after signature */ InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); AssertNotNull(name = X509_get_subject_name(ca)); cnSz = X509_NAME_get_sz(name); AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz)); AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); #ifdef WOLFSSL_MULTI_ATTRIB /* test adding multiple OU's to the signer */ AssertNotNull(name = X509_get_subject_name(ca)); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, (byte*)"OU1", 3, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, (byte*)"OU2", 3, -1, 0), SSL_SUCCESS); AssertIntGT(X509_sign(ca, priv, EVP_sha256()), 0); #endif AssertNotNull(name = X509_get_subject_name(ca)); AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0); AssertNotNull(name = X509_get_issuer_name(x509)); cnSz = X509_NAME_get_sz(name); AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz)); /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); FreeDecodedCert(&dCert); /* Test invalid parameters */ AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); AssertIntEQ(X509_sign(x509, priv, NULL), 0); AssertIntEQ(X509_sign_ctx(NULL, mctx), 0); EVP_MD_CTX_free(mctx); AssertNotNull(mctx = EVP_MD_CTX_new()); AssertIntEQ(X509_sign_ctx(x509, mctx), 0); AssertIntEQ(X509_sign_ctx(x509, NULL), 0); /* test invalid version number */ #if defined(OPENSSL_ALL) AssertIntNE(X509_set_version(x509, 6L), 0); AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0); /* uses ParseCert which fails on bad version number */ AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE); #endif EVP_MD_CTX_free(mctx); EVP_PKEY_free(priv); EVP_PKEY_free(pub); X509_free(x509); X509_free(ca); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_get0_tbs_sigalg(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) X509* x509 = NULL; const X509_ALGOR* alg; printf(testingFmt, "wolfSSL_X509_get0_tbs_sigalg"); AssertNotNull(x509 = X509_new()); AssertNull(alg = X509_get0_tbs_sigalg(NULL)); AssertNotNull(alg = X509_get0_tbs_sigalg(x509)); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_ALGOR_get0(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_SHA256) && !defined(NO_RSA) X509* x509 = NULL; const ASN1_OBJECT* obj = NULL; const X509_ALGOR* alg; int pptype = 0; const void *ppval = NULL; printf(testingFmt, "wolfSSL_X509_ALGOR_get0"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(alg = X509_get0_tbs_sigalg(x509)); /* Invalid case */ X509_ALGOR_get0(&obj, NULL, NULL, NULL); AssertNull(obj); /* Valid case */ X509_ALGOR_get0(&obj, &pptype, &ppval, alg); AssertNotNull(obj); AssertNull(ppval); AssertIntNE(pptype, 0); /* Make sure NID of X509_ALGOR is Sha256 with RSA */ AssertIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_VERIFY_PARAM(void) { #if defined(OPENSSL_EXTRA) X509_VERIFY_PARAM *paramTo; X509_VERIFY_PARAM *paramFrom; int ret; char testIPv4[] = "127.0.0.1"; char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32"; char testhostName1[] = "foo.hoge.com"; char testhostName2[] = "foobar.hoge.com"; printf(testingFmt, "wolfSSL_X509()"); paramTo = X509_VERIFY_PARAM_new(); AssertNotNull(paramTo); XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM )); paramFrom = X509_VERIFY_PARAM_new(); AssertNotNull(paramFrom); XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM )); ret = X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1, (int)XSTRLEN(testhostName1)); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1, (int)XSTRLEN(testhostName1))); X509_VERIFY_PARAM_set_hostflags(NULL, 0x00); X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01); AssertIntEQ(0x01, paramFrom->hostFlags); ret = X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4); AssertIntEQ(0, ret); ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL); AssertIntEQ(1, ret); ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* null pointer */ ret = X509_VERIFY_PARAM_set1(NULL, paramFrom); AssertIntEQ(WOLFSSL_FAILURE, ret); /* in the case of "from" null, returns success */ ret = X509_VERIFY_PARAM_set1(paramTo, NULL); AssertIntEQ(WOLFSSL_SUCCESS, ret); ret = X509_VERIFY_PARAM_set1(NULL, NULL); AssertIntEQ(WOLFSSL_FAILURE, ret); /* inherit flags test : VPARAM_DEFAULT */ ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, (int)XSTRLEN(testhostName1))); AssertIntEQ(0x01, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* inherit flags test : VPARAM OVERWRITE */ X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, (int)XSTRLEN(testhostName2)); X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4); X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, (int)XSTRLEN(testhostName1))); AssertIntEQ(0x01, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* inherit flags test : VPARAM_RESET_FLAGS */ X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, (int)XSTRLEN(testhostName2)); X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4); X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10); paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS; ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, (int)XSTRLEN(testhostName1))); AssertIntEQ(0x01, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* inherit flags test : VPARAM_LOCKED */ X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, (int)XSTRLEN(testhostName2)); X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4); X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); paramTo->inherit_flags = X509_VP_FLAG_LOCKED; ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2, (int)XSTRLEN(testhostName2))); AssertIntEQ(0x00, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); /* test for incorrect parameters */ ret = X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL ); AssertIntEQ(0, ret); ret = X509_VERIFY_PARAM_set_flags(NULL, 0 ); AssertIntEQ(0, ret); /* inherit flags test : VPARAM_ONCE, not testable yet */ ret = X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL); AssertIntEQ(1, ret); ret = X509_VERIFY_PARAM_get_flags(paramTo); AssertIntEQ(X509_V_FLAG_CRL_CHECK_ALL, ret); ret = X509_VERIFY_PARAM_clear_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL); AssertIntEQ(1, ret); ret = X509_VERIFY_PARAM_get_flags(paramTo); AssertIntEQ(0, ret); X509_VERIFY_PARAM_free(paramTo); X509_VERIFY_PARAM_free(paramFrom); X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */ printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_get_X509_PUBKEY(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) X509* x509 = NULL; X509_PUBKEY* pubKey; printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY"); AssertNotNull(x509 = X509_new()); AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL)); AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509)); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_PUBKEY_RSA(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_SHA256) && !defined(NO_RSA) X509* x509 = NULL; ASN1_OBJECT* obj = NULL; const ASN1_OBJECT* pa_oid = NULL; X509_PUBKEY* pubKey; X509_PUBKEY* pubKey2; EVP_PKEY* evpKey; const unsigned char *pk; int ppklen, pptype; X509_ALGOR *pa; const void *pval; printf(testingFmt, "wolfSSL_X509_PUBKEY_RSA"); AssertNotNull(x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509)); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); AssertNotNull(pk); AssertNotNull(pa); AssertNotNull(pubKey); AssertIntGT(ppklen, 0); AssertIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption); AssertNotNull(evpKey = X509_PUBKEY_get(pubKey)); AssertNotNull(pubKey2 = X509_PUBKEY_new()); AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); AssertNotNull(pk); AssertNotNull(pa); AssertIntGT(ppklen, 0); X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); AssertNotNull(pa_oid); AssertNull(pval); AssertIntEQ(pptype, V_ASN1_NULL); AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA); X509_PUBKEY_free(pubKey2); X509_free(x509); EVP_PKEY_free(evpKey); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_PUBKEY_EC(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC) X509* x509 = NULL; ASN1_OBJECT* obj = NULL; ASN1_OBJECT* poid; const ASN1_OBJECT* pa_oid = NULL; X509_PUBKEY* pubKey; X509_PUBKEY* pubKey2; EVP_PKEY* evpKey; const unsigned char *pk; int ppklen, pptype; X509_ALGOR *pa; const void *pval; char buf[50]; printf(testingFmt, "wolfSSL_X509_PUBKEY_EC"); AssertNotNull(x509 = X509_load_certificate_file(cliEccCertFile, SSL_FILETYPE_PEM)); AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509)); AssertNotNull(evpKey = X509_PUBKEY_get(pubKey)); AssertNotNull(pubKey2 = X509_PUBKEY_new()); AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); AssertNotNull(pk); AssertNotNull(pa); AssertIntGT(ppklen, 0); X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); AssertNotNull(pa_oid); AssertNotNull(pval); AssertIntEQ(pptype, V_ASN1_OBJECT); AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC); poid = (ASN1_OBJECT *)pval; AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0); AssertIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1); X509_PUBKEY_free(pubKey2); X509_free(x509); EVP_PKEY_free(evpKey); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_PUBKEY_DSA(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA) word32 bytes; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ const unsigned char* dsaKeyDer = tmp; ASN1_OBJECT* obj = NULL; ASN1_STRING* str; const ASN1_OBJECT* pa_oid = NULL; X509_PUBKEY* pubKey = NULL; EVP_PKEY* evpKey = NULL; const unsigned char *pk; int ppklen, pptype; X509_ALGOR *pa; const void *pval; printf(testingFmt, "wolfSSL_X509_PUBKEY_DSA"); /* Initialize pkey with der format dsa key */ AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes)); AssertNotNull(pubKey = X509_PUBKEY_new()); AssertIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); AssertNotNull(pk); AssertNotNull(pa); AssertIntGT(ppklen, 0); X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); AssertNotNull(pa_oid); AssertNotNull(pval); AssertIntEQ(pptype, V_ASN1_SEQUENCE); AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA); str = (ASN1_STRING *)pval; #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(ASN1_STRING_length(str), 291); #else AssertIntEQ(ASN1_STRING_length(str), 549); #endif /* END USE_CERT_BUFFERS_1024 */ X509_PUBKEY_free(pubKey); EVP_PKEY_free(evpKey); printf(resultFmt, passed); #endif } static void test_wolfSSL_RAND(void) { #if defined(OPENSSL_EXTRA) byte seed[16]; printf(testingFmt, "wolfSSL_RAND()"); RAND_seed(seed, sizeof(seed)); AssertIntEQ(RAND_poll(), 1); RAND_cleanup(); AssertIntEQ(RAND_egd(NULL), -1); #ifndef NO_FILESYSTEM { char fname[100]; AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1))); AssertIntEQ(RAND_write_file(NULL), 0); } #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_BUF(void) { #if defined(OPENSSL_EXTRA) BUF_MEM* buf; AssertNotNull(buf = BUF_MEM_new()); AssertIntEQ(BUF_MEM_grow(buf, 10), 10); AssertIntEQ(BUF_MEM_grow(buf, -1), 0); BUF_MEM_free(buf); #endif /* OPENSSL_EXTRA */ } #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) static int stub_rand_seed(const void *buf, int num) { (void)buf; (void)num; return 123; } static int stub_rand_bytes(unsigned char *buf, int num) { (void)buf; (void)num; return 456; } static byte* was_stub_rand_cleanup_called(void) { static byte was_called = 0; return &was_called; } static void stub_rand_cleanup(void) { byte* was_called = was_stub_rand_cleanup_called(); *was_called = 1; return; } static byte* was_stub_rand_add_called(void) { static byte was_called = 0; return &was_called; } static int stub_rand_add(const void *buf, int num, double entropy) { byte* was_called = was_stub_rand_add_called(); (void)buf; (void)num; (void)entropy; *was_called = 1; return 0; } static int stub_rand_pseudo_bytes(unsigned char *buf, int num) { (void)buf; (void)num; return 9876; } static int stub_rand_status(void) { return 5432; } #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ static void test_wolfSSL_RAND_set_rand_method(void) { #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; unsigned char* buf = NULL; int num = 0; double entropy = 0; byte* was_cleanup_called = was_stub_rand_cleanup_called(); byte* was_add_called = was_stub_rand_add_called(); printf(testingFmt, "wolfSSL_RAND_set_rand_method()"); buf = (byte*)XMALLOC(32 * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertIntNE(wolfSSL_RAND_status(), 5432); AssertIntEQ(*was_cleanup_called, 0); RAND_cleanup(); AssertIntEQ(*was_cleanup_called, 0); rand_methods.seed = &stub_rand_seed; rand_methods.bytes = &stub_rand_bytes; rand_methods.cleanup = &stub_rand_cleanup; rand_methods.add = &stub_rand_add; rand_methods.pseudorand = &stub_rand_pseudo_bytes; rand_methods.status = &stub_rand_status; AssertIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); AssertIntEQ(RAND_seed(buf, num), 123); AssertIntEQ(RAND_bytes(buf, num), 456); AssertIntEQ(RAND_pseudo_bytes(buf, num), 9876); AssertIntEQ(RAND_status(), 5432); AssertIntEQ(*was_add_called, 0); /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */ RAND_add(buf, num, entropy); AssertIntEQ(*was_add_called, 1); was_add_called = 0; AssertIntEQ(*was_cleanup_called, 0); RAND_cleanup(); AssertIntEQ(*was_cleanup_called, 1); *was_cleanup_called = 0; AssertIntEQ(RAND_set_rand_method(NULL), WOLFSSL_SUCCESS); AssertIntNE(RAND_status(), 5432); AssertIntEQ(*was_cleanup_called, 0); RAND_cleanup(); AssertIntEQ(*was_cleanup_called, 0); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ } static void test_wolfSSL_RAND_bytes(void) { #if defined(OPENSSL_EXTRA) const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */ const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */ const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */ const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */ int max_bufsize; byte *my_buf; printf(testingFmt, "test_wolfSSL_RAND_bytes()"); /* sanity check */ AssertIntEQ(RAND_bytes(NULL, 16), 0); AssertIntEQ(RAND_bytes(NULL, 0), 0); max_bufsize = size4; my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertIntEQ(RAND_bytes(my_buf, 0), 1); AssertIntEQ(RAND_bytes(my_buf, -1), 0); AssertNotNull(my_buf); XMEMSET(my_buf, 0, max_bufsize); AssertIntEQ(RAND_bytes(my_buf, size1), 1); AssertIntEQ(RAND_bytes(my_buf, size2), 1); AssertIntEQ(RAND_bytes(my_buf, size3), 1); AssertIntEQ(RAND_bytes(my_buf, size4), 1); XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); printf(resultFmt, passed); #endif } static void test_wolfSSL_BN_rand(void) { #if defined(OPENSSL_EXTRA) BIGNUM* bn; printf(testingFmt, "wolfSSL_BN_rand()"); AssertNotNull(bn = BN_new()); AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS); BN_free(bn); AssertNotNull(bn = BN_new()); AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS); BN_free(bn); AssertNotNull(bn = BN_new()); AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS); BN_free(bn); printf(resultFmt, passed); #endif } static void test_wolfSSL_pseudo_rand(void) { #if defined(OPENSSL_EXTRA) BIGNUM* bn; unsigned char bin[8]; int i; printf(testingFmt, "wolfSSL_pseudo_rand()"); /* BN_pseudo_rand returns 1 on success 0 on failure * int BN_pseudo_rand(BIGNUM* bn, int bits, int top, int bottom) */ for (i = 0; i < 10; i++) { AssertNotNull(bn = BN_new()); AssertIntEQ(BN_pseudo_rand(bn, 8, 0, 0), SSL_SUCCESS); AssertIntGT(BN_bn2bin(bn, bin),0); AssertIntEQ((bin[0] & 0x80), 0x80); /* top bit should be set */ BN_free(bn); } for (i = 0; i < 10; i++) { AssertNotNull(bn = BN_new()); AssertIntEQ(BN_pseudo_rand(bn, 8, 1, 1), SSL_SUCCESS); AssertIntGT(BN_bn2bin(bn, bin),0); AssertIntEQ((bin[0] & 0xc1), 0xc1); /* top bit should be set */ BN_free(bn); } printf(resultFmt, passed); #endif } static void test_wolfSSL_PKCS8_Compat(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) #ifndef NO_BIO PKCS8_PRIV_KEY_INFO* pt; BIO* bio; XFILE f; int bytes; char pkcs8_buffer[512]; #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) EVP_PKEY *pkey = NULL; #endif printf(testingFmt, "wolfSSL_pkcs8()"); /* file from wolfssl/certs/ directory */ f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb"); AssertTrue(f != XBADFILE); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0); XFCLOSE(f); AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL)); #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) AssertNotNull(pkey = EVP_PKCS82PKEY(pt)); AssertIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC); /* gets PKCS8 pointer to pkey */ AssertNotNull(EVP_PKEY2PKCS8(pkey)); EVP_PKEY_free(pkey); #endif BIO_free(bio); PKCS8_PRIV_KEY_INFO_free(pt); printf(resultFmt, passed); #endif #endif } static void test_wolfSSL_PKCS8_d2i(void) { #if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA) /* This test ends up using HMAC as a part of PBKDF2, and HMAC * requires a 12 byte password in FIPS mode. This test ends up * trying to use an 8 byte password. */ #ifndef NO_FILESYSTEM unsigned char pkcs8_buffer[2048]; const unsigned char* p; int bytes; XFILE file; WOLFSSL_EVP_PKEY* pkey = NULL; #ifndef NO_BIO BIO* bio; #if defined(OPENSSL_ALL) && \ ((!defined(NO_RSA) && !defined(NO_DES3)) || \ defined(HAVE_ECC)) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) WOLFSSL_EVP_PKEY* evpPkey = NULL; #endif #endif #ifndef NO_RSA const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der"; const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem"; #ifndef NO_DES3 const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der"; #endif #endif /* NO_RSA */ #ifdef HAVE_ECC const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der"; const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem"; #ifndef NO_DES3 const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der"; #endif #endif /* HAVE_ECC */ #endif /* !NO_FILESYSTEM */ #if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC)) #ifndef NO_RSA #ifdef USE_CERT_BUFFERS_1024 const unsigned char* rsa = (unsigned char*)server_key_der_1024; int rsaSz = sizeof_server_key_der_1024; #else const unsigned char* rsa = (unsigned char*)server_key_der_2048; int rsaSz = sizeof_server_key_der_2048; #endif #endif #ifdef HAVE_ECC const unsigned char* ec = (unsigned char*)ecc_key_der_256; int ecSz = sizeof_ecc_key_der_256; #endif #endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */ #ifndef NO_FILESYSTEM (void)pkcs8_buffer; (void)p; (void)bytes; (void)file; #ifndef NO_BIO (void)bio; #endif #endif #ifdef OPENSSL_ALL #ifndef NO_RSA /* Try to auto-detect normal RSA private key */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz)); EVP_PKEY_free(pkey); #endif #ifdef HAVE_ECC /* Try to auto-detect normal EC private key */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz)); EVP_PKEY_free(pkey); #endif #endif /* OPENSSL_ALL */ #ifndef NO_FILESYSTEM #ifndef NO_RSA /* Get DER encoded RSA PKCS#8 data. */ file = XFOPEN(rsaDerPkcs8File, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); p = pkcs8_buffer; #ifdef OPENSSL_ALL /* Try to decode - auto-detect key type. */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); #else AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes)); #endif /* Get PEM encoded RSA PKCS#8 data. */ file = XFOPEN(rsaPemPkcs8File, "rb"); AssertTrue(file != XBADFILE); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), bytes); /* Compare file and written data */ AssertIntEQ(BIO_get_mem_data(bio, &p), bytes); AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); BIO_free(bio); #ifndef NO_DES3 AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write Encrypted PKCS#8 PEM to BIO. */ bytes = 1834; AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(), NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(evpPkey); BIO_free(bio); #endif /* !NO_DES3 */ #endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ EVP_PKEY_free(pkey); /* PKCS#8 encrypted RSA key */ #ifndef NO_DES3 file = XFOPEN(rsaDerPkcs8EncFile, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(pkey); BIO_free(bio); #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ #endif /* !NO_DES3 */ #endif /* NO_RSA */ #ifdef HAVE_ECC /* PKCS#8 encode EC key */ file = XFOPEN(ecDerPkcs8File, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); p = pkcs8_buffer; #ifdef OPENSSL_ALL /* Try to decode - auto-detect key type. */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); #else AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes)); #endif /* Get PEM encoded RSA PKCS#8 data. */ file = XFOPEN(ecPemPkcs8File, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \ defined(HAVE_AES_CBC) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), bytes); /* Compare file and written data */ AssertIntEQ(BIO_get_mem_data(bio, &p), bytes); AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); BIO_free(bio); AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write Encrypted PKCS#8 PEM to BIO. */ bytes = 379; AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(), NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(evpPkey); BIO_free(bio); #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */ EVP_PKEY_free(pkey); /* PKCS#8 encrypted EC key */ #ifndef NO_DES3 file = XFOPEN(ecDerPkcs8EncFile, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(pkey); BIO_free(bio); #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ #endif /* !NO_DES3 */ #endif /* HAVE_ECC */ #endif /* !NO_FILESYSTEM */ printf(resultFmt, passed); #endif /* HAVE_FIPS && OPENSSL_EXTRA */ } #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \ defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) #define LOGGING_THREADS 5 #define ERROR_COUNT 10 static volatile int loggingThreadsReady; static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args) { const char* file; int line; int err; int errorCount = 0; int i; (void)args; while (!loggingThreadsReady); for (i = 0; i < ERROR_COUNT; i++) ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__); while ((err = ERR_get_error_line(&file, &line))) { AssertIntEQ(err, 990 + errorCount); errorCount++; } AssertIntEQ(errorCount, ERROR_COUNT); /* test max queue behavior, trying to add an arbitrary 3 errors over */ errorCount = 0; for (i = 0; i < ERROR_QUEUE_MAX + 3; i++) ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__); while ((err = ERR_get_error_line(&file, &line))) { AssertIntEQ(err, 990 + errorCount); errorCount++; } /* test that the 3 errors over the max were dropped */ AssertIntEQ(errorCount, ERROR_QUEUE_MAX); return 0; } #endif static void test_error_queue_per_thread(void) { #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \ defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) THREAD_TYPE loggingThreads[LOGGING_THREADS]; int i; printf(testingFmt, "error_queue_per_thread()"); ERR_clear_error(); /* clear out any error nodes */ loggingThreadsReady = 0; for (i = 0; i < LOGGING_THREADS; i++) start_thread(test_logging, NULL, &loggingThreads[i]); loggingThreadsReady = 1; for (i = 0; i < LOGGING_THREADS; i++) join_thread(loggingThreads[i]); printf(resultFmt, passed); #endif } static void test_wolfSSL_ERR_put_error(void) { #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) const char* file; int line; printf(testingFmt, "wolfSSL_ERR_put_error()"); ERR_clear_error(); /* clear out any error nodes */ ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0); AssertIntEQ(ERR_get_error_line(&file, &line), 0); ERR_put_error(0,SYS_F_BIND, 1, "this file", 1); AssertIntEQ(ERR_get_error_line(&file, &line), 1); ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2); AssertIntEQ(ERR_get_error_line(&file, &line), 2); ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3); AssertIntEQ(ERR_get_error_line(&file, &line), 3); ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4); AssertIntEQ(ERR_get_error_line(&file, &line), 4); ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5); AssertIntEQ(ERR_get_error_line(&file, &line), 5); ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6); AssertIntEQ(ERR_get_error_line(&file, &line), 6); ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7); AssertIntEQ(ERR_get_error_line(&file, &line), 7); ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8); AssertIntEQ(ERR_get_error_line(&file, &line), 8); ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9); AssertIntEQ(ERR_get_error_line(&file, &line), 9); ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10); AssertIntEQ(ERR_get_error_line(&file, &line), 10); ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11); AssertIntEQ(ERR_get_error_line(&file, &line), 11); ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12); AssertIntEQ(ERR_get_error_line(&file, &line), 12); ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13); AssertIntEQ(ERR_get_error_line(&file, &line), 13); ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14); AssertIntEQ(ERR_get_error_line(&file, &line), 14); ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15); AssertIntEQ(ERR_get_error_line(&file, &line), 15); #ifdef WOLFSSL_PYTHON ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG, "this file", 100); AssertIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line), (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG); AssertIntEQ(line, 100); AssertIntEQ(wolfSSL_ERR_peek_error(), (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG); AssertIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG); #endif /* try reading past end of error queue */ file = NULL; AssertIntEQ(ERR_get_error_line(&file, &line), 0); AssertNull(file); AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0); PEMerr(4,4); AssertIntEQ(ERR_get_error(), 4); /* Empty and free up all error nodes */ ERR_clear_error(); /* Verify all nodes are cleared */ ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0); ERR_clear_error(); AssertIntEQ(ERR_get_error_line(&file, &line), 0); printf(resultFmt, passed); #endif } #ifndef NO_BIO static void test_wolfSSL_ERR_print_errors(void) { #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS) BIO* bio; char buf[1024]; printf(testingFmt, "wolfSSL_ERR_print_errors()"); AssertNotNull(bio = BIO_new(BIO_s_mem())); ERR_clear_error(); /* clear out any error nodes */ ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0); /* Choosing -299 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */ ERR_put_error(0,SYS_F_BIND, -299, "asn.c", 100); ERR_print_errors(bio); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56); AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0", buf, 55), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57); AssertIntEQ(XSTRNCMP("error:299:wolfSSL library:unknown error number:asn.c:100", buf, 56), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1); AssertIntEQ(buf[0], '\0'); AssertIntEQ(ERR_get_error_line(NULL, NULL), 0); BIO_free(bio); printf(resultFmt, passed); #endif } #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) static int test_wolfSSL_error_cb(const char *str, size_t len, void *u) { wolfSSL_BIO_write((BIO*)u, str, (int)len); return 0; } #endif static void test_wolfSSL_ERR_print_errors_cb(void) { #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) BIO* bio; char buf[1024]; printf(testingFmt, "wolfSSL_ERR_print_errors_cb()"); AssertNotNull(bio = BIO_new(BIO_s_mem())); ERR_clear_error(); /* clear out any error nodes */ ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0); ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100); ERR_print_errors_cb(test_wolfSSL_error_cb, bio); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108); AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c", buf, 53), 0); AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c", buf + 53, 55), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0); BIO_free(bio); printf(resultFmt, passed); #endif } /* * Testing WOLFSSL_ERROR_MSG */ static int test_WOLFSSL_ERROR_MSG (void) { int ret = 0; #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) const char* msg = TEST_STRING; printf(testingFmt, "WOLFSSL_ERROR_MSG()"); WOLFSSL_ERROR_MSG(msg); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/*End test_WOLFSSL_ERROR_MSG*/ /* * Testing wc_ERR_remove_state */ static int test_wc_ERR_remove_state (void) { int ret = 0; #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) printf(testingFmt, "wc_ERR_remove_state()"); wc_ERR_remove_state(); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/*End test_wc_ERR_remove_state*/ /* * Testing wc_ERR_print_errors_fp */ static int test_wc_ERR_print_errors_fp (void) { int ret = 0; #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \ (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) long sz; printf(testingFmt, "wc_ERR_print_errors_fp()"); WOLFSSL_ERROR(BAD_FUNC_ARG); XFILE fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar"); wc_ERR_print_errors_fp(fp); #if defined(DEBUG_WOLFSSL) AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0); sz = XFTELL(fp); #ifdef NO_ERROR_QUEUE /* File should be empty when NO_ERROR_QUEUE is defined */ if (sz != 0) { ret = BAD_FUNC_ARG; } #else if (sz == 0) { ret = BAD_FUNC_ARG; } #endif #endif printf(resultFmt, ret == 0 ? passed : failed); XFCLOSE(fp); (void)sz; #endif return ret; }/*End test_wc_ERR_print_errors_fp*/ #ifdef DEBUG_WOLFSSL static void Logging_cb(const int logLevel, const char *const logMessage) { (void)logLevel; (void)logMessage; } #endif /* * Testing wolfSSL_GetLoggingCb */ static int test_wolfSSL_GetLoggingCb (void) { int ret = 0; printf(testingFmt, "wolfSSL_GetLoggingCb()"); #ifdef DEBUG_WOLFSSL /* Testing without wolfSSL_SetLoggingCb() */ if (ret == 0) { if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */ ret = 0; } if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */ ret = -1; } } /* Testing with wolfSSL_SetLoggingCb() */ if (ret == 0) { ret = wolfSSL_SetLoggingCb(Logging_cb); if (ret == 0){ if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */ ret = -1; } if (ret == 0) { if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */ ret = 0; } } /* reset logging callback */ wolfSSL_SetLoggingCb(NULL); } } #endif if (ret == 0) { if (wolfSSL_GetLoggingCb() != NULL) { ret = -1; } } printf(resultFmt, ret == 0 ? passed : failed); return ret; }/*End test_wolfSSL_GetLoggingCb*/ #endif /* !NO_BIO */ #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \ defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \ defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)) static void test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len) { static const unsigned char key[] = "simple test key"; HMAC_CTX* hmac; ENGINE* e = NULL; unsigned char hash[WC_MAX_DIGEST_SIZE]; unsigned int len; AssertNotNull(hmac = HMAC_CTX_new()); HMAC_CTX_init(hmac); AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), SSL_SUCCESS); /* re-using test key as data to hash */ AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS); AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS); AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS); AssertIntEQ(len, md_len); AssertIntEQ(HMAC_size(hmac), md_len); AssertStrEQ(HMAC_CTX_get_md(hmac), md); HMAC_cleanup(hmac); HMAC_CTX_free(hmac); len = 0; AssertNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len)); AssertIntEQ(len, md_len); } #endif static void test_wolfSSL_HMAC(void) { #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \ defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \ defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)) printf(testingFmt, "wolfSSL_HMAC()"); #ifndef NO_SHA256 test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA224 test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA384 test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA512 test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 test_openssl_hmac(EVP_sha3_224(), (int)WC_SHA3_224_DIGEST_SIZE); #endif #ifndef WOLFSSL_NOSHA3_256 test_openssl_hmac(EVP_sha3_256(), (int)WC_SHA3_256_DIGEST_SIZE); #endif #ifndef WOLFSSL_NOSHA3_384 test_openssl_hmac(EVP_sha3_384(), (int)WC_SHA3_384_DIGEST_SIZE); #endif #ifndef WOLFSSL_NOSHA3_512 test_openssl_hmac(EVP_sha3_512(), (int)WC_SHA3_512_DIGEST_SIZE); #endif #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_CMAC(void) { #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_AES_DIRECT) int i; byte key[AES_128_KEY_SIZE]; CMAC_CTX* cmacCtx = NULL; byte out[AES_BLOCK_SIZE]; size_t outLen = AES_BLOCK_SIZE; printf(testingFmt, "test_wolfSSL_CMAC()"); for (i=0; i < AES_128_KEY_SIZE; ++i) { key[i] = i; } AssertNotNull(cmacCtx = CMAC_CTX_new()); /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */ AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx)); AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(), NULL), SSL_SUCCESS); /* re-using test key as data to hash */ AssertIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), SSL_SUCCESS); AssertIntEQ(CMAC_Update(cmacCtx, NULL, 0), SSL_SUCCESS); AssertIntEQ(CMAC_Final(cmacCtx, out, &outLen), SSL_SUCCESS); AssertIntEQ(outLen, AES_BLOCK_SIZE); CMAC_CTX_free(cmacCtx); printf(resultFmt, passed); #endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */ } static void test_wolfSSL_OBJ(void) { /* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS * mode */ #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \ !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \ defined(WOLFSSL_CERT_GEN) ASN1_OBJECT *obj = NULL; char buf[50]; XFILE fp; X509 *x509 = NULL; X509_NAME *x509Name; X509_NAME_ENTRY *x509NameEntry; ASN1_OBJECT *asn1Name = NULL; int numNames; BIO *bio = NULL; int nid; int i, j; const char *f[] = { #ifndef NO_RSA "./certs/ca-cert.der", #endif #ifdef HAVE_ECC "./certs/ca-ecc-cert.der", "./certs/ca-ecc384-cert.der", #endif NULL}; ASN1_OBJECT *field_name_obj = NULL; int lastpos = -1; int tmp = -1; ASN1_STRING *asn1 = NULL; unsigned char *buf_dyn = NULL; printf(testingFmt, "wolfSSL_OBJ()"); AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE); AssertNotNull(obj = OBJ_nid2obj(NID_any_policy)); AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy); AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11); AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); ASN1_OBJECT_free(obj); AssertNotNull(obj = OBJ_nid2obj(NID_sha256)); AssertIntEQ(OBJ_obj2nid(obj), NID_sha256); AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22); #ifdef WOLFSSL_CERT_EXT AssertIntEQ(OBJ_txt2nid(buf), NID_sha256); #endif AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); ASN1_OBJECT_free(obj); for (i = 0; f[i] != NULL; i++) { AssertTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE); AssertNotNull(x509 = d2i_X509_fp(fp, NULL)); XFCLOSE(fp); AssertNotNull(x509Name = X509_get_issuer_name(x509)); AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); /* Get the Common Name by using OBJ_txt2obj */ AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0)); do { lastpos = tmp; tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos); } while (tmp > -1); AssertIntNE(lastpos, -1); ASN1_OBJECT_free(field_name_obj); AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos)); AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry)); AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0); /* * All Common Names should be www.wolfssl.com * This makes testing easier as we can test for the expected value. */ AssertStrEQ((char*)buf_dyn, "www.wolfssl.com"); OPENSSL_free(buf_dyn); bio = BIO_new(BIO_s_mem()); AssertTrue(bio != NULL); for (j = 0; j < numNames; j++) { AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0); } BIO_free(bio); X509_free(x509); } #ifdef HAVE_PKCS12 { PKCS12 *p12; int boolRet; EVP_PKEY *pkey = NULL; const char *p12_f[] = { #if !defined(NO_DES3) && !defined(NO_RSA) "./certs/test-servercert.p12", #endif NULL}; for (i = 0; p12_f[i] != NULL; i++) { AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE); AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL)); XFCLOSE(fp); AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0); wc_PKCS12_free(p12); EVP_PKEY_free(pkey); x509Name = X509_get_issuer_name(x509); AssertNotNull(x509Name); AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL); for (j = 0; j < numNames; j++) { AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0); } BIO_free(bio); X509_free(x509); } } #endif /* HAVE_PKCS12 */ printf(resultFmt, passed); #endif } static void test_wolfSSL_i2a_ASN1_OBJECT(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) ASN1_OBJECT *obj = NULL; BIO *bio = NULL; AssertNotNull(obj = OBJ_nid2obj(NID_sha256)); AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL); AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0); AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0); AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0); BIO_free(bio); ASN1_OBJECT_free(obj); #endif } static void test_wolfSSL_OBJ_cmp(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) ASN1_OBJECT *obj = NULL; ASN1_OBJECT *obj2 = NULL; printf(testingFmt, "wolfSSL_OBJ_cmp()"); AssertNotNull(obj = OBJ_nid2obj(NID_any_policy)); AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256)); AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(obj, obj), 0); AssertIntEQ(OBJ_cmp(obj2, obj2), 0); ASN1_OBJECT_free(obj); ASN1_OBJECT_free(obj2); printf(resultFmt, passed); #endif } static void test_wolfSSL_OBJ_txt2nid(void) { #if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD) int i; static const struct { const char* sn; const char* ln; const char* oid; int nid; } testVals[] = { { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature }, { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7", NID_id_on_dnsSRV }, { "msUPN", "Microsoft User Principal Name", "1.3.6.1.4.1.311.20.2.3", NID_ms_upn }, { NULL, NULL, NULL, NID_undef } }; printf(testingFmt, "wolfSSL_OBJ_txt2nid()"); /* Invalid cases */ AssertIntEQ(OBJ_txt2nid(NULL), NID_undef); AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef); /* Valid cases */ for (i = 0; testVals[i].sn != NULL; i++) { AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid); AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid); AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid); } printf(resultFmt, passed); #endif } static void test_wolfSSL_OBJ_txt2obj(void) { #if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) int i; char buf[50]; ASN1_OBJECT* obj; static const struct { const char* oidStr; const char* sn; const char* ln; } objs_list[] = { #if defined(WOLFSSL_APACHE_HTTPD) { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" }, { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" }, #endif { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"}, { NULL, NULL, NULL } }; printf(testingFmt, "wolfSSL_OBJ_txt2obj()"); AssertNull(obj = OBJ_txt2obj("Bad name", 0)); AssertNull(obj = OBJ_txt2obj(NULL, 0)); for (i = 0; objs_list[i].oidStr != NULL; i++) { /* Test numerical value of oid (oidStr) */ AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1)); /* Convert object back to text to confirm oid is correct */ wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); ASN1_OBJECT_free(obj); XMEMSET(buf, 0, sizeof(buf)); /* Test short name (sn) */ AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1)); AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0)); /* Convert object back to text to confirm oid is correct */ wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); ASN1_OBJECT_free(obj); XMEMSET(buf, 0, sizeof(buf)); /* Test long name (ln) - should fail when no_name = 1 */ AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1)); AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0)); /* Convert object back to text to confirm oid is correct */ wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); ASN1_OBJECT_free(obj); XMEMSET(buf, 0, sizeof(buf)); } printf(resultFmt, passed); #endif } static void test_wolfSSL_i2t_ASN1_OBJECT(void) { #if defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) char buf[50] = {0}; ASN1_OBJECT* obj; const char* oid = "2.5.29.19"; const char* ln = "X509v3 Basic Constraints"; printf(testingFmt, "test_wolfSSL_i2t_ASN1_OBJECT()"); obj = NULL; AssertIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), WOLFSSL_FAILURE); AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), WOLFSSL_FAILURE); AssertIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), WOLFSSL_FAILURE); AssertNotNull(obj = OBJ_txt2obj(oid, 0)); XMEMSET(buf, 0, sizeof(buf)); AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln)); AssertIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0); ASN1_OBJECT_free(obj); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */ } static void test_wolfSSL_PEM_write_bio_X509(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) /* This test contains the hard coded expected * lengths. Update if necessary */ BIO* input; BIO* output; X509* x509 = NULL; int expectedLen; printf(testingFmt, "wolfSSL_PEM_write_bio_X509()"); AssertNotNull(input = BIO_new_file( "certs/test/cert-ext-multiple.pem", "rb")); AssertIntEQ(wolfSSL_BIO_get_len(input), 2000); AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); AssertNotNull(PEM_read_bio_X509(input, &x509, NULL, NULL)); AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALT_NAMES /* Here we copy the validity struct from the original */ expectedLen = 2000; #else /* Only difference is that we generate the validity in generalized * time. Generating UTCTime vs Generalized time should be fixed in * the future */ expectedLen = 2004; #endif AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen); /* Reset output buffer */ BIO_free(output); AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); /* Test forcing the AKID to be generated just from KeyIdentifier */ if (x509->authKeyIdSrc != NULL) { XMEMMOVE(x509->authKeyIdSrc, x509->authKeyId, x509->authKeyIdSz); x509->authKeyId = x509->authKeyIdSrc; x509->authKeyIdSrc = NULL; x509->authKeyIdSrcSz = 0; } AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS); /* Check that we generate a smaller output since the AKID will * only contain the KeyIdentifier without any additional * information */ #ifdef WOLFSSL_ALT_NAMES /* Here we copy the validity struct from the original */ expectedLen = 1688; #else /* UTCTime vs Generalized time */ expectedLen = 1692; #endif AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen); X509_free(x509); BIO_free(input); BIO_free(output); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_NAME_ENTRY(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) X509* x509; #ifndef NO_BIO BIO* bio; #endif X509_NAME* nm; X509_NAME_ENTRY* entry; unsigned char cn[] = "another name to add"; printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); #ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); #endif #ifdef WOLFSSL_CERT_REQ { X509_REQ* req; #ifndef NO_BIO BIO* bReq; #endif AssertNotNull(req = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); #ifndef NO_BIO AssertNotNull(bReq = BIO_new(BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); BIO_free(bReq); #endif X509_free(req); } #endif AssertNotNull(nm = X509_get_subject_name(x509)); /* Test add entry */ AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, 0x0c, cn, (int)sizeof(cn))); AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); #ifdef WOLFSSL_CERT_EXT AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); #endif X509_NAME_ENTRY_free(entry); #ifdef WOLFSSL_CERT_REQ { unsigned char srv_pkcs9p[] = "Server"; char* subject; AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType, MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS); subject = X509_NAME_oneline(nm, 0, 0); #ifdef DEBUG_WOLFSSL printf("\n\t%s\n", subject); #endif XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); } #endif /* Test add entry by text */ AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", 0x0c, cn, (int)sizeof(cn))); #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \ || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown", V_ASN1_UTF8STRING, cn, (int)sizeof(cn))); #endif AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); X509_NAME_ENTRY_free(entry); /* Test add entry by NID */ AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, cn, -1, -1, 0), SSL_SUCCESS); #ifndef NO_BIO BIO_free(bio); #endif X509_free(x509); /* free's nm */ printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_set_name(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) X509* x509; X509_NAME* name; printf(testingFmt, "wolfSSL_X509_set_name()"); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); AssertNotNull(x509 = X509_new()); AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE); AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE); AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); X509_free(x509); X509_NAME_free(name); printf(resultFmt, passed); #endif /* OPENSSL_ALL && !NO_CERTS */ } static void test_wolfSSL_X509_set_notAfter(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\ !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO) /* Generalized time will overflow time_t if not long */ X509* x; BIO* bio; ASN1_TIME *asn_time, *time_check; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; int offset_day; unsigned char buf[25]; time_t t; printf(testingFmt, "wolfSSL_X509_set_notAfter()"); /* * Setup asn_time. APACHE HTTPD uses time(NULL) */ t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day; offset_day = 7; /* * Free these. */ asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); AssertNotNull(asn_time); AssertNotNull(x = X509_new()); AssertNotNull(bio = BIO_new(BIO_s_mem())); /* * Tests */ AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time)); /* time_check is simply (ANS1_TIME*)x->notAfter */ AssertNotNull(time_check = X509_get_notAfter(x)); /* ANS1_TIME_check validates by checking if argument can be parsed */ AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); /* Convert to human readable format and compare to intended date */ AssertIntEQ(ASN1_TIME_print(bio, time_check), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0); /* * Cleanup */ XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); X509_free(x); BIO_free(bio); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_set_notBefore(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) X509* x; BIO* bio; ASN1_TIME *asn_time, *time_check; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; int offset_day; unsigned char buf[25]; time_t t; printf(testingFmt, "wolfSSL_X509_set_notBefore()"); /* * Setup asn_time. APACHE HTTPD uses time(NULL) */ t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day; offset_day = 7; /* * Free these. */ asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); AssertNotNull(asn_time); AssertNotNull(x = X509_new()); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS); /* * Main Tests */ AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time)); /* time_check == (ANS1_TIME*)x->notBefore */ AssertNotNull(time_check = X509_get_notBefore(x)); /* ANS1_TIME_check validates by checking if argument can be parsed */ AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); /* Convert to human readable format and compare to intended date */ AssertIntEQ(ASN1_TIME_print(bio, time_check), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); /* * Cleanup */ XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); X509_free(x); BIO_free(bio); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_set_version(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) X509* x509; long v = 2L; long maxInt = INT_MAX; AssertNotNull(x509 = X509_new()); /* These should pass. */ AssertTrue(wolfSSL_X509_set_version(x509, v)); AssertIntEQ(v, wolfSSL_X509_get_version(x509)); /* Fail Case: When v(long) is greater than x509->version(int). */ v = maxInt+1; AssertFalse(wolfSSL_X509_set_version(x509, v)); /* Cleanup */ X509_free(x509); printf(resultFmt, passed); #endif } #ifndef NO_BIO static void test_wolfSSL_BIO_gets(void) { #if defined(OPENSSL_EXTRA) BIO* bio; BIO* bio2; char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c"; char emp[] = ""; char bio_buffer[20]; int bufferSz = 20; printf(testingFmt, "wolfSSL_BIO_gets()"); /* try with bad args */ AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); /* try with real msg */ AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1)); XMEMSET(bio_buffer, 0, bufferSz); AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio()))); AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE)); AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO)); AssertFalse(bio2 != BIO_next(bio)); /* make buffer filled with no terminating characters */ XMEMSET(bio_buffer, 1, bufferSz); /* BIO_gets reads a line of data */ AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14); AssertStrEQ(bio_buffer, "hello wolfSSL\n"); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8); AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0); /* check not null terminated string */ BIO_free(bio); msg[0] = 0x33; msg[1] = 0x33; msg[2] = 0x33; AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3)); AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2); AssertIntEQ(bio_buffer[0], msg[0]); AssertIntEQ(bio_buffer[1], msg[1]); AssertIntNE(bio_buffer[2], msg[2]); BIO_free(bio); msg[3] = 0x33; bio_buffer[3] = 0x33; AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3)); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3); AssertIntEQ(bio_buffer[0], msg[0]); AssertIntEQ(bio_buffer[1], msg[1]); AssertIntEQ(bio_buffer[2], msg[2]); AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */ /* check reading an empty string */ BIO_free(bio); AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp))); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */ AssertStrEQ(emp, bio_buffer); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */ /* check error cases */ BIO_free(bio); AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */ #if !defined(NO_FILESYSTEM) { BIO* f_bio; XFILE f; AssertNotNull(f_bio = BIO_new(BIO_s_file())); AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0); f = XFOPEN(svrCertFile, "rb"); AssertTrue((f != XBADFILE)); AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS); AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0); BIO_free(f_bio); } #endif /* NO_FILESYSTEM */ BIO_free(bio); BIO_free(bio2); /* try with type BIO */ XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c", sizeof(msg)); AssertNotNull(bio = BIO_new(BIO_s_bio())); AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */ AssertNotNull(bio2 = BIO_new(BIO_s_bio())); AssertIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS); AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS); AssertIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS); AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg)); AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14); AssertStrEQ(bio_buffer, "hello wolfSSL\n"); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8); AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0); BIO_free(bio); BIO_free(bio2); /* check reading an empty string */ AssertNotNull(bio = BIO_new(BIO_s_bio())); AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */ AssertStrEQ(emp, bio_buffer); BIO_free(bio); printf(resultFmt, passed); #endif } static void test_wolfSSL_BIO_puts(void) { #if defined(OPENSSL_EXTRA) BIO* bio; char input[] = "hello\0world\n.....ok\n\0"; char output[128]; printf(testingFmt, "wolfSSL_BIO_puts()"); XMEMSET(output, 0, sizeof(output)); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_puts(bio, input), 5); AssertIntEQ(BIO_pending(bio), 5); AssertIntEQ(BIO_puts(bio, input + 6), 14); AssertIntEQ(BIO_pending(bio), 19); AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11); AssertStrEQ(output, "helloworld\n"); AssertIntEQ(BIO_pending(bio), 8); AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8); AssertStrEQ(output, ".....ok\n"); AssertIntEQ(BIO_pending(bio), 0); AssertIntEQ(BIO_puts(bio, ""), -1); BIO_free(bio); printf(resultFmt, passed); #endif } #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO) static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx) { (void)ssl; (void)buf; (void)sz; (void)ctx; return WOLFSSL_CBIO_ERR_WANT_READ; } #endif static void test_wolfSSL_BIO_should_retry(void) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO) tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); int ret; BIO* bio; printf(testingFmt, "wolfSSL_BIO_should_retry()"); XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* force retry */ ssl = wolfSSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); wolfSSL_SSLSetIORecv(ssl, forceWantRead); AssertNotNull(bio = BIO_new(BIO_f_ssl())); BIO_set_ssl(bio, ssl, BIO_CLOSE); AssertIntLE(BIO_write(bio, msg, msgSz), 0); AssertIntNE(BIO_should_retry(bio), 0); /* now perform successful connection */ wolfSSL_SSLSetIORecv(ssl, EmbedReceive); AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz); BIO_read(bio, reply, sizeof(reply)); ret = wolfSSL_get_error(ssl, -1); if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) { AssertIntNE(BIO_should_retry(bio), 0); } else { AssertIntEQ(BIO_should_retry(bio), 0); } AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!", XSTRLEN("I hear you fa shizzle!")), 0); BIO_free(bio); wolfSSL_CTX_free(ctx); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_BIO_connect(void) { #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT) tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; BIO *tcpBio; BIO *sslBio; SSL_CTX* ctx; SSL *ssl; SSL *sslPtr; char msg[] = "hello wolfssl!"; char reply[30]; char buff[10] = {0}; printf(testingFmt, "wolfSSL_BIO_new_connect()"); /* Setup server */ XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0); /* Start the test proper */ /* Setup the TCP BIO */ AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP)); AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1); /* Setup the SSL object */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); SSL_set_connect_state(ssl); /* Setup the SSL BIO */ AssertNotNull(sslBio = BIO_new(BIO_f_ssl())); AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1); /* Verify that BIO_get_ssl works. */ AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1); AssertPtrEq(ssl, sslPtr); /* Link BIO's so that sslBio uses tcpBio for IO */ AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio); /* Do TCP connect */ AssertIntEQ(BIO_do_connect(sslBio), 1); /* Do TLS handshake */ AssertIntEQ(BIO_do_handshake(sslBio), 1); /* Test writing */ AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); /* Expect length of default wolfSSL reply */ AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); /* Clean it all up */ BIO_free_all(sslBio); /* Server clean up */ join_thread(serverThread); FreeTcpReady(&ready); /* Run the same test, but use BIO_new_ssl_connect and set the IP and port * after. */ XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0); AssertNotNull(sslBio = BIO_new_ssl_connect(ctx)); AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1); AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1); AssertIntEQ(BIO_do_connect(sslBio), 1); AssertIntEQ(BIO_do_handshake(sslBio), 1); AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); /* Attempt to close the TLS connection gracefully. */ BIO_ssl_shutdown(sslBio); BIO_free_all(sslBio); join_thread(serverThread); FreeTcpReady(&ready); SSL_CTX_free(ctx); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif printf(resultFmt, passed); #endif } #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT) static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args) { BIO* clientBio; SSL* sslClient; SSL_CTX* ctx; char connectAddr[20]; /* IP + port */; (void)args; AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0); AssertNotNull(clientBio = BIO_new_connect(connectAddr)); AssertIntEQ(BIO_do_connect(clientBio), 1); AssertNotNull(ctx = SSL_CTX_new(SSLv23_method())); AssertNotNull(sslClient = SSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); SSL_set_bio(sslClient, clientBio, clientBio); AssertIntEQ(SSL_connect(sslClient), 1); SSL_free(sslClient); SSL_CTX_free(ctx); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif return 0; } #endif static void test_wolfSSL_BIO_accept(void) { #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT) BIO* serverBindBio; BIO* serverAcceptBio; SSL* sslServer; SSL_CTX* ctx; func_args args; THREAD_TYPE thread; char port[10]; /* 10 bytes should be enough to store the string * representation of the port */ printf(testingFmt, "wolfSSL_BIO_new_accept()"); AssertIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0); AssertNotNull(serverBindBio = BIO_new_accept(port)); /* First BIO_do_accept binds the port */ AssertIntEQ(BIO_do_accept(serverBindBio), 1); XMEMSET(&args, 0, sizeof(func_args)); start_thread(test_wolfSSL_BIO_accept_client, &args, &thread); AssertIntEQ(BIO_do_accept(serverBindBio), 1); /* Let's plug it into SSL to test */ AssertNotNull(ctx = SSL_CTX_new(SSLv23_method())); AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertNotNull(sslServer = SSL_new(ctx)); AssertNotNull(serverAcceptBio = BIO_pop(serverBindBio)); SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio); AssertIntEQ(SSL_accept(sslServer), 1); join_thread(thread); BIO_free(serverBindBio); SSL_free(sslServer); SSL_CTX_free(ctx); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_BIO_write(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) BIO* bio; BIO* bio64; BIO* ptr; int sz; char msg[] = "conversion test"; char out[40]; char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n"; void* bufPtr = NULL; BUF_MEM* buf = NULL; printf(testingFmt, "wolfSSL_BIO_write()"); AssertNotNull(bio64 = BIO_new(BIO_f_base64())); AssertNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem()))); /* now should convert to base64 then write to memory */ AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); BIO_flush(bio); /* test BIO chain */ AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf)); AssertNotNull(buf); AssertIntEQ(buf->length, 25); AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25); AssertPtrEq(buf->data, bufPtr); AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM)); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25); AssertIntEQ(XMEMCMP(out, expected, sz), 0); /* write then read should return the same message */ AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ(BIO_read(bio, out, sz), 16); AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0); /* now try encoding with no line ending */ BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL); #ifdef HAVE_EX_DATA BIO_set_ex_data(bio64, 0, (void*) "data"); AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0); #endif AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); BIO_flush(bio); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24); AssertIntEQ(XMEMCMP(out, expected, sz), 0); BIO_free_all(bio); /* frees bio64 also */ /* test with more than one bio64 in list */ AssertNotNull(bio64 = BIO_new(BIO_f_base64())); AssertNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64)); AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem()))); /* now should convert to base64 when stored and then decode with read */ AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25); BIO_flush(bio); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ((sz = BIO_read(bio, out, sz)), 16); AssertIntEQ(XMEMCMP(out, msg, sz), 0); BIO_clear_flags(bio64, ~0); BIO_set_retry_read(bio); BIO_free_all(bio); /* frees bio64s also */ printf(resultFmt, passed); #endif } static void test_wolfSSL_BIO_printf(void) { #if defined(OPENSSL_ALL) BIO* bio; int sz = 7; char msg[] = "TLS 1.3 for the world"; char out[60]; char expected[] = "TLS 1.3 for the world : sz = 7"; printf(testingFmt, "wolfSSL_BIO_printf()"); XMEMSET(out, 0, sizeof(out)); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30); AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR); AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30); AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0); BIO_free(bio); printf(resultFmt, passed); #endif } static void test_wolfSSL_BIO_f_md(void) { #if defined(OPENSSL_ALL) && !defined(NO_SHA256) BIO *bio, *mem; char msg[] = "message to hash"; char out[60]; EVP_MD_CTX* ctx; const unsigned char testKey[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; const char testData[] = "Hi There"; const unsigned char testResult[] = { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; const unsigned char expectedHash[] = { 0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60, 0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07, 0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4, 0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D }; const unsigned char emptyHash[] = { 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24, 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55 }; unsigned char check[sizeof(testResult) + 1]; size_t checkSz = -1; EVP_PKEY* key; printf(testingFmt, "wolfSSL_BIO_f_md()"); XMEMSET(out, 0, sizeof(out)); AssertNotNull(bio = BIO_new(BIO_f_md())); AssertNotNull(mem = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1); AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1); /* should not be able to write/read yet since just digest wrapper and no * data is passing through the bio */ AssertIntEQ(BIO_write(bio, msg, 0), 0); AssertIntEQ(BIO_pending(bio), 0); AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0); AssertIntEQ(BIO_gets(bio, out, 3), 0); AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32); AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0); BIO_reset(bio); /* append BIO mem to bio in order to read/write */ AssertNotNull(bio = BIO_push(bio, mem)); XMEMSET(out, 0, sizeof(out)); AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16); AssertIntEQ(BIO_pending(bio), 16); /* this just reads the message and does not hash it (gets calls final) */ AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16); AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0); /* create a message digest using BIO */ XMEMSET(out, 0, sizeof(out)); AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16); AssertIntEQ(BIO_pending(mem), 16); AssertIntEQ(BIO_pending(bio), 16); AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32); AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0); BIO_free(bio); BIO_free(mem); /* test with HMAC */ XMEMSET(out, 0, sizeof(out)); AssertNotNull(bio = BIO_new(BIO_f_md())); AssertNotNull(mem = BIO_new(BIO_s_mem())); BIO_get_md_ctx(bio, &ctx); AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey, (int)sizeof(testKey))); EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key); AssertNotNull(bio = BIO_push(bio, mem)); BIO_write(bio, testData, (int)strlen(testData)); EVP_DigestSignFinal(ctx, NULL, &checkSz); EVP_DigestSignFinal(ctx, check, &checkSz); AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0); EVP_PKEY_free(key); BIO_free(bio); BIO_free(mem); printf(resultFmt, passed); #endif } static void test_wolfSSL_BIO_up_ref(void) { #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) BIO* bio; printf(testingFmt, "wolfSSL_BIO_up_ref()"); AssertNotNull(bio = BIO_new(BIO_f_md())); AssertIntEQ(BIO_up_ref(NULL), 0); AssertIntEQ(BIO_up_ref(bio), 1); BIO_free(bio); AssertIntEQ(BIO_up_ref(bio), 1); BIO_free(bio); BIO_free(bio); printf(resultFmt, "passed"); #endif } #endif /* !NO_BIO */ #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) /* test that the callback arg is correct */ static int certCbArg = 0; static int clientCertCb(WOLFSSL* ssl, void* arg) { if (ssl == NULL || arg != &certCbArg) return 0; if (wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; return 1; } static void clientCertSetupCb(WOLFSSL_CTX* ctx) { SSL_CTX_set_cert_cb(ctx, clientCertCb, &certCbArg); } /** * This is only done because test_client_nofail has no way to stop * certificate and key loading */ static void clientCertClearCb(WOLFSSL* ssl) { /* Clear the loaded certs to force the callbacks to set them up */ SSL_certs_clear(ssl); } static int serverCertCb(WOLFSSL* ssl, void* arg) { if (ssl == NULL || arg != &certCbArg) return 0; if (wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; return 1; } static void serverCertSetupCb(WOLFSSL_CTX* ctx) { SSL_CTX_set_cert_cb(ctx, serverCertCb, &certCbArg); } /** * This is only done because test_server_nofail has no way to stop * certificate and key loading */ static void serverCertClearCb(WOLFSSL* ssl) { /* Clear the loaded certs to force the callbacks to set them up */ SSL_certs_clear(ssl); } #endif static void test_wolfSSL_cert_cb(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) callback_functions func_cb_client; callback_functions func_cb_server; tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; client_args.callbacks = &func_cb_client; server_args.callbacks = &func_cb_server; func_cb_client.ctx_ready = clientCertSetupCb; func_cb_client.ssl_ready = clientCertClearCb; func_cb_server.ctx_ready = serverCertSetupCb; func_cb_server.ssl_ready = serverCertClearCb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif #endif } static void test_wolfSSL_SESSION(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE) WOLFSSL* ssl; WOLFSSL_CTX* ctx; WOLFSSL_SESSION* sess; WOLFSSL_SESSION* sess_copy; unsigned char* sessDer = NULL; unsigned char* ptr = NULL; #ifdef OPENSSL_EXTRA const unsigned char context[] = "user app context"; unsigned int contextSz = (unsigned int)sizeof(context); #endif int ret, err, sockfd, sz; tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; char msg[80]; const char* sendGET = "GET"; printf(testingFmt, "wolfSSL_SESSION()"); /* TLS v1.3 requires session tickets */ /* CHACHA and POLY1305 required for myTicketEncCb */ #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \ !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \ defined(HAVE_POLY1305) && !defined(HAVE_AESGCM))) AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #ifdef HAVE_SESSION_TICKET /* Use session tickets, for ticket tests below */ AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS); #endif XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); /* client connection */ ssl = wolfSSL_new(ctx); tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), SSL_SUCCESS); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(ret, WOLFSSL_SUCCESS); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET)); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(ret, (int)XSTRLEN(sendGET)); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_read(ssl, msg, sizeof(msg)); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(ret, 23); sess = wolfSSL_get_session(ssl); #if defined(OPENSSL_EXTRA) AssertIntEQ(SSL_SESSION_is_resumable(NULL), 0); AssertIntEQ(SSL_SESSION_is_resumable(sess), 1); #else AssertIntEQ(wolfSSL_SESSION_is_resumable(NULL), 0); AssertIntEQ(wolfSSL_SESSION_is_resumable(sess), 1); #endif AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0); AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0); #ifdef HAVE_SESSION_TICKET AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1); AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess), SESSION_TICKET_HINT_DEFAULT); #else AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0); #endif wolfSSL_shutdown(ssl); wolfSSL_free(ssl); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) { X509 *x509; char buf[30]; int bufSz; AssertNotNull(x509 = SSL_SESSION_get0_peer(sess)); AssertIntGT((bufSz = X509_NAME_get_text_by_NID( X509_get_subject_name(x509), NID_organizationalUnitName, buf, sizeof(buf))), 0); AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/ if (bufSz == 7) { AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0); } if (bufSz == 16) { AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0); } } #endif AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess)); wolfSSL_SESSION_free(sess_copy); /* get session from DER and update the timeout */ AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG); AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0); wolfSSL_SESSION_free(sess); ptr = sessDer; AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz)); AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, (const unsigned char**)&ptr, sz)); XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL); AssertIntGT(wolfSSL_SESSION_get_time(sess), 0); AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS); /* successful set session test */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_SUCCESS); #ifdef HAVE_SESSION_TICKET /* Test set/get session ticket */ { const char* ticket = "This is a session ticket"; char buf[64] = {0}; word32 bufSz = (word32)sizeof(buf); AssertIntEQ(SSL_SUCCESS, wolfSSL_set_SessionTicket(ssl, (byte *)ticket, (word32)XSTRLEN(ticket))); AssertIntEQ(SSL_SUCCESS, wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz)); AssertStrEQ(ticket, buf); } #endif #ifdef OPENSSL_EXTRA /* session timeout case */ /* make the session to be expired */ AssertIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS); XSLEEP_MS(1200); /* SSL_set_session should reject specified session but return success * if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility. */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS); #else AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE); #endif AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS); /* fail case with miss match session context IDs (use compatibility API) */ AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz), SSL_SUCCESS); AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE); wolfSSL_free(ssl); AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz), SSL_FAILURE); AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz), SSL_SUCCESS); AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE); #endif wolfSSL_free(ssl); SSL_SESSION_free(sess); wolfSSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_ticket_keys(void) { #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; byte keys[WOLFSSL_TICKET_KEYS_SZ]; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif } #ifndef NO_BIO static void test_wolfSSL_d2i_PUBKEY(void) { #if defined(OPENSSL_EXTRA) BIO* bio; EVP_PKEY* pkey; printf(testingFmt, "wolfSSL_d2i_PUBKEY()"); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNull(d2i_PUBKEY_bio(NULL, NULL)); #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) /* RSA PUBKEY test */ AssertIntGT(BIO_write(bio, client_keypub_der_2048, sizeof_client_keypub_der_2048), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif #if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC) /* ECC PUBKEY test */ AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256, sizeof_ecc_clikeypub_der_256), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA) /* DSA PUBKEY test */ AssertIntGT(BIO_write(bio, dsa_pub_key_der_2048, sizeof_dsa_pub_key_der_2048), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION > 2)) /* DH PUBKEY test */ AssertIntGT(BIO_write(bio, dh_pub_key_der_2048, sizeof_dh_pub_key_der_2048), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */ BIO_free(bio); (void)pkey; printf(resultFmt, passed); #endif } #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) static void test_wolfSSL_d2i_PrivateKeys_bio(void) { BIO* bio = NULL; EVP_PKEY* pkey = NULL; #ifndef NO_RSA #endif WOLFSSL_CTX* ctx; #if defined(WOLFSSL_KEY_GEN) unsigned char buff[4096]; unsigned char* bufPtr = buff; #endif printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()"); /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL))); /* test loading RSA key using BIO */ #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/server-key.der"; size_t sz; byte* buf; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); XREWIND(file); AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading DER private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); pkey = NULL; } #endif /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/ecc-key.der"; size_t sz; byte* buf; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); XREWIND(file); AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading DER private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); pkey = NULL; } #endif AssertNotNull(bio = BIO_new(BIO_s_mem())); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(NO_RSA) && !defined(HAVE_USER_RSA) { RSA* rsa = NULL; /* Tests bad parameters */ AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL)); /* RSA not set yet, expecting to fail*/ AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN) /* set RSA using bio*/ AssertIntGT(BIO_write(bio, client_key_der_2048, sizeof_client_key_der_2048), 0); AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL)); AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); /*i2d RSAprivate key tests */ AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192); AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), sizeof_client_key_der_2048); bufPtr = NULL; AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), sizeof_client_key_der_2048); AssertNotNull(bufPtr); XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL); #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */ RSA_free(rsa); } #endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/ SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio); bio = NULL; printf(resultFmt, passed); } #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ #endif /* !NO_BIO */ static void test_wolfSSL_sk_GENERAL_NAME(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) X509* x509; GENERAL_NAME* gn; unsigned char buf[4096]; const unsigned char* bufPt; int bytes, i; XFILE f; STACK_OF(GENERAL_NAME)* sk; printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()"); f = XFOPEN(cliCertDerFileExt, "rb"); AssertTrue((f != XBADFILE)); AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); XFCLOSE(f); bufPt = buf; AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL)); AssertIntEQ(sk_GENERAL_NAME_num(sk), 1); for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) { AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i)); switch (gn->type) { case GEN_DNS: printf("found type GEN_DNS\n"); break; case GEN_EMAIL: printf("found type GEN_EMAIL\n"); break; case GEN_URI: printf("found type GEN_URI\n"); break; } } X509_free(x509); sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free); printf(resultFmt, passed); #endif } static void test_wolfSSL_GENERAL_NAME_print(void) { #if defined(OPENSSL_ALL) && !defined(NO_BIO) X509* x509; GENERAL_NAME* gn; unsigned char buf[4096]; const unsigned char* bufPt; int bytes; XFILE f; STACK_OF(GENERAL_NAME)* sk; BIO* out; unsigned char outbuf[128]; X509_EXTENSION* ext; AUTHORITY_INFO_ACCESS* aia; ACCESS_DESCRIPTION* ad; const unsigned char v4Addr[] = {192,168,53,1}; const unsigned char v6Addr[] = {0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77}; const unsigned char email[] = {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l', 'f', 's', 's', 'l', '.', 'c', 'o', 'm'}; const char* dnsStr = "DNS:example.com"; const char* uriStr = "URI:http://127.0.0.1:22220"; const char* v4addStr = "IP Address:192.168.53.1"; const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777"; const char* emailStr = "email:info@wolfssl.com"; const char* othrStr = "othername:"; const char* x400Str = "X400Name:"; const char* ediStr = "EdiPartyName:"; printf(testingFmt, "test_wolfSSL_GENERAL_NAME_print()"); /* BIO to output */ AssertNotNull(out = BIO_new(BIO_s_mem())); /* test for NULL param */ gn = NULL; AssertIntEQ(GENERAL_NAME_print(NULL, NULL), 0); AssertIntEQ(GENERAL_NAME_print(NULL, gn), 0); AssertIntEQ(GENERAL_NAME_print(out, NULL), 0); /* test for GEN_DNS */ f = XFOPEN(cliCertDerFileExt, "rb"); AssertTrue((f != XBADFILE)); AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); XFCLOSE(f); bufPt = buf; AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL)); AssertNotNull(gn = sk_GENERAL_NAME_value(sk, 0)); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); BIO_read(out, outbuf, sizeof(outbuf)); AssertIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0); sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free); X509_free(x509); /* test for GEN_URI */ f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb"); AssertTrue((f != XBADFILE)); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); XFCLOSE(f); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 4)); aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext); AssertNotNull(aia); ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0); gn = ad->location; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0); wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext); AssertNotNull(aia); AUTHORITY_INFO_ACCESS_pop_free(aia, NULL); X509_free(x509); /* test for GEN_IPADD */ /* ip v4 address */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_IPADD; gn->d.iPAddress->length = sizeof(v4Addr); AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr, sizeof(v4Addr)), 1); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0); GENERAL_NAME_free(gn); /* ip v6 address */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_IPADD; gn->d.iPAddress->length = sizeof(v6Addr); AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr, sizeof(v6Addr)), 1); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0); GENERAL_NAME_free(gn); /* test for GEN_EMAIL */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_EMAIL; gn->d.rfc822Name->length = sizeof(email); AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email, sizeof(email)), 1); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0); GENERAL_NAME_free(gn); /* test for GEN_OTHERNAME */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_OTHERNAME; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0); GENERAL_NAME_free(gn); /* test for GEN_X400 */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_X400; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0); GENERAL_NAME_free(gn); /* test for GEN_EDIPARTY */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_EDIPARTY; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0); GENERAL_NAME_free(gn); BIO_free(out); printf(resultFmt, passed); #endif /* OPENSSL_ALL */ } static void test_wolfSSL_sk_DIST_POINT(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) X509* x509; unsigned char buf[4096]; const unsigned char* bufPt; int bytes, i, j; XFILE f; DIST_POINT* dp; GENERAL_NAME* gn; ASN1_IA5STRING* uri; STACK_OF(DIST_POINT)* dps; STACK_OF(GENERAL_NAME)* gns; const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der"; printf(testingFmt, "wolfSSL_sk_DIST_POINT()"); f = XFOPEN(cliCertDerCrlDistPoint, "rb"); AssertTrue((f != XBADFILE)); AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); XFCLOSE(f); bufPt = buf; AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); AssertNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509, NID_crl_distribution_points, NULL, NULL)); AssertIntEQ(sk_DIST_POINT_num(dps), 1); for (i = 0; i < sk_DIST_POINT_num(dps); i++) { AssertNotNull(dp = sk_DIST_POINT_value(dps, i)); gns = dp->distpoint->name.fullname; AssertNotNull(gns); AssertIntEQ(sk_GENERAL_NAME_num(gns), 1); for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) { gn = sk_GENERAL_NAME_value(gns, j); AssertIntEQ(gn->type, GEN_URI); AssertNotNull(uri = gn->d.uniformResourceIdentifier); AssertNotNull(uri->data); AssertIntGT(uri->length, 0); } } X509_free(x509); CRL_DIST_POINTS_free(dps); printf(resultFmt, passed); #endif } static void test_wolfSSL_MD4(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_MD4) MD4_CTX md4; unsigned char out[16]; /* MD4_DIGEST_SIZE */ const char* msg = "12345678901234567890123456789012345678901234567890123456" "789012345678901234567890"; const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f" "\xcc\x05\x36"; int msgSz = (int)XSTRLEN(msg); printf(testingFmt, "wolfSSL_MD4()"); XMEMSET(out, 0, sizeof(out)); MD4_Init(&md4); MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz); MD4_Final(out, &md4); AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_RSA(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ defined(WOLFSSL_KEY_GEN) RSA* rsa; const BIGNUM *n; const BIGNUM *e; const BIGNUM *d; const BIGNUM *p; const BIGNUM *q; const BIGNUM *dmp1; const BIGNUM *dmq1; const BIGNUM *iqmp; printf(testingFmt, "wolfSSL_RSA()"); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertIntEQ(RSA_size(rsa), 256); #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION >= 2))) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_INTEL_QA) && !defined(WOLFSSL_NO_RSA_KEY_CHECK) AssertIntEQ(RSA_check_key(rsa), WOLFSSL_SUCCESS); #endif /* sanity check */ AssertIntEQ(RSA_bits(NULL), 0); /* key */ AssertIntEQ(RSA_bits(rsa), 2048); RSA_get0_key(rsa, &n, &e, &d); AssertPtrEq(rsa->n, n); AssertPtrEq(rsa->e, e); AssertPtrEq(rsa->d, d); AssertNotNull(n = BN_new()); AssertNotNull(e = BN_new()); AssertNotNull(d = BN_new()); AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1); AssertPtrEq(rsa->n, n); AssertPtrEq(rsa->e, e); AssertPtrEq(rsa->d, d); /* crt_params */ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); AssertPtrEq(rsa->dmp1, dmp1); AssertPtrEq(rsa->dmq1, dmq1); AssertPtrEq(rsa->iqmp, iqmp); AssertNotNull(dmp1 = BN_new()); AssertNotNull(dmq1 = BN_new()); AssertNotNull(iqmp = BN_new()); AssertIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1, (BIGNUM*)iqmp), 1); AssertPtrEq(rsa->dmp1, dmp1); AssertPtrEq(rsa->dmq1, dmq1); AssertPtrEq(rsa->iqmp, iqmp); /* factors */ RSA_get0_factors(rsa, &p, &q); AssertPtrEq(rsa->p, p); AssertPtrEq(rsa->q, q); AssertNotNull(p = BN_new()); AssertNotNull(q = BN_new()); AssertIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1); AssertPtrEq(rsa->p, p); AssertPtrEq(rsa->q, q); AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1); AssertIntEQ(RSA_bits(rsa), 21); RSA_free(rsa); #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2)) AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL)); AssertIntEQ(RSA_size(rsa), 384); AssertIntEQ(RSA_bits(rsa), 3072); RSA_free(rsa); #endif /* remove for now with odd key size until adjusting rsa key size check with wc_MakeRsaKey() AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL)); RSA_free(rsa); */ AssertNull(RSA_generate_key(-1, 3, NULL, NULL)); AssertNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL)); AssertNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL)); AssertNull(RSA_generate_key(2048, 0, NULL, NULL)); #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) { byte buff[FOURK_BUF]; byte der[FOURK_BUF]; const char PrivKeyPemFile[] = "certs/client-keyEnc.pem"; XFILE f; int bytes; /* test loading encrypted RSA private pem w/o password */ f = XFOPEN(PrivKeyPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); XMEMSET(der, 0, sizeof(der)); /* test that error value is returned with no password */ AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0); } #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_RSA_DER(void) { #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA) RSA *rsa; int i; unsigned char *buff = NULL; struct tbl_s { const unsigned char *der; int sz; } tbl[] = { #ifdef USE_CERT_BUFFERS_1024 {client_key_der_1024, sizeof_client_key_der_1024}, {server_key_der_1024, sizeof_server_key_der_1024}, #endif #ifdef USE_CERT_BUFFERS_2048 {client_key_der_2048, sizeof_client_key_der_2048}, {server_key_der_2048, sizeof_server_key_der_2048}, #endif {NULL, 0} }; /* Public Key DER */ struct tbl_s pub[] = { #ifdef USE_CERT_BUFFERS_1024 {client_keypub_der_1024, sizeof_client_keypub_der_1024}, #endif #ifdef USE_CERT_BUFFERS_2048 {client_keypub_der_2048, sizeof_client_keypub_der_2048}, #endif {NULL, 0} }; printf(testingFmt, "test_wolfSSL_RSA_DER()"); for (i = 0; tbl[i].der != NULL; i++) { AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz)); AssertNotNull(rsa); RSA_free(rsa); } for (i = 0; tbl[i].der != NULL; i++) { AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz)); AssertNotNull(rsa); RSA_free(rsa); } for (i = 0; pub[i].der != NULL; i++) { AssertNotNull(d2i_RSAPublicKey(&rsa, &pub[i].der, pub[i].sz)); AssertNotNull(rsa); AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz); buff = NULL; AssertIntEQ(i2d_RSAPublicKey(rsa, &buff), pub[i].sz); AssertNotNull(buff); AssertIntEQ(0, memcmp((void *)buff, (void *)pub[i].der, pub[i].sz)); XFREE((void *)buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); RSA_free(rsa); } printf(resultFmt, passed); #endif } static void test_wolfSSL_RSA_get0_key(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) RSA *rsa = NULL; const BIGNUM* n = NULL; const BIGNUM* e = NULL; const BIGNUM* d = NULL; const unsigned char* der; int derSz; #ifdef USE_CERT_BUFFERS_1024 der = client_key_der_1024; derSz = sizeof_client_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) der = client_key_der_2048; derSz = sizeof_client_key_der_2048; #else der = NULL; derSz = 0; #endif printf(testingFmt, "test_wolfSSL_RSA_get0_key()"); if (der != NULL) { RSA_get0_key(NULL, NULL, NULL, NULL); RSA_get0_key(rsa, NULL, NULL, NULL); RSA_get0_key(NULL, &n, &e, &d); AssertNull(n); AssertNull(e); AssertNull(d); AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz)); AssertNotNull(rsa); RSA_get0_key(rsa, NULL, NULL, NULL); RSA_get0_key(rsa, &n, NULL, NULL); AssertNotNull(n); RSA_get0_key(rsa, NULL, &e, NULL); AssertNotNull(e); RSA_get0_key(rsa, NULL, NULL, &d); AssertNotNull(d); RSA_get0_key(rsa, &n, &e, &d); AssertNotNull(n); AssertNotNull(e); AssertNotNull(d); RSA_free(rsa); } printf(resultFmt, passed); #endif } static void test_wolfSSL_RSA_meth(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA *rsa; RSA_METHOD *rsa_meth; printf(testingFmt, "test_wolfSSL_RSA_meth"); #ifdef WOLFSSL_KEY_GEN AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); RSA_free(rsa); #else AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); #endif AssertNotNull(rsa_meth = RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK)); #ifndef NO_WOLFSSL_STUB AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1); #endif AssertNotNull(rsa = RSA_new()); AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1); AssertPtrEq(RSA_get_method(rsa), rsa_meth); AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK); RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC); AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | RSA_METHOD_FLAG_NO_CHECK); RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC); AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC); /* rsa_meth is freed here */ RSA_free(rsa); printf(resultFmt, passed); #endif } static void test_wolfSSL_verify_mode(void) { #if defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL* ssl; WOLFSSL_CTX* ctx; printf(testingFmt, "test_wolfSSL_verify()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); SSL_free(ssl); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER); wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0); AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE); SSL_free(ssl); wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0); AssertIntEQ(SSL_CTX_get_verify_mode(ctx), WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER); wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE); wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT); wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK); #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE); #endif AssertIntEQ(SSL_CTX_get_verify_mode(ctx), WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_verify_depth(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL* ssl; WOLFSSL_CTX* ctx; long depth; printf(testingFmt, "test_wolfSSL_verify_depth()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS); AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx)); SSL_free(ssl); SSL_CTX_set_verify_depth(ctx, -1); AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx)); SSL_CTX_set_verify_depth(ctx, 2); AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(2, SSL_get_verify_depth(ssl)); SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC) /* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a * buffer of 64 bytes. * * returns the size of the digest buffer on success and a negative value on * failure. */ static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest) { HMAC_CTX ctx1; HMAC_CTX ctx2; unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; unsigned char long_key[] = "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789"; unsigned char msg[] = "message to hash"; unsigned int digestSz = 64; int keySz = sizeof(key); int long_keySz = sizeof(long_key); int msgSz = sizeof(msg); unsigned char digest2[64]; unsigned int digestSz2 = 64; HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); /* test HMAC_Init with NULL key */ /* init after copy */ printf("test HMAC_Init with NULL key (0)\n"); HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); /* long key */ printf("test HMAC_Init with NULL key (1)\n"); HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); /* init before copy */ printf("test HMAC_Init with NULL key (2)\n"); HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); return digestSz; } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */ static void test_wolfSSL_HMAC_CTX(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC) unsigned char digest[64]; int digestSz; printf(testingFmt, "wolfSSL_HMAC_CTX()"); #ifndef NO_SHA AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20); AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA" "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0); #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28); AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95" "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD" "\x02\x0E", digest, digestSz), 0); #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32); AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC" "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2" "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0); #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48); AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7" "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25" "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7" "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB", digest, digestSz), 0); #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64); AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD" "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10" "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60" "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60" "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0", digest, digestSz), 0); #endif /* WOLFSSL_SHA512 */ #ifndef NO_MD5 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16); AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F" "\xE4\x98\xDD", digest, digestSz), 0); #endif /* !NO_MD5 */ printf(resultFmt, passed); #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) static void sslMsgCb(int w, int version, int type, const void* buf, size_t sz, SSL* ssl, void* arg) { int i; unsigned char* pt = (unsigned char*)buf; printf("%s %d bytes of version %d , type %d : ", (w)?"Writing":"Reading", (int)sz, version, type); for (i = 0; i < (int)sz; i++) printf("%02X", pt[i]); printf("\n"); (void)ssl; (void)arg; } #endif /* OPENSSL_EXTRA */ static void test_wolfSSL_msg_callback(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL* ssl; WOLFSSL_CTX* ctx; printf(testingFmt, "wolfSSL_msg_callback()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS); AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS); AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE); SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_SHA(void) { #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) printf(testingFmt, "wolfSSL_SHA()"); #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E" "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D"; unsigned char out[WC_SHA_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); AssertNotNull(SHA1(in, XSTRLEN((char*)in), out)); AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); /* SHA interface test */ XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); AssertNull(SHA(NULL, XSTRLEN((char*)in), out)); AssertNotNull(SHA(in, 0, out)); AssertNotNull(SHA(in, XSTRLEN((char*)in), NULL)); AssertNotNull(SHA(NULL, 0, out)); AssertNotNull(SHA(NULL, 0, NULL)); AssertNotNull(SHA(in, XSTRLEN((char*)in), out)); AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); } #endif #if !defined(NO_SHA256) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; unsigned char out[WC_SHA256_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); #else AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out)); #endif AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); } #endif #if defined(WOLFSSL_SHA384) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" "\xc8\x25\xa7"; unsigned char out[WC_SHA384_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE); #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) AssertNotNull(SHA384(in, XSTRLEN((char*)in), out)); #else AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out)); #endif AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0); } #endif #if defined(WOLFSSL_SHA512) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" "\xa5\x4c\xa4\x9f"; unsigned char out[WC_SHA512_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE); #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) AssertNotNull(SHA512(in, XSTRLEN((char*)in), out)); #else AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out)); #endif AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0); } #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_DH_1536_prime(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DH) BIGNUM* bn; unsigned char bits[200]; int sz = 192; /* known binary size */ const byte expected[] = { 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22, 0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B, 0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B, 0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5, 0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A, 0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96, 0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, }; printf(testingFmt, "wolfSSL_DH_1536_prime()"); bn = get_rfc3526_prime_1536(NULL); AssertNotNull(bn); AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits)); AssertIntEQ(0, XMEMCMP(expected, bits, sz)); BN_free(bn); printf(resultFmt, passed); #endif } static void test_wolfSSL_PEM_write_DHparams(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \ !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) DH* dh; BIO* bio; XFILE fp; byte pem[2048]; int pemSz; const char expected[] = "-----BEGIN DH PARAMETERS-----\n\ MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n\ v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n\ nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n\ joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n\ wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n\ tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\ -----END DH PARAMETERS-----\n"; printf(testingFmt, "wolfSSL_PEM_write_DHparams()"); AssertNotNull(fp = XFOPEN(dhParamFile, "rb")); AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0); XFCLOSE(fp); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz); AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); BIO_free(bio); AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb")); AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS); AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE); XFCLOSE(fp); DH_free(dh); /* check results */ XMEMSET(pem, 0, sizeof(pem)); AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb")); AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0); AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0); XFCLOSE(fp); printf(resultFmt, passed); #endif } /* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\ (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)) static void binary_dump(void *ptr, int size) { #ifdef WOLFSSL_EVP_PRINT int i = 0; unsigned char *p = (unsigned char *) ptr; printf("{"); while((p != NULL) && (i < size)) { if((i % 8) == 0) { printf("\n"); printf(" "); } printf("0x%02x, ", p[i]); i++; } printf("\n};\n"); #else (void) ptr; (void) size; #endif } static int last_val = 0x0f; static int check_result(unsigned char *data, int len) { int i; for( ; len; ) { last_val = (last_val + 1) % 16; for(i = 0; i < 16; len--, i++, data++) if(*data != last_val) { return -1; } } return 0; } static int r_offset; static int w_offset; static void init_offset(void) { r_offset = 0; w_offset = 0; } static void get_record(unsigned char *data, unsigned char *buf, int len) { XMEMCPY(buf, data+r_offset, len); r_offset += len; } static void set_record(unsigned char *data, unsigned char *buf, int len) { XMEMCPY(data+w_offset, buf, len); w_offset += len; } static void set_plain(unsigned char *plain, int rec) { int i, j; unsigned char *p = plain; #define BLOCKSZ 16 for(i=0; i<(rec/BLOCKSZ); i++){ for(j=0; j 0 && keylen != klen) { AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); } ilen = EVP_CIPHER_CTX_iv_length(evp); if (ilen > 0 && ivlen != ilen) { AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); } AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); for (j = 0; j 0) set_record(cipher, outb, outl); } for (i = 0; test_drive[i]; i++) { last_val = 0x0f; AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0); init_offset(); for (j = 0; test_drive[i][j]; j++){ inl = test_drive[i][j]; get_record(cipher, inb, inl); AssertIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), 0); binary_dump(outb, outl); AssertIntEQ((ret = check_result(outb, outl)), 0); AssertFalse(outl > ((inl/16+1)*16) && outl > 16); } ret = EVP_CipherFinal(evp, outb, &outl); binary_dump(outb, outl); ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) || (((test_drive_len[i] % 16) == 0) && (ret == 1)); AssertTrue(ret); } EVP_CIPHER_CTX_free(evp); #endif /* test_EVP_Cipher */ return 0; } static void test_wolfSSL_PEM_read_DHparams(void) { #if defined(OPENSSL_ALL) && !defined(NO_BIO) && \ !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) DH* dh; XFILE fp; unsigned char derOut[300]; unsigned char* derOutBuf = derOut; int derOutSz = 0; unsigned char derExpected[300]; int derExpectedSz = 0; printf(testingFmt, "wolfSSL_PEM_read_DHparams()"); XMEMSET(derOut, 0, sizeof(derOut)); XMEMSET(derExpected, 0, sizeof(derExpected)); /* open DH param file, read into DH struct */ AssertNotNull(fp = XFOPEN(dhParamFile, "rb")); /* bad args */ AssertNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL)); AssertNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL)); /* good args */ AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL)); XFCLOSE(fp); /* read in certs/dh2048.der for comparison against exported params */ fp = XFOPEN("./certs/dh2048.der", "rb"); AssertTrue(fp != XBADFILE); derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected), fp); XFCLOSE(fp); /* export DH back to DER and compare */ derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf); AssertIntEQ(derOutSz, derExpectedSz); AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0); /* Test parsing with X9.42 header */ fp = XFOPEN("./certs/x942dh2048.pem", "rb"); AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL)); XFCLOSE(fp); DH_free(dh); printf(resultFmt, passed); #endif } static void test_wolfSSL_AES_ecb_encrypt(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) AES_KEY aes; const byte msg[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; const byte verify[] = { 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 }; const byte key[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; byte out[AES_BLOCK_SIZE]; printf(testingFmt, "wolfSSL_AES_ecb_encrypt()"); AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0); XMEMSET(out, 0, AES_BLOCK_SIZE); AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0); #ifdef HAVE_AES_DECRYPT AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0); XMEMSET(out, 0, AES_BLOCK_SIZE); AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0); #endif /* test bad arguments */ AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT); AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT); AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT); printf(resultFmt, passed); #endif } static void test_wolfSSL_MD5(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_MD5) byte input1[] = ""; byte input2[] = "message digest"; byte hash[WC_MD5_DIGEST_SIZE]; unsigned char output1[] = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e"; unsigned char output2[] = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"; WOLFSSL_MD5_CTX md5; printf(testingFmt, "wolfSSL_MD5()"); XMEMSET(&md5, 0, sizeof(md5)); /* Test cases for illegal parameters */ AssertIntEQ(MD5_Init(NULL), 0); AssertIntEQ(MD5_Init(&md5), 1); AssertIntEQ(MD5_Update(NULL, input1, 0), 0); AssertIntEQ(MD5_Update(NULL, NULL, 0), 0); AssertIntEQ(MD5_Update(&md5, NULL, 1), 0); AssertIntEQ(MD5_Final(NULL, &md5), 0); AssertIntEQ(MD5_Final(hash, NULL), 0); AssertIntEQ(MD5_Final(NULL, NULL), 0); /* Init MD5 CTX */ AssertIntEQ(wolfSSL_MD5_Init(&md5), 1); AssertIntEQ(wolfSSL_MD5_Update(&md5, input1, XSTRLEN((const char*)&input1)), 1); AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1); AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0); /* Init MD5 CTX */ AssertIntEQ(wolfSSL_MD5_Init(&md5), 1); AssertIntEQ(wolfSSL_MD5_Update(&md5, input2, (int)XSTRLEN((const char*)input2)), 1); AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1); AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0); #if !defined(NO_OLD_NAMES) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) AssertPtrNE(MD5(NULL, 1, (byte*)&hash), &hash); AssertPtrEq(MD5(input1, 0, (byte*)&hash), &hash); AssertPtrNE(MD5(input1, 1, NULL), NULL); AssertPtrNE(MD5(NULL, 0, NULL), NULL); AssertPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), &hash); AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0); AssertPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), &hash); AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0); { byte data[] = "Data to be hashed."; XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE); AssertNotNull(MD5(data, sizeof(data), NULL)); AssertNotNull(MD5(data, sizeof(data), hash)); AssertNotNull(MD5(NULL, 0, hash)); AssertNull(MD5(NULL, sizeof(data), hash)); } #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_MD5_Transform(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_MD5) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_MD5_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91"; unsigned char output2[] = "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc"; #else unsigned char output1[] = "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74"; unsigned char output2[] = "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3"; #endif MD5_CTX md5; printf(testingFmt, "wolfSSL_MD5_Transform()"); XMEMSET(&md5, 0, sizeof(md5)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(MD5_Transform(NULL, NULL), 0); AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(MD5_Transform(&md5, NULL), 0); AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG); /* Init MD5 CTX */ AssertIntEQ(wolfSSL_MD5_Init(&md5), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1, WC_MD5_DIGEST_SIZE), 0); /* Init MD5 CTX */ AssertIntEQ(MD5_Init(&md5), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_MD5_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2, WC_MD5_DIGEST_SIZE), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_SHA224(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \ !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) unsigned char input[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; unsigned char output[] = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; size_t inLen; byte hash[WC_SHA224_DIGEST_SIZE]; printf(testingFmt, "wolfSSL_SHA224()"); inLen = XSTRLEN((char*)input); XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE); AssertNull(SHA224(NULL, inLen, hash)); AssertNotNull(SHA224(input, 0, hash)); AssertNotNull(SHA224(input, inLen, NULL)); AssertNotNull(SHA224(NULL, 0, hash)); AssertNotNull(SHA224(NULL, 0, NULL)); AssertNotNull(SHA224(input, inLen, hash)); AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_SHA_Transform(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68" "\x09\xf7\x3a\x93"; unsigned char output2[] = "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0" "\x7c\x6e\x08\xb8"; #else unsigned char output1[] = "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf" "\x93\x3a\xf7\x09"; unsigned char output2[] = "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d" "\xb8\x08\x6e\x7c"; #endif SHA_CTX sha; SHA_CTX sha1; printf(testingFmt, "wolfSSL_SHA_Transform()"); XMEMSET(&sha, 0, sizeof(sha)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(SHA_Transform(NULL, NULL), 0); AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA_Transform(&sha, NULL), 0); AssertIntEQ(SHA1_Transform(NULL, NULL), 0); AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA1_Transform(&sha, NULL), 0); AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG); /* Init SHA CTX */ AssertIntEQ(SHA_Init(&sha), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */ /* Init SHA CTX */ AssertIntEQ(SHA_Init(&sha), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */ /* SHA1 */ XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); /* Init SHA CTX */ AssertIntEQ(SHA1_Init(&sha1), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output1, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */ /* Init SHA CTX */ AssertIntEQ(SHA1_Init(&sha1), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output2, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */ printf(resultFmt, passed); #endif #endif } static void test_wolfSSL_SHA256_Transform(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA256_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca" "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8"; unsigned char output2[] = "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8" "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35"; #else unsigned char output1[] = "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77" "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18"; unsigned char output2[] = "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78" "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91"; #endif SHA256_CTX sha256; printf(testingFmt, "wolfSSL_SHA256_Transform()"); XMEMSET(&sha256, 0, sizeof(sha256)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(SHA256_Transform(NULL, NULL), 0); AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA256_Transform(&sha256, NULL), 0); AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG); /* Init SHA256 CTX */ AssertIntEQ(SHA256_Init(&sha256), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1, WC_SHA256_DIGEST_SIZE), 0); AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */ /* Init SHA256 CTX */ AssertIntEQ(SHA256_Init(&sha256), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2, WC_SHA256_DIGEST_SIZE), 0); AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */ printf(resultFmt, passed); #endif #endif } static void test_wolfSSL_SHA256(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) unsigned char input[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; unsigned char output[] = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; size_t inLen; byte hash[WC_SHA256_DIGEST_SIZE]; printf(testingFmt, "wolfSSL_SHA256()"); inLen = XSTRLEN((char*)input); XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE); AssertNotNull(SHA256(input, inLen, hash)); AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_SHA512_Transform(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA512_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70" "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0" "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0" "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee"; unsigned char output2[] = "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21" "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab" "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98" "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0"; #else unsigned char output1[] = "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53" "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30" "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96" "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91"; unsigned char output2[] = "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd" "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2" "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe" "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde"; #endif SHA512_CTX sha512; printf(testingFmt, "wolfSSL_SHA512_Transform()"); XMEMSET(&sha512, 0, sizeof(sha512)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(SHA512_Transform(NULL, NULL), 0); AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA512_Transform(&sha512, NULL), 0); AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG); /* Init SHA512 CTX */ AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1, WC_SHA512_DIGEST_SIZE), 0); AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */ /* Init SHA512 CTX */ AssertIntEQ(SHA512_Init(&sha512), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2, WC_SHA512_DIGEST_SIZE), 0); AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */ (void)input1; printf(resultFmt, passed); #endif #endif } static void test_wolfSSL_X509_get_serialNumber(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) ASN1_INTEGER* a; BIGNUM* bn; X509* x509; char *serialHex; byte serial[3]; int serialSz; printf(testingFmt, "wolfSSL_X509_get_serialNumber()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertNotNull(a = X509_get_serialNumber(x509)); /* check on value of ASN1 Integer */ AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); /* test setting serial number and then retrieving it */ AssertNotNull(a = ASN1_INTEGER_new()); ASN1_INTEGER_set(a, 3); AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); serialSz = sizeof(serial); AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), WOLFSSL_SUCCESS); AssertIntEQ(serialSz, 1); AssertIntEQ(serial[0], 3); ASN1_INTEGER_free(a); /* test setting serial number with 0's in it */ serial[0] = 0x01; serial[1] = 0x00; serial[2] = 0x02; AssertNotNull(a = wolfSSL_ASN1_INTEGER_new()); a->data[0] = ASN_INTEGER; a->data[1] = sizeof(serial); XMEMCPY(&a->data[2], serial, sizeof(serial)); a->length = sizeof(serial) + 2; AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); XMEMSET(serial, 0, sizeof(serial)); serialSz = sizeof(serial); AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), WOLFSSL_SUCCESS); AssertIntEQ(serialSz, 3); AssertIntEQ(serial[0], 0x01); AssertIntEQ(serial[1], 0x00); AssertIntEQ(serial[2], 0x02); ASN1_INTEGER_free(a); X509_free(x509); /* free's a */ AssertNotNull(serialHex = BN_bn2hex(bn)); #ifndef WC_DISABLE_RADIX_ZERO_PAD AssertStrEQ(serialHex, "01"); #else AssertStrEQ(serialHex, "1"); #endif OPENSSL_free(serialHex); AssertIntEQ(BN_get_word(bn), 1); BN_free(bn); /* hard test free'ing with dynamic buffer to make sure there is no leaks */ a = ASN1_INTEGER_new(); if (a) { AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL, DYNAMIC_TYPE_OPENSSL)); a->isDynamic = 1; ASN1_INTEGER_free(a); } printf(resultFmt, passed); #endif } static void test_wolfSSL_OpenSSL_add_all_algorithms(void){ #if defined(OPENSSL_EXTRA) printf(testingFmt, "wolfSSL_OpenSSL_add_all_algorithms()"); AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS); printf(resultFmt, passed); #endif } static void test_wolfSSL_OPENSSL_hexstr2buf(void) { #if defined(OPENSSL_EXTRA) #define MAX_HEXSTR_BUFSZ 9 #define NUM_CASES 5 struct Output { const unsigned char buffer[MAX_HEXSTR_BUFSZ]; long ret; }; int i; int j; const char* inputs[NUM_CASES] = { "aabcd1357e", "01:12:23:34:a5:b6:c7:d8:e9", ":01:02", "012", ":ab:ac:d" }; struct Output expectedOutputs[NUM_CASES] = { {{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5}, {{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9}, {{0x01, 0x02}, 2}, {{0x00}, 0}, {{0x00}, 0} }; long len = 0; unsigned char* returnedBuf = NULL; printf(testingFmt, "test_wolfSSL_OPENSSL_hexstr2buf()"); for (i = 0; i < NUM_CASES; ++i) { returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len); if (returnedBuf == NULL) { AssertIntEQ(expectedOutputs[i].ret, 0); continue; } AssertIntEQ(expectedOutputs[i].ret, len); for (j = 0; j < len; ++j) { AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]); } OPENSSL_free(returnedBuf); } printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_STRING_print_ex(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) #ifndef NO_BIO ASN1_STRING* asn_str; const char data[] = "Hello wolfSSL!"; ASN1_STRING* esc_str; const char esc_data[] = "a+;<>"; BIO *bio; unsigned long flags; int p_len; unsigned char rbuf[255]; printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()"); /* setup */ XMEMSET(rbuf, 0, 255); bio = BIO_new(BIO_s_mem()); BIO_set_write_buf_size(bio,255); asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)); esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data)); /* no flags */ XMEMSET(rbuf, 0, 255); flags = 0; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 15); BIO_read(bio, (void*)rbuf, 15); AssertStrEQ((char*)rbuf, "Hello wolfSSL!"); /* RFC2253 Escape */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_ESC_2253; p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags); AssertIntEQ(p_len, 9); BIO_read(bio, (void*)rbuf, 9); AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); /* Show type */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 28); BIO_read(bio, (void*)rbuf, 28); AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); /* Dump All */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 31); BIO_read(bio, (void*)rbuf, 31); AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); /* Dump Der */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 35); BIO_read(bio, (void*)rbuf, 35); AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); /* Dump All + Show type */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 44); BIO_read(bio, (void*)rbuf, 44); AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100"); BIO_free(bio); ASN1_STRING_free(asn_str); ASN1_STRING_free(esc_str); printf(resultFmt, passed); #endif /* !NO_BIO */ #endif } static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) WOLFSSL_ASN1_TIME *t; WOLFSSL_ASN1_TIME *out; WOLFSSL_ASN1_TIME *gtime; int tlen = 0; unsigned char *data; printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()"); /* UTC Time test */ AssertNotNull(t = wolfSSL_ASN1_TIME_new()); XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); AssertNotNull(out = wolfSSL_ASN1_TIME_new()); t->type = ASN_UTC_TIME; t->length = ASN_UTC_TIME_SIZE; XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); tlen = wolfSSL_ASN1_TIME_get_length(t); AssertIntEQ(tlen, ASN_UTC_TIME_SIZE); data = wolfSSL_ASN1_TIME_get_data(t); AssertStrEQ((char*)data, "050727123456Z"); gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data, "20050727123456Z"); /* Generalized Time test */ XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE); t->type = ASN_GENERALIZED_TIME; t->length = ASN_GENERALIZED_TIME_SIZE; XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE); tlen = wolfSSL_ASN1_TIME_get_length(t); AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE); data = wolfSSL_ASN1_TIME_get_data(t); AssertStrEQ((char*)data, "20050727123456Z"); gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data, "20050727123456Z"); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* Null parameter test */ XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); gtime = NULL; out = NULL; t->type = ASN_UTC_TIME; t->length = ASN_UTC_TIME_SIZE; XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data, "20050727123456Z"); XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_CA_num(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ defined(HAVE_ECC) && !defined(NO_RSA) WOLFSSL_X509_STORE *store; WOLFSSL_X509 *x509_1, *x509_2; int ca_num = 0; printf(testingFmt, "wolfSSL_X509_CA_num()"); store = wolfSSL_X509_STORE_new(); x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); wolfSSL_X509_STORE_add_cert(store, x509_1); ca_num = wolfSSL_X509_CA_num(store); AssertIntEQ(ca_num, 1); x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM); wolfSSL_X509_STORE_add_cert(store, x509_2); ca_num = wolfSSL_X509_CA_num(store); AssertIntEQ(ca_num, 2); wolfSSL_X509_free(x509_1); wolfSSL_X509_free(x509_2); wolfSSL_X509_STORE_free(store); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_check_ca(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) WOLFSSL_X509 *x509; printf(testingFmt, "wolfSSL_X509_check_ca()"); x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); AssertIntEQ(wolfSSL_X509_check_ca(x509), 1); wolfSSL_X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_check_ip_asc(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) WOLFSSL_X509 *x509; printf(testingFmt, "wolfSSL_X509_check_ip_asc()"); x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); #if 0 /* TODO: add cert gen for testing positive case */ AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1); #endif AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0); AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0); wolfSSL_X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_DC_cert(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \ defined(WOLFSSL_CERT_EXT) Cert cert; RsaKey key; WC_RNG rng; byte der[FOURK_BUF]; int certSz; int ret, idx; const byte mySerial[8] = {1,2,3,4,5,6,7,8}; const unsigned char* pt; X509* x509; X509_NAME* x509name; X509_NAME_ENTRY* entry; ASN1_STRING* entryValue; CertName name; printf(testingFmt, "wolfSSL Certs with DC"); XMEMSET(&name, 0, sizeof(CertName)); /* set up cert name */ XMEMCPY(name.country, "US", sizeof("US")); name.countryEnc = CTC_PRINTABLE; XMEMCPY(name.state, "Oregon", sizeof("Oregon")); name.stateEnc = CTC_UTF8; XMEMCPY(name.locality, "Portland", sizeof("Portland")); name.localityEnc = CTC_UTF8; XMEMCPY(name.sur, "Test", sizeof("Test")); name.surEnc = CTC_UTF8; XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL")); name.orgEnc = CTC_UTF8; XMEMCPY(name.unit, "Development", sizeof("Development")); name.unitEnc = CTC_UTF8; XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); name.commonNameEnc = CTC_UTF8; XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); name.serialDevEnc = CTC_PRINTABLE; #ifdef WOLFSSL_MULTI_ATTRIB #if CTC_MAX_ATTRIB > 2 { NameAttrib* n; n = &name.name[0]; n->id = ASN_DOMAIN_COMPONENT; n->type = CTC_UTF8; n->sz = sizeof("com"); XMEMCPY(n->value, "com", sizeof("com")); n = &name.name[1]; n->id = ASN_DOMAIN_COMPONENT; n->type = CTC_UTF8; n->sz = sizeof("wolfssl"); XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); } #endif #endif /* WOLFSSL_MULTI_ATTRIB */ AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); #ifndef HAVE_FIPS AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, devId), 0); #else AssertIntEQ(wc_InitRng(&rng), 0); #endif AssertIntEQ(wc_MakeRsaKey(&key, 2048, 3, &rng), 0); XMEMSET(&cert, 0 , sizeof(Cert)); AssertIntEQ(wc_InitCert(&cert), 0); XMEMCPY(&cert.subject, &name, sizeof(CertName)); XMEMCPY(cert.serial, mySerial, sizeof(mySerial)); cert.serialSz = (int)sizeof(mySerial); cert.isCA = 1; #ifndef NO_SHA256 cert.sigType = CTC_SHA256wRSA; #else cert.sigType = CTC_SHAwRSA; #endif /* add SKID from the Public Key */ AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0); /* add AKID from the Public Key */ AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0); ret = 0; do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng); } } while (ret == WC_PENDING_E); AssertIntGT(ret, 0); certSz = ret; /* der holds a certificate with DC's now check X509 parsing of it */ pt = der; AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz)); AssertNotNull(x509name = X509_get_subject_name(x509)); #ifdef WOLFSSL_MULTI_ATTRIB AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, -1)), 5); AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, idx)), 6); AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, idx)), -1); #endif /* WOLFSSL_MULTI_ATTRIB */ /* compare DN at index 0 */ AssertNotNull(entry = X509_NAME_get_entry(x509name, 0)); AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); AssertIntEQ(ASN1_STRING_length(entryValue), 2); AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US"); #ifdef WOLFSSL_MULTI_ATTRIB /* get first and second DC and compare result */ AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, -1)), 5); AssertNotNull(entry = X509_NAME_get_entry(x509name, idx)); AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, idx)), 6); AssertNotNull(entry = X509_NAME_get_entry(x509name, idx)); AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); #endif /* WOLFSSL_MULTI_ATTRIB */ /* try invalid index locations for regression test and sanity check */ AssertNull(entry = X509_NAME_get_entry(x509name, 11)); AssertNull(entry = X509_NAME_get_entry(x509name, 20)); (void)idx; X509_free(x509); wc_FreeRsaKey(&key); wc_FreeRng(&rng); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_get_version(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) WOLFSSL_X509 *x509; printf(testingFmt, "wolfSSL_X509_get_version()"); x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2); wolfSSL_X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_DES_ncbc(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) const_DES_cblock myDes; DES_cblock iv = {1}; DES_key_schedule key = {0}; unsigned char msg[] = "hello wolfssl"; unsigned char out[DES_BLOCK_SIZE * 2] = {0}; unsigned char pln[DES_BLOCK_SIZE * 2] = {0}; unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4}; unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58}; printf(testingFmt, "wolfSSL_DES_ncbc()"); /* partial block test */ DES_set_key(&key, &myDes); DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT); AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0); DES_set_key(&key, &myDes); XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); *((byte*)&iv) = 1; DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT); AssertIntEQ(XMEMCMP(msg, pln, 3), 0); AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0); /* full block test */ DES_set_key(&key, &myDes); XMEMSET(pln, 0, DES_BLOCK_SIZE); XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); *((byte*)&iv) = 1; DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT); AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0); DES_set_key(&key, &myDes); XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); *((byte*)&iv) = 1; DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT); AssertIntEQ(XMEMCMP(msg, pln, 8), 0); AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_AES_cbc_encrypt(void) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) AES_KEY aes; AES_KEY* aesN = NULL; size_t len = 0; size_t lenB = 0; int keySz0 = 0; int keySzN = -1; byte out[AES_BLOCK_SIZE] = {0}; byte* outN = NULL; const int enc1 = AES_ENCRYPT; const int enc2 = AES_DECRYPT; /* Test vectors retrieved from: * * https://csrc.nist.gov/ * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/ * documents/aes/KAT_AES.zip * */ const byte* pt128N = NULL; byte* key128N = NULL; byte* iv128N = NULL; byte iv128tmp[AES_BLOCK_SIZE] = {0}; const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9, 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 }; const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 }; len = sizeof(pt128); #define STRESS_T(a, b, c, d, e, f, g, h, i) \ wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \ AssertIntNE(XMEMCMP(b, g, h), i) #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE) printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()"); STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0); wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); printf(resultFmt, "Stress Tests: passed"); printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key"); AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0); AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0); AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0); AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0); printf(resultFmt, "Stress Tests: passed"); printf(testingFmt, "Stressing wolfSSL_AES_set_decrypt_key"); AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0); AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0); AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0); AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0); printf(resultFmt, "Stress Tests: passed"); #ifdef WOLFSSL_AES_128 printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit"); XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv128tmp, iv128); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1); AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); #ifdef HAVE_AES_DECRYPT printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode"); XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv128tmp, iv128); len = sizeof(ct128); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2); AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); #endif #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 /* Test vectors from NIST Special Publication 800-38A, 2001 Edition * Appendix F.2.3 */ byte iv192tmp[AES_BLOCK_SIZE] = {0}; const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 }; const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b }; len = sizeof(pt192); printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit"); XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv192tmp, iv192); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1); AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); #ifdef HAVE_AES_DECRYPT printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode"); len = sizeof(ct192); RESET_IV(iv192tmp, iv192); XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2); AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); #endif #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, * Appendix F.2.5 */ byte iv256tmp[AES_BLOCK_SIZE] = {0}; const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 }; const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; len = sizeof(pt256); printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit"); XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv256tmp, iv256); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1); AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); #ifdef HAVE_AES_DECRYPT printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode"); len = sizeof(ct256); RESET_IV(iv256tmp, iv256); XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2); AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); #endif #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 }; byte wrapPlain[sizeof(key256)] = { 0 }; byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 }; printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit NULL iv"); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, 15), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, sizeof(key256)), sizeof(wrapCipher)); printf(resultFmt, "passed"); printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit NULL iv"); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, 23), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, sizeof(wrapCipher)), sizeof(wrapPlain)); AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); printf(resultFmt, "passed"); XMEMSET(wrapCipher, 0, sizeof(wrapCipher)); XMEMSET(wrapPlain, 0, sizeof(wrapPlain)); printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit custom iv"); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256, sizeof(key256)), sizeof(wrapCipher)); printf(resultFmt, "passed"); printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit custom iv"); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher, sizeof(wrapCipher)), sizeof(wrapPlain)); AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); printf(resultFmt, "passed"); #endif /* HAVE_AES_KEYWRAP */ #endif /* WOLFSSL_AES_256 */ #endif } #if defined(OPENSSL_ALL) #if !defined(NO_ASN) static void test_wolfSSL_ASN1_STRING_to_UTF8(void) { #if !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_NAME* subject; WOLFSSL_X509_NAME_ENTRY* e; WOLFSSL_ASN1_STRING* a; FILE* file; int idx = 0; char targetOutput[16] = "www.wolfssl.com"; unsigned char* actual_output; int len = 0; int result = 0; AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName"); AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509)); AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject, NID_commonName, -1)), 5); AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); result = strncmp((const char*)actual_output, targetOutput, len); AssertIntEQ(result, 0); printf(resultFmt, result == 0 ? passed : failed); printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, valid): "); AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), WOLFSSL_FATAL_ERROR); printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed); printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(valid, NULL): "); AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), WOLFSSL_FATAL_ERROR); printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed); printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL): "); AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), WOLFSSL_FATAL_ERROR); printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed); wolfSSL_X509_free(x509); XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif } static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) { ASN1_STRING* asn1str_test; ASN1_STRING* asn1str_answer; /* Each character is encoded using 4 bytes */ char input[] = { 0, 0, 0, 'T', 0, 0, 0, 'e', 0, 0, 0, 's', 0, 0, 0, 't', }; char output[] = "Test"; printf(testingFmt, "test_wolfSSL_ASN1_UNIVERSALSTRING_to_string()"); AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)); AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1); AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1); AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1); AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0); ASN1_STRING_free(asn1str_test); ASN1_STRING_free(asn1str_answer); printf(resultFmt, "passed"); } #endif /* !defined(NO_ASN) */ static void test_wolfSSL_sk_CIPHER_description(void) { #if !defined(NO_RSA) const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; int i,j,k; int numCiphers = 0; const SSL_METHOD *method = NULL; const SSL_CIPHER *cipher = NULL; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; SSL_CTX *ctx = NULL; SSL *ssl = NULL; char buf[256]; char test_str[9] = "0000000"; const char badStr[] = "unknown"; const char certPath[] = "./certs/client-cert.pem"; XMEMSET(buf, 0, sizeof(buf)); printf(testingFmt, "wolfSSL_sk_CIPHER_description"); AssertNotNull(method = TLSv1_2_client_method()); AssertNotNull(ctx = SSL_CTX_new(method)); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); SSL_CTX_set_verify_depth(ctx, 4); SSL_CTX_set_options(ctx, flags); AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), WOLFSSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); /* SSL_get_ciphers returns a stack of all configured ciphers * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description */ AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl)); /* loop through the amount of supportedCiphers */ numCiphers = sk_num(supportedCiphers); for (i = 0; i < numCiphers; ++i) { /* sk_value increments "sk->data.cipher->cipherOffset". * wolfSSL_sk_CIPHER_description sets the description for * the cipher based on the provided offset. */ if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { SSL_CIPHER_description(cipher, buf, sizeof(buf)); } /* Search cipher description string for "unknown" descriptor */ for (j = 0; j < (int)XSTRLEN(buf); j++) { k = 0; while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) { test_str[k] = badStr[k]; j++; k++; } } /* Fail if test_str == badStr == "unknown" */ AssertStrNE(test_str,badStr); } SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_get_ciphers_compat(void) { #if !defined(NO_RSA) const SSL_METHOD *method = NULL; const char certPath[] = "./certs/client-cert.pem"; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; SSL_CTX *ctx = NULL; WOLFSSL *ssl = NULL; const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; printf(testingFmt, "wolfSSL_get_ciphers_compat"); method = SSLv23_client_method(); AssertNotNull(method); ctx = SSL_CTX_new(method); AssertNotNull(ctx); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); SSL_CTX_set_verify_depth(ctx, 4); SSL_CTX_set_options(ctx, flags); AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), WOLFSSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); /* Test Bad NULL input */ AssertNull(supportedCiphers = SSL_get_ciphers(NULL)); /* Test for Good input */ AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl)); /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */ SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_PUBKEY_get(void) { WOLFSSL_X509_PUBKEY pubkey; WOLFSSL_X509_PUBKEY* key; WOLFSSL_EVP_PKEY evpkey ; WOLFSSL_EVP_PKEY* evpPkey; WOLFSSL_EVP_PKEY* retEvpPkey; XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); key = &pubkey; evpPkey = &evpkey; evpPkey->type = WOLFSSL_SUCCESS; key->pkey = evpPkey; printf(testingFmt, "wolfSSL_X509_PUBKEY_get()"); AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); key->pkey = NULL; AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); printf(resultFmt,retEvpPkey == NULL ? passed : failed); } static void test_wolfSSL_d2i_DHparams(void) { #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) FILE* f = NULL; unsigned char buf[4096]; const unsigned char* pt = buf; #ifdef HAVE_FFDHE_2048 const char* params1 = "./certs/dh2048.der"; #endif #ifdef HAVE_FFDHE_3072 const char* params2 = "./certs/dh3072.der"; #endif long len = 0; WOLFSSL_DH* dh = NULL; XMEMSET(buf, 0, sizeof(buf)); /* Test 2048 bit parameters */ #ifdef HAVE_FFDHE_2048 printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit"); f = XFOPEN(params1, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertNotNull(dh->p); AssertNotNull(dh->g); AssertTrue(pt != buf); #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L AssertIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), WOLFSSL_SUCCESS); #endif AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); /* Invalid cases */ AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10)); DH_free(dh); printf(resultFmt, passed); *buf = 0; pt = buf; #endif /* HAVE_FFDHE_2048 */ /* Test 3072 bit parameters */ #ifdef HAVE_FFDHE_3072 printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit"); f = XFOPEN(params2, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertNotNull(dh->p); AssertNotNull(dh->g); AssertTrue(pt != buf); AssertIntEQ(DH_generate_key(dh), 1); /* Invalid cases */ AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); DH_free(dh); printf(resultFmt, passed); #endif /* HAVE_FFDHE_3072 */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH */ } static void test_wolfSSL_i2d_DHparams(void) { #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) FILE* f; unsigned char buf[4096]; const unsigned char* pt = buf; unsigned char* pt2 = buf; #ifdef HAVE_FFDHE_2048 const char* params1 = "./certs/dh2048.der"; #endif #ifdef HAVE_FFDHE_3072 const char* params2 = "./certs/dh3072.der"; #endif long len; WOLFSSL_DH* dh; /* Test 2048 bit parameters */ #ifdef HAVE_FFDHE_2048 printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit"); f = XFOPEN(params1, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertTrue(pt != buf); AssertIntEQ(DH_generate_key(dh), 1); AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268); /* Invalid case */ AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); /* Return length only */ AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268); DH_free(dh); printf(resultFmt, passed); *buf = 0; pt = buf; pt2 = buf; #endif /* Test 3072 bit parameters */ #ifdef HAVE_FFDHE_3072 printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit"); f = XFOPEN(params2, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertTrue(pt != buf); AssertIntEQ(DH_generate_key(dh), 1); AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396); /* Invalid case */ AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); /* Return length only */ AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396); DH_free(dh); printf(resultFmt, passed); #endif #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif } static void test_wolfSSL_EC_KEY_dup(void) { #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_EC_KEY* ecKey; WOLFSSL_EC_KEY* dupKey; ecc_key* srcKey; ecc_key* destKey; printf(testingFmt, "wolfSSL_EC_KEY_dup()"); AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); /* Valid cases */ AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); AssertIntEQ(EC_KEY_check_key(dupKey), 1); /* Compare pubkey */ srcKey = (ecc_key*)ecKey->internal; destKey = (ecc_key*)dupKey->internal; AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0); /* compare EC_GROUP */ AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ); /* compare EC_POINT */ AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \ dupKey->pub_key, NULL), MP_EQ); /* compare BIGNUM */ AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ); wolfSSL_EC_KEY_free(dupKey); /* Invalid cases */ /* NULL key */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL)); /* NULL ecc_key */ wc_ecc_free((ecc_key*)ecKey->internal); XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC); ecKey->internal = NULL; /* Set ecc_key to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); /* NULL Group */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); wolfSSL_EC_GROUP_free(ecKey->group); ecKey->group = NULL; /* Set group to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); /* NULL public key */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal); ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_POINT_free(ecKey->pub_key); ecKey->pub_key = NULL; /* Set pub_key to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); /* NULL private key */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); wolfSSL_BN_free(ecKey->priv_key); ecKey->priv_key = NULL; /* Set priv_key to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) { #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) DSA *dsa = NULL; DSA *setDsa = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY *set1Pkey = NULL; SHA_CTX sha; byte signature[DSA_SIG_SIZE]; byte hash[WC_SHA_DIGEST_SIZE]; word32 bytes; int answer; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* dsaKeyDer = dsa_key_der1024; int dsaKeySz = sizeof_dsa_key_der_1024; byte tmp[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsaKeyDer , dsaKeySz); bytes = dsa_key_der_sz; #elif defined(USE_CERT_BUFFERS_2048) const unsigned char* dsaKeyDer = dsa_key_der_2048; int dsaKeySz = sizeof_dsa_key_der_2048; byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsaKeyDer , dsaKeySz); bytes = dsaKeySz; #else const unsigned char* dsaKeyDer = dsa_key_der_2048; int dsaKeySz = sizeof_dsa_key_der_2048; byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsaKeyDer , dsaKeySz); XFILE fp = XOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ printf(testingFmt, "wolfSSL_EVP_PKEY_set1_DSA and wolfSSL_EVP_PKEY_get1_DSA"); /* Create hash to later Sign and Verify */ AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS); AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS); AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); /* Initialize pkey with der format dsa key */ AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer ,(long)dsaKeySz)); /* Test wolfSSL_EVP_PKEY_get1_DSA */ /* Should Fail: NULL argument */ AssertNull(dsa = EVP_PKEY_get0_DSA(NULL)); AssertNull(dsa = EVP_PKEY_get1_DSA(NULL)); /* Should Pass: Initialized pkey argument */ AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey)); AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey)); AssertIntEQ(DSA_bits(dsa), 2048); /* Sign */ AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); /* Verify. */ AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer), WOLFSSL_SUCCESS); /* Test wolfSSL_EVP_PKEY_set1_DSA */ /* Should Fail: set1Pkey not initialized */ AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); /* Initialize set1Pkey */ set1Pkey = EVP_PKEY_new(); /* Should Fail Verify: setDsa not initialized from set1Pkey */ AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), WOLFSSL_SUCCESS); /* Should Pass: set dsa into set1Pkey */ AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); printf(resultFmt, passed); DSA_free(dsa); DSA_free(setDsa); EVP_PKEY_free(pkey); EVP_PKEY_free(set1Pkey); #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ } /* END test_EVP_PKEY_set1_get1_DSA */ static void test_wolfSSL_DSA_SIG(void) { #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FIPS) DSA *dsa = NULL; DSA *dsa2 = NULL; DSA_SIG *sig = NULL; const BIGNUM *p = NULL; const BIGNUM *q = NULL; const BIGNUM *g = NULL; const BIGNUM *pub = NULL; const BIGNUM *priv = NULL; const byte digest[WC_SHA_DIGEST_SIZE] = {0}; printf(testingFmt, "wolfSSL_DSA_SIG"); AssertNotNull(dsa = DSA_generate_parameters(2048, NULL, 0, NULL, NULL, NULL, NULL)); DSA_free(dsa); AssertNotNull(dsa = DSA_new()); AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL, NULL), 1); AssertIntEQ(DSA_generate_key(dsa), 1); DSA_get0_pqg(dsa, &p, &q, &g); DSA_get0_key(dsa, &pub, &priv); AssertNotNull(p = BN_dup(p)); AssertNotNull(q = BN_dup(q)); AssertNotNull(g = BN_dup(g)); AssertNotNull(pub = BN_dup(pub)); AssertNotNull(priv = BN_dup(priv)); AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa)); AssertNotNull(dsa2 = DSA_new()); AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1); AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1); AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1); printf(resultFmt, passed); DSA_free(dsa); DSA_free(dsa2); DSA_SIG_free(sig); #endif } static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void) { #ifdef HAVE_ECC WOLFSSL_EC_KEY *ecKey = NULL; WOLFSSL_EC_KEY *ecGet1 = NULL; EVP_PKEY *pkey = NULL; printf(testingFmt, "wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY"); AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE); /* Should fail since ecKey is empty */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */ AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL)); AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(ecGet1); EVP_PKEY_free(pkey); /* PASSED */ printf(resultFmt, passed); #endif /* HAVE_ECC */ } /* END test_EVP_PKEY_set1_get1_EC_KEY */ static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void) { #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) DH *dh = NULL; DH *setDh = NULL; EVP_PKEY *pkey = NULL; FILE* f = NULL; unsigned char buf[4096]; const unsigned char* pt = buf; const char* dh2048 = "./certs/dh2048.der"; long len = 0; int code = -1; printf(testingFmt,"wolfSSL_EVP_PKEY_set1_DH and wolfSSL_EVP_PKEY_get1_DH"); XMEMSET(buf, 0, sizeof(buf)); f = XFOPEN(dh2048, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Load dh2048.der into DH with internal format */ AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS); AssertIntEQ(code, 0); code = -1; pkey = wolfSSL_EVP_PKEY_new(); /* Set DH into PKEY */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); /* Get DH from PKEY */ AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey)); AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS); AssertIntEQ(code, 0); EVP_PKEY_free(pkey); DH_free(setDh); DH_free(dh); printf(resultFmt, passed); #endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ } /* END test_EVP_PKEY_set1_get1_DH */ static void test_wolfSSL_CTX_ctrl(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) char caFile[] = "./certs/client-ca.pem"; char clientFile[] = "./certs/client-cert.pem"; SSL_CTX* ctx; X509* x509 = NULL; #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) byte buf[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; BIO* bio; DSA* dsa; DH* dh; #endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecKey; #endif printf(testingFmt, "wolfSSL_CTX_ctrl"); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) /* Initialize DH */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); AssertNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); #endif #ifdef HAVE_ECC /* Initialize WOLFSSL_EC_KEY */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1); #endif #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) /* additional test of getting EVP_PKEY key size from X509 * Do not run with user RSA because wolfSSL_RSA_size is not currently * allowed with user RSA */ { EVP_PKEY* pkey; #if defined(HAVE_ECC) X509* ecX509; #endif /* HAVE_ECC */ AssertNotNull(pkey = X509_get_pubkey(x509)); /* current RSA key is 2048 bit (256 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 256); EVP_PKEY_free(pkey); #if defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer( cliecc_cert_der_256, sizeof_cliecc_cert_der_256, SSL_FILETYPE_ASN1)); #else AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file( cliEccCertFile, SSL_FILETYPE_PEM)); #endif AssertNotNull(pkey = X509_get_pubkey(ecX509)); /* current ECC key is 256 bit (32 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 32); X509_free(ecX509); EVP_PKEY_free(pkey); #endif /* HAVE_ECC */ } #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */ /* Tests should fail with passed in NULL pointer */ AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL), SSL_FAILURE); #if !defined(NO_DH) && !defined(NO_DSA) AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL), SSL_FAILURE); #endif #ifdef HAVE_ECC AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL), SSL_FAILURE); #endif /* Test with SSL_CTRL_EXTRA_CHAIN_CERT * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert */ AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509), SSL_SUCCESS); /* Test with SSL_CTRL_OPTIONS * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options */ AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL) == SSL_OP_NO_TLSv1); AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); /* Test with SSL_CTRL_SET_TMP_DH * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh */ #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh), SSL_SUCCESS); #endif /* Test with SSL_CTRL_SET_TMP_ECDH * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh */ #ifdef HAVE_ECC AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey), SSL_SUCCESS); #endif #ifdef WOLFSSL_ENCRYPTED_KEYS AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); #endif /* Test for min/max proto */ #ifndef WOLFSSL_NO_TLS12 AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, 0, NULL), SSL_SUCCESS); AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, TLS1_2_VERSION, NULL), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); #endif #ifdef WOLFSSL_TLS13 AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, 0, NULL), SSL_SUCCESS); AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, TLS1_3_VERSION, NULL), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION); #ifndef WOLFSSL_NO_TLS12 AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, TLS1_2_VERSION, NULL), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION); #endif #endif /* Cleanup and Pass */ #if !defined(NO_DH) && !defined(NO_DSA) #ifndef NO_BIO BIO_free(bio); DSA_free(dsa); DH_free(dh); #endif #endif #ifdef HAVE_ECC wolfSSL_EC_KEY_free(ecKey); #endif SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } static void test_wolfSSL_DH_check(void) { #if !defined(NO_DH) && !defined(NO_DSA) #ifndef NO_BIO byte buf[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; BIO* bio; DSA* dsa; DH* dh = NULL; WOLFSSL_BIGNUM* pTmp = NULL; WOLFSSL_BIGNUM* gTmp = NULL; int codes = -1; printf(testingFmt, "wolfSSL_DH_check"); /* Initialize DH */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); AssertNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); /* Test assumed to be valid dh. * Should return WOLFSSL_SUCCESS * codes should be 0 * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME} */ AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_SUCCESS); AssertIntEQ(codes, 0); /* Test NULL dh: expected BAD_FUNC_ARG */ AssertIntEQ(wolfSSL_DH_check(NULL, &codes), WOLFSSL_FAILURE); /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */ pTmp = dh->p; dh->p = NULL; AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE); AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME); /* set dh->p back to normal so it wont fail on next tests */ dh->p = pTmp; pTmp = NULL; /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */ gTmp = dh->g; dh->g = NULL; AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE); AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR); dh->g = gTmp; gTmp = NULL; /* Cleanup and Pass Test */ BIO_free(bio); DSA_free(dsa); DH_free(dh); printf(resultFmt, passed); #endif #endif /* !NO_DH && !NO_DSA */ } static void test_wolfSSL_EVP_PKEY_assign(void) { #if defined(OPENSSL_ALL) int type; WOLFSSL_EVP_PKEY* pkey; #ifndef NO_RSA WOLFSSL_RSA* rsa; #endif #ifndef NO_DSA WOLFSSL_DSA* dsa; #endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecKey; #endif (void)pkey; printf(testingFmt, "wolfSSL_EVP_PKEY_assign"); #ifndef NO_RSA type = EVP_PKEY_RSA; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(rsa = wolfSSL_RSA_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); #endif /* NO_RSA */ #ifndef NO_DSA type = EVP_PKEY_DSA; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(dsa = wolfSSL_DSA_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); #endif /* NO_DSA */ #ifdef HAVE_ECC type = EVP_PKEY_EC; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); #endif /* HAVE_ECC */ (void)type; printf(resultFmt, passed); #endif /* OPENSSL_ALL */ } static void test_wolfSSL_EVP_PKEY_base_id(void) { #if defined(OPENSSL_ALL) WOLFSSL_EVP_PKEY* pkey; printf(testingFmt, "wolfSSL_EVP_PKEY_base_id"); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef); AssertIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_id(void) { #if defined(OPENSSL_ALL) WOLFSSL_EVP_PKEY* pkey; printf(testingFmt, "wolfSSL_EVP_PKEY_id"); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0); AssertIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_keygen(void) { #if defined(OPENSSL_ALL) WOLFSSL_EVP_PKEY* pkey; EVP_PKEY_CTX *ctx; printf(testingFmt, "wolfSSL_EVP_PKEY_keygen"); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); /* Bad cases */ AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG); /* Good case */ AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_keygen_init(void) { #if defined(OPENSSL_ALL) WOLFSSL_EVP_PKEY* pkey; EVP_PKEY_CTX *ctx; printf(testingFmt, "wolfSSL_EVP_PKEY_keygen_init"); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_missing_parameters(void) { #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) WOLFSSL_EVP_PKEY* pkey; printf(testingFmt, "wolfSSL_EVP_PKEY_missing_parameters"); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void) { #if defined(OPENSSL_ALL) WOLFSSL_EVP_PKEY* pkey; EVP_PKEY_CTX *ctx; int bits = 2048; printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits"); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits), WOLFSSL_SUCCESS); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_CIPHER_CTX_iv_length(void) { #if defined(OPENSSL_ALL) /* This is large enough to be used for all key sizes */ byte key[AES_256_KEY_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; int i, enumlen; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *init; int enumArray[] = { #ifdef HAVE_AES_CBC NID_aes_128_cbc, #endif #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM NID_aes_128_gcm, #endif #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER NID_aes_128_ctr, #endif #ifndef NO_DES3 NID_des_cbc, NID_des_ede3_cbc, #endif #ifdef HAVE_IDEA NID_idea_cbc, #endif }; int iv_lengths[] = { #ifdef HAVE_AES_CBC AES_BLOCK_SIZE, #endif #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM GCM_NONCE_MID_SZ, #endif #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER AES_BLOCK_SIZE, #endif #ifndef NO_DES3 DES_BLOCK_SIZE, DES_BLOCK_SIZE, #endif #ifdef HAVE_IDEA IDEA_BLOCK_SIZE, #endif }; printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_iv_length"); enumlen = (sizeof(enumArray)/sizeof(int)); for(i = 0; i < enumlen; i++) { ctx = EVP_CIPHER_CTX_new(); init = wolfSSL_EVP_get_cipherbynid(enumArray[i]); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]); EVP_CIPHER_CTX_free(ctx); } printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_CIPHER_CTX_key_length(void) { #if defined(OPENSSL_ALL) && !defined(NO_DES3) byte key[AES_256_KEY_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_des_ede3_cbc(); printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_key_length"); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), 24); EVP_CIPHER_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_CIPHER_CTX_set_key_length(void) { #if defined(OPENSSL_ALL) && !defined(NO_DES3) byte key[AES_256_KEY_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; int keylen; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_des_ede3_cbc(); printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_key_length"); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); keylen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen), WOLFSSL_SUCCESS); EVP_CIPHER_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_CIPHER_CTX_set_iv(void) { #if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(NO_DES3) byte key[DES3_KEY_SIZE] = {0}; byte iv[DES_BLOCK_SIZE] = {0}; int ivLen, keyLen; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_des_ede3_cbc(); printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_iv"); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx); /* Bad cases */ AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), WOLFSSL_FAILURE); /* Good case */ AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1); EVP_CIPHER_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_CTX_new_id(void) { #if defined(OPENSSL_ALL) WOLFSSL_ENGINE* e = NULL; int id = 0; EVP_PKEY_CTX *ctx; printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_new_id"); AssertNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e)); EVP_PKEY_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_rc4(void) { #if defined(OPENSSL_ALL) && !defined(NO_RC4) printf(testingFmt, "wolfSSL_EVP_rc4"); AssertNotNull(wolfSSL_EVP_rc4()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_enc_null(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "wolfSSL_EVP_enc_null"); AssertNotNull(wolfSSL_EVP_enc_null()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_rc2_cbc(void) { #if defined(OPENSSL_ALL) && defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) printf(testingFmt, "wolfSSL_EVP_rc2_cbc"); AssertNull(wolfSSL_EVP_rc2_cbc()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_mdc2(void) { #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) printf(testingFmt, "wolfSSL_EVP_mdc2"); AssertNull(wolfSSL_EVP_mdc2()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_md4(void) { #if defined(OPENSSL_ALL) && !defined(NO_MD4) printf(testingFmt, "wolfSSL_EVP_md4"); AssertNotNull(wolfSSL_EVP_md4()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_aes_256_gcm(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "wolfSSL_EVP_aes_256_gcm"); AssertNotNull(wolfSSL_EVP_aes_256_gcm()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_aes_192_gcm(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "wolfSSL_EVP_aes_192_gcm"); AssertNotNull(wolfSSL_EVP_aes_192_gcm()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_ripemd160(void) { #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) printf(testingFmt, "wolfSSL_EVP_ripemd160"); AssertNull(wolfSSL_EVP_ripemd160()); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_get_digestbynid(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "wolfSSL_EVP_get_digestbynid"); #ifndef NO_MD5 AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); #endif AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); AssertNull(wolfSSL_EVP_get_digestbynid(0)); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_MD_nid(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "wolfSSL_EVP_MD_nid"); #ifndef NO_MD5 AssertIntEQ(EVP_MD_nid(EVP_md5()), NID_md5); #endif #ifndef NO_SHA AssertIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1); #endif #ifndef NO_SHA256 AssertIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256); #endif AssertIntEQ(EVP_MD_nid(NULL), NID_undef); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_get0_EC_KEY(void) { #if defined(HAVE_ECC) && defined(OPENSSL_ALL) WOLFSSL_EVP_PKEY* pkey; printf(testingFmt, "wolfSSL_EVP_PKEY_get0_EC_KEY"); AssertNotNull(pkey = EVP_PKEY_new()); AssertNull(EVP_PKEY_get0_EC_KEY(pkey)); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_X_STATE(void) { #if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4) byte key[DES3_KEY_SIZE] = {0}; byte iv[DES_IV_SIZE] = {0}; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *init; printf(testingFmt, "wolfSSL_EVP_X_STATE"); /* Bad test cases */ ctx = EVP_CIPHER_CTX_new(); init = EVP_des_ede3_cbc(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertNull(wolfSSL_EVP_X_STATE(NULL)); AssertNull(wolfSSL_EVP_X_STATE(ctx)); EVP_CIPHER_CTX_free(ctx); /* Good test case */ ctx = EVP_CIPHER_CTX_new(); init = wolfSSL_EVP_rc4(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertNotNull(wolfSSL_EVP_X_STATE(ctx)); EVP_CIPHER_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_X_STATE_LEN(void) { #if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4) byte key[DES3_KEY_SIZE] = {0}; byte iv[DES_IV_SIZE] = {0}; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *init; printf(testingFmt, "wolfSSL_EVP_X_STATE_LEN"); /* Bad test cases */ ctx = EVP_CIPHER_CTX_new(); init = EVP_des_ede3_cbc(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0); AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0); EVP_CIPHER_CTX_free(ctx); /* Good test case */ ctx = EVP_CIPHER_CTX_new(); init = wolfSSL_EVP_rc4(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4)); EVP_CIPHER_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_CIPHER_block_size(void) { #if defined(OPENSSL_ALL) #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE); #endif #endif #ifdef HAVE_AES_GCM #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1); #endif #endif #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1); #endif #endif #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE); #endif #endif #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1); #endif #endif #ifndef NO_RC4 AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1); #endif #endif /* OPENSSL_ALL */ } static void test_wolfSSL_EVP_CIPHER_iv_length(void) { #if defined(OPENSSL_ALL) int i, enumlen; int enumArray[] = { #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 NID_aes_128_cbc, #endif #ifdef WOLFSSL_AES_192 NID_aes_192_cbc, #endif #ifdef WOLFSSL_AES_256 NID_aes_256_cbc, #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 NID_aes_128_gcm, #endif #ifdef WOLFSSL_AES_192 NID_aes_192_gcm, #endif #ifdef WOLFSSL_AES_256 NID_aes_256_gcm, #endif #endif /* HAVE_AESGCM */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 NID_aes_128_ctr, #endif #ifdef WOLFSSL_AES_192 NID_aes_192_ctr, #endif #ifdef WOLFSSL_AES_256 NID_aes_256_ctr, #endif #endif #ifndef NO_DES3 NID_des_cbc, NID_des_ede3_cbc, #endif #ifdef HAVE_IDEA NID_idea_cbc, #endif }; int iv_lengths[] = { #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_192 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_256 AES_BLOCK_SIZE, #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 GCM_NONCE_MID_SZ, #endif #ifdef WOLFSSL_AES_192 GCM_NONCE_MID_SZ, #endif #ifdef WOLFSSL_AES_256 GCM_NONCE_MID_SZ, #endif #endif /* HAVE_AESGCM */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_192 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_256 AES_BLOCK_SIZE, #endif #endif #ifndef NO_DES3 DES_BLOCK_SIZE, DES_BLOCK_SIZE, #endif #ifdef HAVE_IDEA IDEA_BLOCK_SIZE, #endif }; printf(testingFmt, "wolfSSL_EVP_CIPHER_iv_length"); enumlen = (sizeof(enumArray)/sizeof(int)); for(i = 0; i < enumlen; i++) { const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]); AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]); } printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_SignInit_ex(void) { #if defined(OPENSSL_ALL) WOLFSSL_EVP_MD_CTX mdCtx; WOLFSSL_ENGINE* e = 0; const EVP_MD* md; md = "SHA256"; printf(testingFmt, "wolfSSL_EVP_SignInit_ex"); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_DigestFinal_ex(void) { #if defined(OPENSSL_ALL) && !defined(NO_SHA256) WOLFSSL_EVP_MD_CTX mdCtx; unsigned int s = 0; unsigned char md[WC_SHA256_DIGEST_SIZE]; unsigned char md2[WC_SHA256_DIGEST_SIZE]; printf(testingFmt, "wolfSSL_EVP_DigestFinal_ex"); /* Bad Case */ #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #else wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); #endif /* Good Case */ wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_assign_DH(void) { #if defined(OPENSSL_ALL) && !defined(NO_DH) && \ !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) FILE* f = NULL; unsigned char buf[4096]; const unsigned char* pt = buf; const char* params1 = "./certs/dh2048.der"; long len = 0; WOLFSSL_DH* dh = NULL; WOLFSSL_EVP_PKEY* pkey; XMEMSET(buf, 0, sizeof(buf)); f = XFOPEN(params1, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); printf(testingFmt, "wolfSSL_EVP_PKEY_assign_DH"); AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); /* Bad cases */ AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE); /* Good case */ AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_QT_EVP_PKEY_CTX_free(void) { #if defined(OPENSSL_EXTRA) EVP_PKEY* pkey; EVP_PKEY_CTX* ctx; printf(testingFmt, "test_wolfSSL_QT_EVP_PKEY_CTX_free"); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L /* void */ EVP_PKEY_CTX_free(ctx); AssertTrue(1); #else /* int */ AssertIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS); #endif EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_param_check(void) { #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) DH *dh = NULL; DH *setDh = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX* ctx = NULL; FILE* f = NULL; unsigned char buf[512]; const unsigned char* pt = buf; const char* dh2048 = "./certs/dh2048.der"; long len = 0; int code = -1; printf(testingFmt, "test_wolfSSL_EVP_PKEY_param_check"); XMEMSET(buf, 0, sizeof(buf)); f = XFOPEN(dh2048, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Load dh2048.der into DH with internal format */ AssertNotNull(setDh = d2i_DHparams(NULL, &pt, len)); AssertIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS); AssertIntEQ(code, 0); code = -1; pkey = wolfSSL_EVP_PKEY_new(); /* Set DH into PKEY */ AssertIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); /* create ctx from pkey */ AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */); /* */ /* TO DO invlaid case */ /* */ EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); DH_free(setDh); DH_free(dh); printf(resultFmt, passed); #endif #endif } static void test_wolfSSL_EVP_BytesToKey(void) { #if defined(OPENSSL_ALL) && !defined(NO_AES) && defined(HAVE_AES_CBC) byte key[AES_BLOCK_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; int sz = 5; int count = 0; const EVP_MD* md; md = "SHA256"; const EVP_CIPHER *type; const unsigned char *salt = (unsigned char *)"salt1234"; const byte data[] = { 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc); printf(testingFmt, "EVP_BytesToKey"); /* Bad cases */ AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), 0); AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), 16); md = "2"; AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), WOLFSSL_FAILURE); /* Good case */ md = "SHA256"; AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), 16); printf(resultFmt, passed); #endif } static void test_IncCtr(void) { #if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(HAVE_FIPS) byte key[AES_128_KEY_SIZE] = {0}; byte iv[GCM_NONCE_MID_SZ] = {0}; int type = EVP_CTRL_GCM_IV_GEN; int arg = 0; void *ptr = NULL; printf(testingFmt, "IncCtr"); EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_aes_128_gcm(); AssertNotNull(ctx); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_ctrl(ctx, type, arg, ptr), WOLFSSL_SUCCESS); EVP_CIPHER_CTX_free(ctx); printf(resultFmt, passed); #endif } static void test_wolfSSL_OBJ_ln(void) { const int nid_set[] = { NID_commonName, NID_serialNumber, NID_countryName, NID_localityName, NID_stateOrProvinceName, NID_organizationName, NID_organizationalUnitName, NID_domainComponent, NID_businessCategory, NID_jurisdictionCountryName, NID_jurisdictionStateOrProvinceName, NID_emailAddress }; const char* ln_set[] = { "commonName", "serialNumber", "countryName", "localityName", "stateOrProvinceName", "organizationName", "organizationalUnitName", "domainComponent", "businessCategory", "jurisdictionCountryName", "jurisdictionStateOrProvinceName", "emailAddress", }; size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*); printf(testingFmt, "wolfSSL_OBJ_ln"); AssertIntEQ(OBJ_ln2nid(NULL), NID_undef); #ifdef HAVE_ECC #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) { size_t nCurves = 27; EC_builtin_curve r[nCurves]; nCurves = EC_get_builtin_curves(r,nCurves); for (i = 0; i < nCurves; i++) { /* skip ECC_CURVE_INVALID */ if (r[i].nid != ECC_CURVE_INVALID) { AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment); } } } #endif #endif for (i = 0; i < maxIdx; i++) { AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]); AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]); } printf(resultFmt, passed); } static void test_wolfSSL_OBJ_sn(void) { int i = 0, maxIdx = 7; const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName, NID_stateOrProvinceName,NID_organizationName, NID_organizationalUnitName,NID_emailAddress}; const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"}; const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME, WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME, WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME, WOLFSSL_EMAIL_ADDR}; printf(testingFmt, "wolfSSL_OBJ_sn"); AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef); for (i = 0; i < maxIdx; i++) { AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]); AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]); } printf(resultFmt, passed); } #if !defined(NO_BIO) static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s) { return lh_strhash(s[3]); } static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b) { return XSTRCMP(a[3], b[3]); } #endif static void test_wolfSSL_TXT_DB(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_BIO) BIO *bio; TXT_DB *db = NULL; const int columns = 6; const char *fields[6] = { "V", "320926161116Z", "", "12BD", "unknown", "/CN=rsa doe", }; char** fields_copy; printf(testingFmt, "wolfSSL_TXT_DB"); /* Test read */ AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0); AssertNotNull(db = TXT_DB_read(bio, columns)); AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL, DYNAMIC_TYPE_OPENSSL)); XMEMCPY(fields_copy, fields, sizeof(fields)); AssertIntEQ(TXT_DB_insert(db, fields_copy), 1); BIO_free(bio); /* Test write */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(TXT_DB_write(bio, db), 1484); BIO_free(bio); /* Test index */ AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash, (wolf_sk_compare_cb)TXT_DB_cmp), 1); AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); fields[3] = "12DA"; AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); fields[3] = "FFFF"; AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); fields[3] = ""; AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); TXT_DB_free(db); printf(resultFmt, passed); #endif } static void test_wolfSSL_NCONF(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_BIO) const char* confFile = "./tests/NCONF_test.cnf"; CONF* conf = NULL; long eline = 0; long num = 0; printf(testingFmt, "wolfSSL_NCONF"); AssertNotNull(conf = NCONF_new(NULL)); AssertIntEQ(NCONF_load(conf, confFile, &eline), 1); AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1); AssertIntEQ(num, 1234); AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1); AssertIntEQ(num, 4321); AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir"); AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"), "./test-dir/file1"); AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"), "./test-dir/file1:./test-dir/file2:./section1:file2"); NCONF_free(conf); printf(resultFmt, passed); #endif } #endif /* OPENSSL_ALL */ static void test_wolfSSL_EC_KEY_set_group(void) { #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \ defined(OPENSSL_EXTRA) EC_KEY *key = NULL; EC_GROUP *group = NULL; const EC_GROUP *group2 = NULL; printf(testingFmt, "wolfSSL_EC_KEY_dup()"); AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(key = EC_KEY_new()); AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS); AssertNotNull(group2 = EC_KEY_get0_group(key)); AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0); EC_GROUP_free(group); EC_KEY_free(key); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509V3_EXT_get(void) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* f; int numOfExt =0; int extNid = 0; int i = 0; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; const WOLFSSL_v3_ext_method* method; AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); printf(testingFmt, "wolfSSL_X509V3_EXT_get() return struct and nid test"); AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); for (i = 0; i < numOfExt; i++) { AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertIntNE((extNid = ext->obj->nid), NID_undef); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertIntEQ(method->ext_nid, extNid); } printf(resultFmt, "passed"); printf(testingFmt, "wolfSSL_X509V3_EXT_get() NULL argument test"); AssertNull(method = wolfSSL_X509V3_EXT_get(NULL)); printf(resultFmt, "passed"); wolfSSL_X509_free(x509); #endif } static void test_wolfSSL_X509V3_EXT_nconf(void) { #if defined (OPENSSL_ALL) const char *ext_names[] = { "subjectKeyIdentifier", "authorityKeyIdentifier", "subjectAltName", "keyUsage", }; size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names); int ext_nids[] = { NID_subject_key_identifier, NID_authority_key_identifier, NID_subject_alt_name, NID_key_usage, }; size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids); const char *ext_values[] = { "hash", "hash", "DNS:example.com, IP:127.0.0.1", "digitalSignature,keyEncipherment,dataEncipherment", }; size_t i; printf(testingFmt, "wolfSSL_X509V3_EXT_nconf()"); for (i = 0; i < ext_names_count; i++) { X509_EXTENSION* ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], ext_values[i]); AssertNotNull(ext); X509_EXTENSION_free(ext); } for (i = 0; i < ext_nids_count; i++) { X509_EXTENSION* ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], ext_values[i]); AssertNotNull(ext); X509_EXTENSION_free(ext); } printf(resultFmt, "passed"); #endif } static void test_wolfSSL_X509V3_EXT(void) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* f; int numOfExt = 0, nid = 0, i = 0, expected, actual; char* str; unsigned char* data; const WOLFSSL_v3_ext_method* method; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_X509_EXTENSION* ext2; WOLFSSL_ASN1_OBJECT *obj, *adObj; WOLFSSL_ASN1_STRING* asn1str; WOLFSSL_AUTHORITY_KEYID* aKeyId; WOLFSSL_AUTHORITY_INFO_ACCESS* aia; WOLFSSL_BASIC_CONSTRAINTS* bc; WOLFSSL_ACCESS_DESCRIPTION* ad; WOLFSSL_GENERAL_NAME* gn; printf(testingFmt, "wolfSSL_X509V3_EXT_d2i()"); /* Check NULL argument */ AssertNull(wolfSSL_X509V3_EXT_d2i(NULL)); /* Using OCSP cert with X509V3 extensions */ AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); /* Basic Constraints */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints); AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); AssertIntEQ(bc->ca, 1); AssertNull(bc->pathlen); wolfSSL_BASIC_CONSTRAINTS_free(bc); i++; /* Subject Key Identifier */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, asn1str)); X509_EXTENSION_free(ext2); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertNotNull(method->i2s); AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); wolfSSL_ASN1_STRING_free(asn1str); actual = strcmp(str, "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); AssertIntEQ(actual, 0); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); i++; /* Authority Key Identifier */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier); AssertNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext)); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertNotNull(asn1str = aKeyId->keyid); AssertNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str)); actual = strcmp(str, "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); AssertIntEQ(actual, 0); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_AUTHORITY_KEYID_free(aKeyId); i++; /* Key Usage */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage); AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); #if defined(WOLFSSL_QT) AssertNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str)); #else AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str)); #endif expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; #ifdef BIG_ENDIAN_ORDER actual = data[1]; #else actual = data[0]; #endif AssertIntEQ(actual, expected); wolfSSL_ASN1_STRING_free(asn1str); #if 1 i++; /* Authority Info Access */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access); AssertNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext)); #if defined(WOLFSSL_QT) AssertIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ #else AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ #endif /* URI entry is an ACCESS_DESCRIPTION type */ #if defined(WOLFSSL_QT) AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0)); #else AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0)); #endif AssertNotNull(adObj = ad->method); /* Make sure nid is OCSP */ AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP); /* GENERAL_NAME stores URI as an ASN1_STRING */ AssertNotNull(gn = ad->location); AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */ AssertNotNull(asn1str = gn->d.uniformResourceIdentifier); AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22); #if defined(WOLFSSL_QT) str = (char*)ASN1_STRING_get0_data(asn1str); #else str = (char*)wolfSSL_ASN1_STRING_data(asn1str); #endif actual = strcmp(str, "http://127.0.0.1:22220"); AssertIntEQ(actual, 0); wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); #else (void) aia; (void) ad; (void) adObj; (void) gn; #endif wolfSSL_X509_free(x509); printf(resultFmt, "passed"); #endif } static void test_wolfSSL_X509_get_extension_flags(void) { #ifdef OPENSSL_ALL XFILE f; X509* x509; unsigned int extFlags; unsigned int keyUsageFlags; unsigned int extKeyUsageFlags; printf(testingFmt, "test_wolfSSL_X509_get_extension_flags"); /* client-int-cert.pem has the following extension flags. */ extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; /* and the following key usage flags. */ keyUsageFlags = KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT; /* and the following extended key usage flags. */ extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb"); AssertTrue(f != XBADFILE); AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); XFCLOSE(f); AssertIntEQ(X509_get_extension_flags(x509), extFlags); AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags); AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); X509_free(x509); /* client-cert-ext.pem has the following extension flags. */ extFlags = EXFLAG_KUSAGE; /* and the following key usage flags. */ keyUsageFlags = KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN | KU_CRL_SIGN; AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb")); AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); XFCLOSE(f); AssertIntEQ(X509_get_extension_flags(x509), extFlags); AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags); X509_free(x509); printf(resultFmt, passed); #endif /* OPENSSL_ALL */ } static void test_wolfSSL_X509_get_ext(void){ #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) int ret = 0; FILE* f; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* foundExtension; AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); printf(testingFmt, "wolfSSL_X509_get_ext() valid input"); AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0)); printf(resultFmt, "passed"); printf(testingFmt, "wolfSSL_X509_get_ext() valid x509, idx out of bounds"); AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1)); AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100)); printf(resultFmt, "passed"); printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, idx out of bounds"); AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1)); AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100)); printf(resultFmt, "passed"); printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, valid idx"); AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0)); printf(resultFmt, "passed"); wolfSSL_X509_free(x509); #endif } static void test_wolfSSL_X509_get_ext_by_NID(void) { #if defined(OPENSSL_ALL) && !defined(NO_RSA) int rc; FILE* f; WOLFSSL_X509* x509; AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1); AssertIntGE(rc, 0); /* Start search from last location (should fail) */ rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc); AssertIntGE(rc, -1); rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2); AssertIntGE(rc, -1); rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1); AssertIntEQ(rc, -1); rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1); AssertIntEQ(rc, -1); wolfSSL_X509_free(x509); #endif } static void test_wolfSSL_X509_get_ext_subj_alt_name(void) { #if defined(OPENSSL_ALL) && !defined(NO_RSA) int rc; XFILE f; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_STRING* sanString; byte* sanDer; const byte expectedDer[] = { 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01}; printf(testingFmt, "test_wolfSSL_X509_get_ext_subj_alt_name"); f = XFOPEN("./certs/server-cert.pem", "rb"); AssertTrue(f != XBADFILE); AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1); AssertIntNE(rc, -1); AssertNotNull(ext = X509_get_ext(x509, rc)); AssertNotNull(sanString = X509_EXTENSION_get_data(ext)); AssertIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer)); AssertNotNull(sanDer = ASN1_STRING_data(sanString)); AssertIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_EXTENSION_new(void) { #if defined (OPENSSL_ALL) WOLFSSL_X509_EXTENSION* ext; AssertNotNull(ext = wolfSSL_X509_EXTENSION_new()); AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new()); ext->obj->nid = WOLFSSL_SUCCESS; AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid); wolfSSL_X509_EXTENSION_free(ext); #endif } static void test_wolfSSL_X509_EXTENSION_get_object(void) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_OBJECT* o; FILE* file; int nid = 0; AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() testing ext idx 0"); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ(o->nid, 128); nid = o->nid; printf(resultFmt, nid == 128 ? passed : failed); printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() NULL argument"); AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL)); printf(resultFmt, passed); wolfSSL_X509_free(x509); #endif } static void test_wolfSSL_X509_EXTENSION_get_data(void) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_STRING* str; FILE* file; printf(testingFmt, "wolfSSL_X509_EXTENSION_get_data"); AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); printf(resultFmt, passed); wolfSSL_X509_free(x509); #endif } static void test_wolfSSL_X509_EXTENSION_get_critical(void) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; FILE* file; int crit; printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical"); AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); crit = wolfSSL_X509_EXTENSION_get_critical(ext); AssertIntEQ(crit, 0); printf(resultFmt, passed); wolfSSL_X509_free(x509); #endif } static void test_wolfSSL_X509V3_EXT_print(void) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ !defined(NO_RSA) printf(testingFmt, "wolfSSL_X509V3_EXT_print"); { FILE* f; WOLFSSL_X509* x509; X509_EXTENSION * ext = NULL; int loc; BIO *bio = NULL; AssertNotNull(f = fopen(svrCertFile, "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem())); loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1); AssertIntGT(loc, -1); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1); AssertIntGT(loc, -1); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1); AssertIntGT(loc, -1); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); wolfSSL_BIO_free(bio); wolfSSL_X509_free(x509); } { X509 *x509; BIO *bio; X509_EXTENSION *ext; unsigned int i; unsigned int idx; /* Some NIDs to test with */ int nids[] = { /* NID_key_usage, currently X509_get_ext returns this as a bit * string, which messes up X509V3_EXT_print */ /* NID_ext_key_usage, */ NID_subject_alt_name, }; int* n; AssertNotNull(bio = BIO_new_fp(stdout, BIO_NOCLOSE)); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM)); printf("\nPrinting extension values:\n"); for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) { /* X509_get_ext_by_NID should return 3 for now. If that changes then * update the index */ AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); AssertNotNull(ext = X509_get_ext(x509, idx)); AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); printf("\n"); } BIO_free(bio); X509_free(x509); } printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_cmp(void) { #if defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* file1; FILE* file2; WOLFSSL_X509* cert1; WOLFSSL_X509* cert2; int ret = 0; AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb")); AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb")); AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL)); fclose(file1); fclose(file2); printf(testingFmt, "wolfSSL_X509_cmp() testing matching certs"); ret = wolfSSL_X509_cmp(cert1, cert1); AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1)); printf(resultFmt, ret == 0 ? passed : failed); printf(testingFmt, "wolfSSL_X509_cmp() testing mismatched certs"); ret = wolfSSL_X509_cmp(cert1, cert2); AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2)); printf(resultFmt, ret == -1 ? passed : failed); printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, valid args"); ret = wolfSSL_X509_cmp(NULL, cert2); AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2)); printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed); printf(testingFmt, "wolfSSL_X509_cmp() testing valid, NULL args"); ret = wolfSSL_X509_cmp(cert1, NULL); AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL)); printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed); printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, NULL args"); ret = wolfSSL_X509_cmp(NULL, NULL); AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL)); printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed); wolfSSL_X509_free(cert1); wolfSSL_X509_free(cert2); #endif } static void test_wolfSSL_PKEY_up_ref(void) { #if defined(OPENSSL_ALL) EVP_PKEY* pkey; printf(testingFmt, "wolfSSL_PKEY_up_ref()"); pkey = EVP_PKEY_new(); AssertIntEQ(EVP_PKEY_up_ref(NULL), 0); AssertIntEQ(EVP_PKEY_up_ref(pkey), 1); EVP_PKEY_free(pkey); AssertIntEQ(EVP_PKEY_up_ref(pkey), 1); EVP_PKEY_free(pkey); EVP_PKEY_free(pkey); printf(resultFmt, "passed"); #endif } static void test_wolfSSL_d2i_and_i2d_PublicKey(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) EVP_PKEY* pkey; const unsigned char* p; unsigned char* der = NULL; int derLen; printf(testingFmt, "test_wolfSSL_d2i_and_i2d_PublicKey()"); p = client_keypub_der_2048; /* Check that key can be successfully decoded. */ AssertNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p, sizeof_client_keypub_der_2048)); /* Check that key can be successfully encoded. */ AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0); /* Ensure that the encoded version matches the original. */ AssertIntEQ(derLen, sizeof_client_keypub_der_2048); AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_wolfSSL_d2i_and_i2d_DSAparams(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DSA) DSA* dsa; char file[] = "./certs/dsaparams.der"; XFILE f; int derInLen; byte* derIn; int derOutLen; byte* derOut = NULL; printf(testingFmt, "test_wolfSSL_d2i_and_i2d_DSAparams()"); f = XFOPEN(file, "rb"); AssertTrue(f != XBADFILE); AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); derInLen = (int)XFTELL(f); XREWIND(f); AssertNotNull(derIn = (byte*)XMALLOC(derInLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ(XFREAD(derIn, 1, derInLen, f), derInLen); XFCLOSE(f); /* Check that params can be successfully decoded. */ AssertNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&derIn, derInLen)); /* Check that params can be successfully encoded. */ AssertIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0); /* Ensure that the encoded version matches the original. */ AssertIntEQ(derInLen, derOutLen); AssertIntEQ(XMEMCMP(derIn, derOut, derInLen), 0); XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); DSA_free(dsa); printf(resultFmt, passed); #endif } static void test_wolfSSL_i2d_PrivateKey(void) { #if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED) printf(testingFmt, "wolfSSL_i2d_PrivateKey()"); #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) { EVP_PKEY* pkey; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; unsigned char buf[FOURK_BUF]; unsigned char* pt = NULL; int bufSz; AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193); pt = buf; AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193); AssertIntNE((pt - buf), 0); AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0); EVP_PKEY_free(pkey); } #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) { EVP_PKEY* pkey; const unsigned char* client_key = (const unsigned char*)ecc_clikey_der_256; unsigned char buf[FOURK_BUF]; unsigned char* pt = NULL; int bufSz; AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key, sizeof_ecc_clikey_der_256))); AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121); pt = buf; AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121); AssertIntNE((pt - buf), 0); AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0); EVP_PKEY_free(pkey); } #endif printf(resultFmt, "passed"); #endif } static void test_wolfSSL_OCSP_id_get0_info(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509* cert; X509* issuer; OCSP_CERTID* id; OCSP_CERTID* id2; ASN1_STRING* name = NULL; ASN1_OBJECT* pmd = NULL; ASN1_STRING* keyHash = NULL; ASN1_INTEGER* serial = NULL; ASN1_INTEGER* x509Int; printf(testingFmt, "wolfSSL_OCSP_id_get0_info()"); AssertNotNull(cert = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertNotNull(issuer = wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)); id = OCSP_cert_to_id(NULL, cert, issuer); AssertNotNull(id); id2 = OCSP_cert_to_id(NULL, cert, issuer); AssertNotNull(id2); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1); /* name, pmd, keyHash not supported yet, expect failure if not NULL */ AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0); AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1); AssertNotNull(serial); /* compare serial number to one in cert, should be equal */ x509Int = X509_get_serialNumber(cert); AssertNotNull(x509Int); AssertIntEQ(x509Int->length, serial->length); AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0); /* test OCSP_id_cmp */ AssertIntNE(OCSP_id_cmp(NULL, NULL), 0); AssertIntNE(OCSP_id_cmp(id, NULL), 0); AssertIntNE(OCSP_id_cmp(NULL, id2), 0); AssertIntEQ(OCSP_id_cmp(id, id2), 0); id->issuerHash[0] = ~id->issuerHash[0]; AssertIntNE(OCSP_id_cmp(id, id2), 0); OCSP_CERTID_free(id); OCSP_CERTID_free(id2); X509_free(cert); /* free's x509Int */ X509_free(issuer); printf(resultFmt, "passed"); #endif } static void test_wolfSSL_i2d_OCSP_CERTID(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) WOLFSSL_OCSP_CERTID certId; byte* targetBuffer; byte* beginTargetBuffer; /* OCSP CertID bytes taken from PCAP */ byte rawCertId[] = { 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d, 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04, 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3, 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01, 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b, 0xcf, 0xbc, 0x91 }; int ret, i; printf(testingFmt, "wolfSSL_i2d_OCSP_CERTID()"); XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID)); certId.rawCertId = rawCertId; certId.rawCertIdSize = sizeof(rawCertId); targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, DYNAMIC_TYPE_TMP_BUFFER); beginTargetBuffer = targetBuffer; ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer); /* If target buffer is not null, function increments targetBuffer to point just past the end of the encoded data. */ AssertPtrEq(targetBuffer, (beginTargetBuffer + sizeof(rawCertId))); /* Function returns the size of the encoded data. */ AssertIntEQ(ret, sizeof(rawCertId)); for (i = 0; i < ret; ++i) { AssertIntEQ(beginTargetBuffer[i], rawCertId[i]); } XFREE(beginTargetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); targetBuffer = NULL; ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer); /* If target buffer is null, function allocates memory for a buffer and copies the encoded data into it. targetBuffer then points to the start of this newly allocate buffer. */ AssertIntEQ(ret, sizeof(rawCertId)); for (i = 0; i < ret; ++i) { AssertIntEQ(targetBuffer[i], rawCertId[i]); } XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); #endif } static void test_wolfSSL_OCSP_id_cmp(void) { #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) OCSP_CERTID id1; OCSP_CERTID id2; printf(testingFmt, "wolfSSL_OCSP_id_cmp()"); XMEMSET(&id1, 0, sizeof(id1)); XMEMSET(&id2, 0, sizeof(id2)); AssertIntEQ(OCSP_id_cmp(&id1, &id2), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_OCSP_SINGLERESP_get0_id(void) { #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_SINGLERESP single; const WOLFSSL_OCSP_CERTID* certId; XMEMSET(&single, 0, sizeof(single)); certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single); printf(testingFmt, "wolfSSL_OCSP_SINGLERESP_get0_id()"); AssertPtrEq(&single, certId); printf(resultFmt, passed); #endif } static void test_wolfSSL_OCSP_single_get0_status(void) { #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_SINGLERESP single; CertStatus certStatus; WOLFSSL_ASN1_TIME* thisDate; WOLFSSL_ASN1_TIME* nextDate; int ret, i; printf(testingFmt, "wolfSSL_OCSP_single_get0_status()"); XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); XMEMSET(&certStatus, 0, sizeof(CertStatus)); /* Fill the date fields with some dummy data. */ for (i = 0; i < CTC_DATE_SIZE; ++i) { certStatus.thisDateParsed.data[i] = i; certStatus.nextDateParsed.data[i] = i; } certStatus.status = CERT_GOOD; single.status = &certStatus; ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate, &nextDate); AssertIntEQ(ret, CERT_GOOD); AssertPtrEq(thisDate, &certStatus.thisDateParsed); AssertPtrEq(nextDate, &certStatus.nextDateParsed); printf(resultFmt, passed); #endif } static void test_wolfSSL_OCSP_resp_count(void) { #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; int count; printf(testingFmt, "wolfSSL_OCSP_resp_count()"); XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP)); XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); count = wolfSSL_OCSP_resp_count(&basicResp); AssertIntEQ(count, 0); basicResp.single = &singleRespOne; count = wolfSSL_OCSP_resp_count(&basicResp); AssertIntEQ(count, 1); singleRespOne.next = &singleRespTwo; count = wolfSSL_OCSP_resp_count(&basicResp); AssertIntEQ(count, 2); printf(resultFmt, passed); #endif } static void test_wolfSSL_OCSP_resp_get0(void) { #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; WOLFSSL_OCSP_SINGLERESP* ret; printf(testingFmt, "wolfSSL_OCSP_resp_get0()"); XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP)); XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); basicResp.single = &singleRespOne; singleRespOne.next = &singleRespTwo; ret = wolfSSL_OCSP_resp_get0(&basicResp, 0); AssertPtrEq(ret, &singleRespOne); ret = wolfSSL_OCSP_resp_get0(&basicResp, 1); AssertPtrEq(ret, &singleRespTwo); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_derive(void) { #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) #if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) printf(testingFmt, "wolfSSL_EVP_PKEY_derive()"); EVP_PKEY_CTX *ctx; unsigned char *skey; size_t skeylen; EVP_PKEY *pkey, *peerkey; const unsigned char* key; #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) /* DH */ key = dh_key_der_2048; AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, sizeof_dh_key_der_2048))); AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1); key = dh_key_der_2048; AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, sizeof_dh_key_der_2048))); AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_derive_init(ctx), 1); AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL)); AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(peerkey); EVP_PKEY_free(pkey); XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); #endif #ifdef HAVE_ECC /* ECDH */ key = ecc_clikey_der_256; AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key, sizeof_ecc_clikey_der_256))); key = ecc_clikeypub_der_256; AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key, sizeof_ecc_clikeypub_der_256))); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_derive_init(ctx), 1); AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL)); AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(peerkey); EVP_PKEY_free(pkey); XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); #endif /* HAVE_ECC */ printf(resultFmt, "passed"); #endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ } static void test_wolfSSL_EVP_PBE_scrypt(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5)) #if !defined(NO_PWDBASED) && !defined(NO_SHA256) int ret; const char pwd[] = {'p','a','s','s','w','o','r','d'}; int pwdlen = sizeof(pwd); const byte salt[] = {'N','a','C','l'}; int saltlen = sizeof(salt); byte key[80]; word64 numOvr32 = (word64)INT32_MAX + 1; /* expected derived key for N:16, r:1, p:1 */ const byte expectedKey[] = { 0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B, 0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A, 0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97, 0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6, 0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C, 0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53, 0xE7, 0xE9, 0xC0, 0x9A}; printf(testingFmt, "wolfSSL_EVP_PBE_scrypt()"); /* N r p mx key keylen */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* N must be greater than 1 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* N must be power of 2 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64); AssertIntEQ(ret, 0); /* r must be greater than 0 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64); AssertIntEQ(ret, 0); /* p must be greater than 0 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0); AssertIntEQ(ret, 0); /* keylen must be greater than 0 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64); AssertIntEQ(ret, 0); /* r must be smaller than 9 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64); AssertIntEQ(ret, 1); /* should succeed if key is NULL */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0, key, 64); AssertIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0, key, 64); AssertIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */ ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed even if salt is NULL */ ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/ ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/ ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */ ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); ret = XMEMCMP(expectedKey, key, sizeof(expectedKey)); AssertIntEQ(ret, 0); /* derived key must be the same as expected-key */ printf(resultFmt, "passed"); #endif /* !NO_PWDBASED && !NO_SHA256 */ #endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */ } #ifndef NO_RSA static void test_wolfSSL_RSA_padding_add_PKCS1_PSS(void) { #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) RSA *rsa; const unsigned char *derBuf = client_key_der_2048; unsigned char em[256] = {0}; /* len = 2048/8 */ /* Random data simulating a hash */ const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = { 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4, 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb, 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28 }; AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048)); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -1), 1); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -1), 1); RSA_free(rsa); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/ } #endif static void test_wolfSSL_RSA_sign_sha3(void) { #if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG) RSA *rsa; const unsigned char *derBuf = client_key_der_2048; unsigned char sigRet[256] = {0}; unsigned int sigLen = sizeof(sigRet); /* Random data simulating a hash */ const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = { 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4, 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb, 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28 }; printf(testingFmt, "wolfSSL_RSA_sign_sha3"); AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048)); AssertIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet, &sigLen, rsa), 1); RSA_free(rsa); printf(resultFmt, passed); #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/ #endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/ } static void test_wolfSSL_EC_get_builtin_curves(void) { #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) EC_builtin_curve* curves = NULL; size_t crv_len = 0; size_t i = 0; printf(testingFmt, "wolfSSL_EC_get_builtin_curves"); AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0); AssertNotNull(curves = (EC_builtin_curve*) XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len); for (i = 0; i < crv_len; i++) { if (curves[i].comment != NULL) AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment); } XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER); printf(resultFmt, passed); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */ } static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "no_op_functions()"); /* this makes sure wolfSSL can compile and run these no-op functions */ SSL_load_error_strings(); ENGINE_load_builtin_engines(); OpenSSL_add_all_ciphers(); AssertIntEQ(CRYPTO_malloc_init(), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_CRYPTO_memcmp(void) { #ifdef OPENSSL_EXTRA char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " "implementation of TLS/SSL for embedded devices to the cloud."; char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " "implementation of TLS/SSL for embedded devices to the cloud."; char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " "implementation of TLS/SSL for embedded devices to the cloud!"; AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0); AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0); #endif } /*----------------------------------------------------------------------------* | wolfCrypt ASN *----------------------------------------------------------------------------*/ static void test_wc_CreateEncryptedPKCS8Key(void) { #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \ && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) WC_RNG rng; byte* encKey = NULL; word32 encKeySz = 0; word32 decKeySz = 0; const char password[] = "Lorem ipsum dolor sit amet"; word32 passwordSz = (word32)XSTRLEN(password); word32 tradIdx = 0; printf(testingFmt, "test_wc_CreateEncryptedPKCS8Key"); AssertIntEQ(wc_InitRng(&rng), 0); /* Call with NULL for out buffer to get necessary length. */ AssertIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), LENGTH_ONLY_E); AssertNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Call with the allocated out buffer. */ AssertIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), 0); /* Decrypt the encrypted PKCS8 key we just made. */ AssertIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password, passwordSz)), 0); /* encKey now holds the decrypted key (decrypted in place). */ AssertIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0); /* Check that the decrypted key matches the key prior to encryption. */ AssertIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048, sizeof_server_key_der_2048), 0); if (encKey != NULL) XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); printf(resultFmt, passed); #endif } static void test_wc_GetPkcs8TraditionalOffset(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8) int length, derSz; word32 inOutIdx; const char* path = "./certs/server-keyPkcs8.der"; XFILE file; byte der[2048]; printf(testingFmt, "wc_GetPkcs8TraditionalOffset"); file = XFOPEN(path, "rb"); AssertTrue(file != XBADFILE); derSz = (int)XFREAD(der, 1, sizeof(der), file); XFCLOSE(file); /* valid case */ inOutIdx = 0; length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz); AssertIntGT(length, 0); /* inOutIdx > sz */ inOutIdx = 4000; length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz); AssertIntEQ(length, BAD_FUNC_ARG); /* null input */ inOutIdx = 0; length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0); AssertIntEQ(length, BAD_FUNC_ARG); /* invalid input, fill buffer with 1's */ XMEMSET(der, 1, sizeof(der)); inOutIdx = 0; length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz); AssertIntEQ(length, ASN_PARSE_E); printf(resultFmt, passed); #endif /* NO_ASN */ } static void test_wc_SetSubjectRaw(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509; int peerCertSz; const byte* peerCertBuf; Cert forgedCert; printf(testingFmt, "test_wc_SetSubjectRaw()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); AssertIntEQ(0, wc_InitCert(&forgedCert)); AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz)); wolfSSL_FreeX509(x509); printf(resultFmt, passed); #endif } static void test_wc_GetSubjectRaw(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) Cert cert; byte *subjectRaw; printf(testingFmt, "test_wc_GetSubjectRaw()"); AssertIntEQ(0, wc_InitCert(&cert)); AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert)); printf(resultFmt, passed); #endif } static void test_wc_SetIssuerRaw(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509; int peerCertSz; const byte* peerCertBuf; Cert forgedCert; printf(testingFmt, "test_wc_SetIssuerRaw()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); AssertIntEQ(0, wc_InitCert(&forgedCert)); AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz)); wolfSSL_FreeX509(x509); printf(resultFmt, passed); #endif } static void test_wc_SetIssueBuffer(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509; int peerCertSz; const byte* peerCertBuf; Cert forgedCert; printf(testingFmt, "test_wc_SetIssuerBuffer()"); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); AssertIntEQ(0, wc_InitCert(&forgedCert)); AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz)); wolfSSL_FreeX509(x509); printf(resultFmt, passed); #endif } /* * Testing wc_SetSubjectKeyId */ static void test_wc_SetSubjectKeyId(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) Cert cert; const char* file = "certs/ecc-client-keyPub.pem"; printf(testingFmt, "wc_SetSubjectKeyId()"); AssertIntEQ(0, wc_InitCert(&cert)); AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file)); AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file)); AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name")); printf(resultFmt, passed); #endif } /* END test_wc_SetSubjectKeyId */ /* * Testing wc_SetSubject */ static void test_wc_SetSubject(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) Cert cert; const char* file = "./certs/ca-ecc-cert.pem"; printf(testingFmt, "wc_SetSubject()"); AssertIntEQ(0, wc_InitCert(&cert)); AssertIntEQ(0, wc_SetSubject(&cert, file)); AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file)); AssertIntGT(0, wc_SetSubject(&cert, "badfile.name")); printf(resultFmt, passed); #endif } /* END test_wc_SetSubject */ static void test_CheckCertSignature(void) { #if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY) WOLFSSL_CERT_MANAGER* cm = NULL; #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) FILE* fp; byte cert[4096]; int certSz; #endif AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL)); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm)); #ifndef NO_RSA #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_1024, sizeof_ca_cert_der_1024, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(0, CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); #elif defined(USE_CERT_BUFFERS_2048) AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(0, CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); #endif #endif #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); #endif #if !defined(NO_FILESYSTEM) wolfSSL_CertManagerFree(cm); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); #ifndef NO_RSA AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb")); AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0); XFCLOSE(fp); AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL)); AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); #endif #ifdef HAVE_ECC AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb")); AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0); XFCLOSE(fp); AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-ecc-cert.pem", NULL)); AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); #endif #endif #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) (void)fp; (void)cert; (void)certSz; #endif wolfSSL_CertManagerFree(cm); #endif } /*----------------------------------------------------------------------------* | wolfCrypt ECC *----------------------------------------------------------------------------*/ static void test_wc_ecc_get_curve_size_from_name(void) { #ifdef HAVE_ECC int ret; printf(testingFmt, "wc_ecc_get_curve_size_from_name"); #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) ret = wc_ecc_get_curve_size_from_name("SECP256R1"); AssertIntEQ(ret, 32); #endif /* invalid case */ ret = wc_ecc_get_curve_size_from_name("BADCURVE"); AssertIntEQ(ret, -1); /* NULL input */ ret = wc_ecc_get_curve_size_from_name(NULL); AssertIntEQ(ret, BAD_FUNC_ARG); printf(resultFmt, passed); #endif /* HAVE_ECC */ } static void test_wc_ecc_get_curve_id_from_name(void) { #ifdef HAVE_ECC int id; printf(testingFmt, "wc_ecc_get_curve_id_from_name"); #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) id = wc_ecc_get_curve_id_from_name("SECP256R1"); AssertIntEQ(id, ECC_SECP256R1); #endif /* invalid case */ id = wc_ecc_get_curve_id_from_name("BADCURVE"); AssertIntEQ(id, -1); /* NULL input */ id = wc_ecc_get_curve_id_from_name(NULL); AssertIntEQ(id, BAD_FUNC_ARG); printf(resultFmt, passed); #endif /* HAVE_ECC */ } #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \ !defined(HAVE_SELFTEST) && \ !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)) static void test_wc_ecc_get_curve_id_from_dp_params(void) { int id; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) int curve_id; ecc_key* key; const ecc_set_type* params; int ret; #endif WOLFSSL_EC_KEY *ecKey = NULL; printf(testingFmt, "wc_ecc_get_curve_id_from_dp_params"); #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) id = wc_ecc_get_curve_id_from_name("SECP256R1"); AssertIntEQ(id, ECC_SECP256R1); ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); AssertNotNull(ecKey); ret = EC_KEY_generate_key(ecKey); if (ret == 0) { /* normal test */ key = (ecc_key*)ecKey->internal; params = key->dp; curve_id = wc_ecc_get_curve_id_from_dp_params(params); AssertIntEQ(curve_id, id); } #endif /* invalid case, NULL input*/ id = wc_ecc_get_curve_id_from_dp_params(NULL); AssertIntEQ(id, BAD_FUNC_ARG); wolfSSL_EC_KEY_free(ecKey); printf(resultFmt, passed); } #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ static void test_wc_ecc_get_curve_id_from_params(void) { #ifdef HAVE_ECC int id; const byte prime[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF }; const byte primeInvalid[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01 }; const byte Af[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC }; const byte Bf[] = { 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7, 0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC, 0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6, 0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B }; const byte order[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84, 0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51 }; const byte Gx[] = { 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47, 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2, 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0, 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96 }; const byte Gy[] = { 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B, 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16, 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE, 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5 }; int cofactor = 1; int fieldSize = 256; printf(testingFmt, "wc_ecc_get_curve_id_from_params"); #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, ECC_SECP256R1); #endif /* invalid case, fieldSize = 0 */ id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, ECC_CURVE_INVALID); /* invalid case, NULL prime */ id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, BAD_FUNC_ARG); /* invalid case, invalid prime */ id = wc_ecc_get_curve_id_from_params(fieldSize, primeInvalid, sizeof(primeInvalid), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, ECC_CURVE_INVALID); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_encrypt(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) WOLFSSL_RSA* rsa = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY_CTX* ctx = NULL; const char* in = "What is easy to do is easy not to do."; size_t inlen = XSTRLEN(in); size_t outEncLen = 0; byte* outEnc = NULL; byte* outDec = NULL; size_t outDecLen = 0; size_t rsaKeySz = 2048/8; /* Bytes */ #ifdef WC_RSA_NO_PADDING byte* inTmp = NULL; byte* outEncTmp = NULL; byte* outDecTmp = NULL; #endif printf(testingFmt, "wolfSSL_EVP_PKEY_encrypt()"); AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outEnc, 0, rsaKeySz); AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outDec, 0, rsaKeySz); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); /* Test pkey references count is decremented. pkey shouldn't be destroyed since ctx uses it.*/ AssertIntEQ(pkey->references, 2); EVP_PKEY_free(pkey); AssertIntEQ(pkey->references, 1); /* Encrypt data */ /* Check that we can get the required output buffer length by passing in a * NULL output buffer. */ AssertIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen, (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); AssertIntEQ(rsaKeySz, outEncLen); /* Now do the actual encryption. */ AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen, (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); /* Decrypt data */ AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); /* Check that we can get the required output buffer length by passing in a * NULL output buffer. */ AssertIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen), WOLFSSL_SUCCESS); AssertIntEQ(rsaKeySz, outDecLen); /* Now do the actual decryption. */ AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen), WOLFSSL_SUCCESS); AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0); #ifdef WC_RSA_NO_PADDING /* The input length must be the same size as the RSA key.*/ AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(inTmp, 9, rsaKeySz); AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outEncTmp, 0, rsaKeySz); AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outDecTmp, 0, rsaKeySz); AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen), WOLFSSL_SUCCESS); AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0); #endif EVP_PKEY_CTX_free(ctx); XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WC_RSA_NO_PADDING XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_PKEY_sign(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) WOLFSSL_RSA* rsa = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY_CTX* ctx = NULL; const char* in = "What is easy to do is easy not to do."; size_t inlen = XSTRLEN(in); byte hash[SHA256_DIGEST_LENGTH] = {0}; SHA256_CTX c; byte* sig = NULL; byte* sigVerify = NULL; size_t siglen = 0; size_t rsaKeySz = 2048/8; /* Bytes */ printf(testingFmt, "wolfSSL_EVP_PKEY_sign()"); sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertNotNull(sig); XMEMSET(sig, 0, rsaKeySz); AssertNotNull(sigVerify = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(sigVerify, 0, rsaKeySz); /* Generate hash */ SHA256_Init(&c); SHA256_Update(&c, in, inlen); SHA256_Final(hash, &c); #ifdef WOLFSSL_SMALL_STACK_CACHE /* workaround for small stack cache case */ wc_Sha256Free((wc_Sha256*)&c); #endif AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); /* Sign data */ AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); /* Verify signature. EVP_PKEY_verify() doesn't exist yet, so use RSA_public_decrypt(). */ AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify, rsa, RSA_PKCS1_PADDING), SHA256_DIGEST_LENGTH); AssertIntEQ(XMEMCMP(hash, sigVerify, SHA256_DIGEST_LENGTH), 0); /* error cases */ AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS); ctx->pkey->type = EVP_PKEY_RSA; AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen), WOLFSSL_SUCCESS); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(ctx); XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ printf(resultFmt, passed); #endif } static void test_EVP_PKEY_rsa(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) WOLFSSL_RSA* rsa; WOLFSSL_EVP_PKEY* pkey; AssertNotNull(rsa = wolfSSL_RSA_new()); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa); wolfSSL_EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif } static void test_EVP_PKEY_ec(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) WOLFSSL_EC_KEY* ecKey; WOLFSSL_EVP_PKEY* pkey; AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE); /* Should fail since ecKey is empty */ AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); printf(resultFmt, passed); #endif #endif } static void test_EVP_PKEY_cmp(void) { #if defined(OPENSSL_EXTRA) EVP_PKEY *a, *b; const unsigned char *in; printf(testingFmt, "wolfSSL_EVP_PKEY_cmp()"); #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) in = client_key_der_2048; AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &in, (long)sizeof_client_key_der_2048)); in = client_key_der_2048; AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &in, (long)sizeof_client_key_der_2048)); /* Test success case RSA */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(a, b), 1); #else AssertIntEQ(EVP_PKEY_cmp(a, b), 0); #endif /* WOLFSSL_ERROR_CODE_OPENSSL */ EVP_PKEY_free(b); EVP_PKEY_free(a); #endif #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) in = ecc_clikey_der_256; AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); in = ecc_clikey_der_256; AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); /* Test success case ECC */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(a, b), 1); #else AssertIntEQ(EVP_PKEY_cmp(a, b), 0); #endif /* WOLFSSL_ERROR_CODE_OPENSSL */ EVP_PKEY_free(b); EVP_PKEY_free(a); #endif /* Test failure cases */ #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \ defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) in = client_key_der_2048; AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &in, (long)sizeof_client_key_der_2048)); in = ecc_clikey_der_256; AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(a, b), -1); #else AssertIntNE(EVP_PKEY_cmp(a, b), 0); #endif /* WOLFSSL_ERROR_CODE_OPENSSL */ EVP_PKEY_free(b); EVP_PKEY_free(a); #endif /* invalid or empty failure cases */ a = EVP_PKEY_new(); b = EVP_PKEY_new(); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(NULL, NULL), 0); AssertIntEQ(EVP_PKEY_cmp(a, NULL), 0); AssertIntEQ(EVP_PKEY_cmp(NULL, b), 0); AssertIntEQ(EVP_PKEY_cmp(a, b), 0); #else AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0); AssertIntNE(EVP_PKEY_cmp(a, NULL), 0); AssertIntNE(EVP_PKEY_cmp(NULL, b), 0); AssertIntNE(EVP_PKEY_cmp(a, b), 0); #endif EVP_PKEY_free(b); EVP_PKEY_free(a); (void)in; printf(resultFmt, passed); #endif } static void test_ERR_load_crypto_strings(void) { #if defined(OPENSSL_ALL) ERR_load_crypto_strings(); printf(resultFmt, passed); #endif } #if defined(OPENSSL_ALL) && !defined(NO_CERTS) static void free_x509(X509* x) { AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1); } #endif static void test_sk_X509(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) STACK_OF(X509)* s; AssertNotNull(s = sk_X509_new()); AssertIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); AssertNotNull(s = sk_X509_new_null()); AssertIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); AssertNotNull(s = sk_X509_new()); sk_X509_push(s, (X509*)1); AssertIntEQ(sk_X509_num(s), 1); AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1); sk_X509_push(s, (X509*)2); AssertIntEQ(sk_X509_num(s), 2); AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1); AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1); sk_X509_push(s, (X509*)2); sk_X509_pop_free(s, free_x509); printf(resultFmt, passed); #endif } static void test_X509_get_signature_nid(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509* x509; AssertIntEQ(X509_get_signature_nid(NULL), 0); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption); X509_free(x509); printf(resultFmt, passed); #endif } static void test_X509_REQ(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) X509_NAME* name; #if !defined(NO_RSA) || defined(HAVE_ECC) X509_REQ* req; EVP_PKEY* priv; EVP_PKEY* pub; unsigned char* der = NULL; #endif #ifndef NO_RSA EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pkctx = NULL; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024; const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024; #elif defined(USE_CERT_BUFFERS_2048) const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048; const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048; #endif #endif #ifdef HAVE_ECC const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256; const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256; int len; #endif AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); #ifndef NO_RSA AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, (long)sizeof_client_key_der_2048)); AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub, (long)sizeof_client_keypub_der_2048)); AssertNotNull(req = X509_REQ_new()); AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); AssertIntEQ(i2d_X509_REQ(req, &der), 643); XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); der = NULL; mctx = EVP_MD_CTX_new(); AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS); EVP_MD_CTX_free(mctx); X509_REQ_free(NULL); X509_REQ_free(req); EVP_PKEY_free(pub); EVP_PKEY_free(priv); #endif #ifdef HAVE_ECC AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv, sizeof_ecc_clikey_der_256)); AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub, sizeof_ecc_clikeypub_der_256)); AssertNotNull(req = X509_REQ_new()); AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); /* Signature is random and may be shorter or longer. */ AssertIntGE((len = i2d_X509_REQ(req, &der)), 245); AssertIntLE(len, 253); XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); X509_REQ_free(req); EVP_PKEY_free(pub); EVP_PKEY_free(priv); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif /* HAVE_ECC */ X509_NAME_free(name); printf(resultFmt, passed); #endif } static void test_wolfssl_PKCS7(void) { #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) PKCS7* pkcs7; byte data[FOURK_BUF]; word32 len = sizeof(data); const byte* p = data; byte content[] = "Test data to encode."; #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) BIO* bio; byte key[sizeof(client_key_der_2048)]; word32 keySz = (word32)sizeof(key); #endif AssertIntGT((len = CreatePKCS7SignedData(data, len, content, (word32)sizeof(content), 0, 0)), 0); AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len)); AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0)); AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL, PKCS7_NOVERIFY), WOLFSSL_FAILURE); PKCS7_free(pkcs7); /* fail case, without PKCS7_NOVERIFY */ p = data; AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, 0), WOLFSSL_FAILURE); PKCS7_free(pkcs7); /* success case, with PKCS7_NOVERIFY */ p = data; AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, PKCS7_NOVERIFY), WOLFSSL_SUCCESS); #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) /* test i2d */ XMEMCPY(key, client_key_der_2048, keySz); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHAh; AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); BIO_free(bio); #endif PKCS7_free(NULL); PKCS7_free(pkcs7); printf(resultFmt, passed); #endif } static void test_wolfSSL_PKCS7_SIGNED_new(void) { #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) PKCS7_SIGNED* pkcs7; printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()"); pkcs7 = PKCS7_SIGNED_new(); AssertNotNull(pkcs7); AssertIntEQ(pkcs7->contentOID, SIGNED_DATA); PKCS7_SIGNED_free(pkcs7); printf(resultFmt, passed); #endif } #ifndef NO_BIO static void test_wolfSSL_PEM_write_bio_PKCS7(void) { #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) PKCS7* pkcs7 = NULL; BIO* bio = NULL; const byte* cert_buf = NULL; int ret = 0; WC_RNG rng; const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_2048, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); #elif defined(USE_CERT_BUFFERS_1024) byte key[sizeof_client_key_der_1024]; byte cert[sizeof(sizeof_client_cert_der_1024)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_1024, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue((fp != XBADFILE)); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp); XFCLOSE(fp); #endif #else #error PKCS7 requires ECC or RSA #endif printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()"); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); /* initialize with DER encoded cert */ AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); /* init rng */ AssertIntEQ(wc_InitRng(&rng), 0); pkcs7->rng = &rng; pkcs7->content = (byte*)data; /* not used for ex */ pkcs7->contentSz = (word32)sizeof(data); pkcs7->contentOID = SIGNED_DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHAh; pkcs7->signedAttribs = NULL; pkcs7->signedAttribsSz = 0; #ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/ AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS); /* Read PKCS#7 PEM from BIO */ ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf); AssertIntGE(ret, 0); BIO_free(bio); #endif wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); printf(resultFmt, passed); #endif } #ifdef HAVE_SMIME static void test_wolfSSL_SMIME_read_PKCS7(void) { #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) PKCS7* pkcs7 = NULL; BIO* bio = NULL; BIO* bcont = NULL; XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r"); printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()"); bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); AssertNotNull(bio); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNotNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); XFCLOSE(smimeTestFile); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r"); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNotNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); XFCLOSE(smimeTestFile); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r"); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE); XFCLOSE(smimeTestFile); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r"); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNotNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); BIO_free(bio); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); printf(resultFmt, passed); #endif } #endif /* HAVE_SMIME*/ #endif /* !NO_BIO */ /*----------------------------------------------------------------------------* | Certificate Failure Checks *----------------------------------------------------------------------------*/ #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz, int type) { int ret; WOLFSSL_CERT_MANAGER* cm = NULL; switch (type) { case TESTING_RSA: #ifdef NO_RSA printf("RSA disabled, skipping test\n"); return ASN_SIG_CONFIRM_E; #else break; #endif case TESTING_ECC: #ifndef HAVE_ECC printf("ECC disabled, skipping test\n"); return ASN_SIG_CONFIRM_E; #else break; #endif default: printf("Bad function argument\n"); return BAD_FUNC_ARG; } cm = wolfSSL_CertManagerNew(); if (cm == NULL) { printf("wolfSSL_CertManagerNew failed\n"); return -1; } #ifndef NO_FILESYSTEM ret = wolfSSL_CertManagerLoadCA(cm, ca, 0); if (ret != WOLFSSL_SUCCESS) { printf("wolfSSL_CertManagerLoadCA failed\n"); wolfSSL_CertManagerFree(cm); return ret; } #else (void)ca; #endif ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1); /* Let AssertIntEQ handle return code */ wolfSSL_CertManagerFree(cm); return ret; } static int test_RsaSigFailure_cm(void) { int ret = 0; const char* ca_cert = "./certs/ca-cert.pem"; const char* server_cert = "./certs/server-cert.der"; byte* cert_buf = NULL; size_t cert_sz = 0; ret = load_file(server_cert, &cert_buf, &cert_sz); if (ret == 0) { /* corrupt DER - invert last byte, which is signature */ cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; /* test bad cert */ ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA); } printf("Signature failure test: RSA: Ret %d\n", ret); if (cert_buf) free(cert_buf); return ret; } static int test_EccSigFailure_cm(void) { int ret = 0; /* self-signed ECC cert, so use server cert as CA */ const char* ca_cert = "./certs/ca-ecc-cert.pem"; const char* server_cert = "./certs/server-ecc.der"; byte* cert_buf = NULL; size_t cert_sz = 0; ret = load_file(server_cert, &cert_buf, &cert_sz); if (ret == 0) { /* corrupt DER - invert last byte, which is signature */ cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; /* test bad cert */ ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC); } printf("Signature failure test: ECC: Ret %d\n", ret); if (cert_buf) free(cert_buf); #ifdef FP_ECC wc_ecc_fp_free(); #endif return ret; } #endif /* NO_CERTS */ #ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) #ifdef WC_SHA384_DIGEST_SIZE static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; #else static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, }; #endif #endif #ifdef WOLFSSL_EARLY_DATA static const char earlyData[] = "Early Data"; static char earlyDataBuffer[1]; #endif static int test_tls13_apis(void) { int ret = 0; #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientTls12Ctx; WOLFSSL* clientTls12Ssl; #endif #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverTls12Ctx; WOLFSSL* serverTls12Ssl; #endif #endif #ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientCtx; WOLFSSL* clientSsl; #endif #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverCtx; WOLFSSL* serverSsl; #ifndef NO_CERTS const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; #endif #endif int required; #ifdef WOLFSSL_EARLY_DATA int outSz; #endif #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) int groups[2] = { WOLFSSL_ECC_SECP256R1, #ifdef HAVE_LIBOQS WOLFSSL_SABER_LEVEL3 #else WOLFSSL_ECC_SECP256R1 #endif }; int bad_groups[2] = { 0xDEAD, 0xBEEF }; int numGroups = 2; #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) char groupList[] = #ifndef NO_ECC_SECP #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 "P-521:" #endif #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 "P-384:" #endif #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 "P-256" #ifdef HAVE_LIBOQS ":P256_SABER_LEVEL1" #endif #endif #ifdef HAVE_LIBOQS ":KYBER_LEVEL1" #endif ""; #endif /* !defined(NO_ECC_SECP) */ #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_CLIENT clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); clientTls12Ssl = wolfSSL_new(clientTls12Ctx); #endif #ifndef NO_WOLFSSL_SERVER serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #ifndef NO_CERTS wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverTls12Ssl = wolfSSL_new(serverTls12Ctx); #endif #endif #ifndef NO_WOLFSSL_CLIENT clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); clientSsl = wolfSSL_new(clientCtx); #endif #ifndef NO_WOLFSSL_SERVER serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #ifndef NO_CERTS wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverSsl = wolfSSL_new(serverCtx); #endif #ifdef WOLFSSL_SEND_HRR_COOKIE AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), WOLFSSL_SUCCESS); #endif #endif #ifdef HAVE_SUPPORTED_CURVES #ifdef HAVE_ECC AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); #endif #elif defined(HAVE_CURVE25519) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif #elif defined(HAVE_CURVE448) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448), WOLFSSL_SUCCESS); #endif #else AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif #endif #if defined(HAVE_LIBOQS) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3), WOLFSSL_SUCCESS); #endif #endif AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); #endif #endif /* HAVE_SUPPORTED_CURVES */ AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); #endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); #endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); #endif AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); #endif AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); #endif AssertIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG); #endif #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); #endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); #endif AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR); #endif #endif #ifdef HAVE_ECC #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR); #endif #endif #ifdef HAVE_SUPPORTED_CURVES AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups), BAD_FUNC_ARG); #endif #ifdef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList), WOLFSSL_SUCCESS); #endif #endif /* OPENSSL_EXTRA */ #endif /* HAVE_SUPPORTED_CURVES */ #endif /* HAVE_ECC */ #ifdef WOLFSSL_EARLY_DATA #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG); #else AssertIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); AssertIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR); #else AssertIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); AssertIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR); #endif #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG); #else AssertIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG); #endif #endif #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0); AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32); #else AssertIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1); AssertIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32); #endif #endif #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG); #else AssertIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR); AssertIntEQ(wolfSSL_get_max_early_data(clientSsl), SIDE_ERROR); #else AssertIntEQ(SSL_set_max_early_data(clientSsl, 0), SIDE_ERROR); AssertIntEQ(SSL_get_max_early_data(clientSsl), SIDE_ERROR); #endif #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG); #else AssertIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG); #endif #endif #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0); AssertIntEQ(wolfSSL_get_max_early_data(serverSsl), 16); #else AssertIntEQ(SSL_set_max_early_data(serverSsl, 16), 1); AssertIntEQ(SSL_get_max_early_data(serverSsl), 16); #endif #endif AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData), &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, sizeof(earlyData), &outSz), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR); #endif AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR); #endif #endif #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA) AssertIntLT(SSL_get_early_data_status(NULL), 0); #endif #ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverSsl); wolfSSL_CTX_free(serverCtx); #endif #ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientSsl); wolfSSL_CTX_free(clientCtx); #endif #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverTls12Ssl); wolfSSL_CTX_free(serverTls12Ctx); #endif #ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientTls12Ssl); wolfSSL_CTX_free(clientTls12Ctx); #endif #endif return ret; } #endif #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \ !defined(NO_OLD_TLS)) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \ !defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key, const unsigned char* priv, unsigned int privSz, const unsigned char* pubKeyDer, unsigned int pubKeySz, unsigned char* out, unsigned int* outlen, void* ctx) { int result; /* Test fail when context associated with WOLFSSL is NULL */ if (ctx == NULL) { return -1; } (void)ssl; /* return 0 on success */ PRIVATE_KEY_UNLOCK(); result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz); PRIVATE_KEY_LOCK(); return result; } static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) { wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback); #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"), WOLFSSL_SUCCESS); #endif #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"), WOLFSSL_SUCCESS); #endif } static void test_dh_ssl_setup(WOLFSSL* ssl) { static int dh_test_ctx = 1; int ret; wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx); AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx); ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) { AssertIntEQ(ret, WOLFSSL_SUCCESS); } } static void test_dh_ssl_setup_fail(WOLFSSL* ssl) { int ret; wolfSSL_SetDhAgreeCtx(ssl, NULL); AssertNull(wolfSSL_GetDhAgreeCtx(ssl)); ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) { AssertIntEQ(ret, WOLFSSL_SUCCESS); } } #endif static void test_DhCallbacks(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \ !defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) WOLFSSL_CTX *ctx; WOLFSSL *ssl; tcp_ready ready; func_args server_args; func_args client_args; THREAD_TYPE serverThread; callback_functions func_cb_client; callback_functions func_cb_server; int test; printf(testingFmt, "test_DhCallbacks"); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE); wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback); /* load client ca cert */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); /* test with NULL arguments */ wolfSSL_SetDhAgreeCtx(NULL, &test); AssertNull(wolfSSL_GetDhAgreeCtx(NULL)); /* test success case */ test = 1; AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_SetDhAgreeCtx(ssl, &test); AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); /* test a connection where callback is used */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* now set user ctx to not be 1 so that the callback returns fail case */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup_fail; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup_fail; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_FAIL); AssertIntEQ(server_args.return_code, TEST_FAIL); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif printf(resultFmt, passed); #endif } #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_HASHDRBG #ifdef TEST_RESEED_INTERVAL static int test_wc_RNG_GenerateBlock_Reseed(void) { int i, ret; WC_RNG rng; byte key[32]; ret = wc_InitRng(&rng); if (ret == 0) { for(i = 0; i < WC_RESEED_INTERVAL + 10; i++) { ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); if (ret != 0) { break; } } } wc_FreeRng(&rng); return ret; } #endif /* TEST_RESEED_INTERVAL */ static int test_wc_RNG_GenerateBlock(void) { int i, ret; WC_RNG rng; byte key[32]; ret = wc_InitRng(&rng); if (ret == 0) { for(i = 0; i < 10; i++) { ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); if (ret != 0) { break; } } } wc_FreeRng(&rng); (void)rng; /* for WC_NO_RNG case */ (void)key; return ret; } #endif /* * Testing get_rand_digit */ static int test_get_rand_digit (void) { int ret = 0; #if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP) WC_RNG rng; mp_digit d; printf(testingFmt, "get_rand_digit()"); ret = wc_InitRng(&rng); if (ret == 0) { ret = get_rand_digit(&rng, &d); } if (ret == 0) { ret = get_rand_digit(NULL, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = get_rand_digit(NULL, &d); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = get_rand_digit(&rng, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_FreeRng(&rng); } printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_get_rand_digit*/ /* * Testing get_digit_count */ static int test_get_digit_count (void) { int ret = 0; #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP) mp_int a; printf(testingFmt, "get_digit_count()"); if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { ret = get_digit_count(NULL); } if (ret == 0) { ret = get_digit_count(&a); } printf(resultFmt, ret == 0 ? passed : failed); mp_clear(&a); #endif return ret; }/* End test_get_digit_count*/ /* * Testing mp_cond_copy */ static int test_mp_cond_copy (void) { int ret = 0; #if defined(WOLFSSL_PUBLIC_MP) mp_int a; mp_int b; int copy = 0; printf(testingFmt, "mp_cond_copy()"); if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { if (mp_init(&b) != MP_OKAY) { ret = -1; } } if (ret == 0) { ret = mp_cond_copy(NULL, copy, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_cond_copy(NULL, copy, &b); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_cond_copy(&a, copy, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_cond_copy(&a, copy, &b); } printf(resultFmt, ret == 0 ? passed : failed); mp_clear(&a); mp_clear(&b); #endif return ret; }/* End test_mp_cond_copy*/ /* * Testing mp_rand */ static int test_mp_rand (void) { int ret = 0; #if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP) mp_int a; int digits = 1; WC_RNG rng; printf(testingFmt, "mp_rand()"); if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = mp_rand(&a, digits, NULL); if (ret == MISSING_RNG_E) { ret = 0; } } if (ret == 0) { ret = mp_rand(NULL, digits, &rng); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_rand(&a, 0, &rng); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_rand(&a, digits, &rng); } printf(resultFmt, ret == 0 ? passed : failed); mp_clear(&a); wc_FreeRng(&rng); #endif return ret; }/* End test_mp_rand*/ /* * Testing get_digit */ static int test_get_digit (void) { int ret = 0; #if defined(WOLFSSL_PUBLIC_MP) mp_int a; int n = 0; printf(testingFmt, "get_digit()"); if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { if (get_digit(NULL, n) != 0) { /* Should not hit this */ ret = -1; } } if (ret == 0) { if (get_digit(NULL, n) == 0) { /* Should hit this */ ret = 0; } } if (ret == 0) { if (get_digit(&a, n) != 0) { /* Should not hit this */ ret = -1; } } if (ret == 0) { if (get_digit(&a, n) == 0) { /* Should hit this */ ret = 0; } } printf(resultFmt, ret == 0 ? passed : failed); mp_clear(&a); #endif return ret; }/* End test_get_digit*/ /* * Testing wc_export_int */ static int test_wc_export_int(void) { int ret = 0; #if defined(WOLFSSL_PUBLIC_MP) mp_int mp; byte buf[32]; word32 keySz = (word32)sizeof(buf); word32 len = (word32)sizeof(buf); printf(testingFmt, "wc_export_int()"); if (mp_init(&mp) != MP_OKAY) { ret = -1; } if (ret == 0) { ret = mp_set_int(&mp, 1234); } if (ret == 0) { ret = wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { len = sizeof(buf)-1; ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN); if (ret == BUFFER_E) { ret = 0; } } if (ret == 0) { len = sizeof(buf); ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN); } if (ret == 0) { len = 4; /* test input too small */ ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR); if (ret == BUFFER_E) { ret = 0; } } if (ret == 0) { len = sizeof(buf); ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR); /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */ if (ret == 0 && len != 5) { ret = BAD_FUNC_ARG; } } printf(resultFmt, ret == 0 ? passed : failed); mp_clear(&mp); #endif return ret; }/* End test_wc_export_int*/ static int test_wc_InitRngNonce(void) { int ret=0; #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) WC_RNG rng; byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE" "\x45\xAC\x13\x7A\xE1\x48\xAF\x16"; word32 nonceSz = sizeof(nonce); printf(testingFmt, "wc_InitRngNonce()"); if (ret == 0){ ret = wc_InitRngNonce(&rng, nonce, nonceSz); } wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/* End test_wc_InitRngNonce*/ /* * Testing wc_InitRngNonce_ex */ static int test_wc_InitRngNonce_ex(void) { int ret=0; #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) WC_RNG rng; byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE" "\x45\xAC\x13\x7A\xE1\x48\xAF\x16"; word32 nonceSz = sizeof(nonce); printf(testingFmt, "wc_InitRngNonce_ex()"); if (ret == 0){ ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, devId); } wc_FreeRng(&rng); printf(resultFmt, ret == 0 ? passed : failed); #endif return ret; }/*End test_wc_InitRngNonce_ex*/ static void test_wolfSSL_X509_CRL(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) X509_CRL *crl; char pem[][100] = { "./certs/crl/crl.pem", "./certs/crl/crl2.pem", "./certs/crl/caEccCrl.pem", "./certs/crl/eccCliCRL.pem", "./certs/crl/eccSrvCRL.pem", "" }; #ifndef NO_BIO BIO *bio; #endif #ifdef HAVE_TEST_d2i_X509_CRL_fp char der[][100] = { "./certs/crl/crl.der", "./certs/crl/crl2.der", ""}; #endif XFILE fp; int i; printf(testingFmt, "test_wolfSSL_X509_CRL"); for (i = 0; pem[i][0] != '\0'; i++) { fp = XFOPEN(pem[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); fp = XFOPEN(pem[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); } #ifndef NO_BIO for (i = 0; pem[i][0] != '\0'; i++) { AssertNotNull(bio = BIO_new_file(pem[i], "rb")); AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)); X509_CRL_free(crl); BIO_free(bio); } #endif #ifdef HAVE_TEST_d2i_X509_CRL_fp for(i = 0; der[i][0] != '\0'; i++){ fp = XFOPEN(der[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); fp = XFOPEN(der[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); } #endif printf(resultFmt, passed); #endif return; } static void test_wolfSSL_X509_load_crl_file(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && !defined(NO_BIO) int i; char pem[][100] = { "./certs/crl/crl.pem", "./certs/crl/crl2.pem", "./certs/crl/caEccCrl.pem", "./certs/crl/eccCliCRL.pem", "./certs/crl/eccSrvCRL.pem", "" }; char der[][100] = { "./certs/crl/crl.der", "./certs/crl/crl2.der", "" }; WOLFSSL_X509_STORE* store; WOLFSSL_X509_LOOKUP* lookup; printf(testingFmt, "wolfSSL_X509_load_crl_file"); AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); /* since store hasn't yet known the revoked cert*/ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); } for (i = 0; pem[i][0] != '\0'; i++) { AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1); } if (store) { /* since store knows crl list */ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } /* once feeing store */ X509_STORE_free(store); store = NULL; AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); /* since store hasn't yet known the revoked cert*/ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); } for (i = 0; der[i][0] != '\0'; i++) { AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1); } if (store) { /* since store knows crl list */ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } /* test for incorrect parameter */ AssertIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0); AssertIntEQ(X509_load_crl_file(lookup, NULL, 0), 0); AssertIntEQ(X509_load_crl_file(NULL, NULL, 0), 0); X509_STORE_free(store); store = NULL; printf(resultFmt, passed); #endif } static void test_wolfSSL_d2i_X509_REQ(void) { #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \ (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were * generated by libest * ./certs/csr.attr.der contains sample attributes * ./certs/csr.ext.der contains sample extensions */ const char* csrFile = "./certs/csr.signed.der"; const char* csrPopFile = "./certs/csr.attr.der"; const char* csrExtFile = "./certs/csr.ext.der"; /* ./certs/csr.dsa.pem is generated using * openssl req -newkey dsa:certs/dsaparams.pem \ * -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \ * -outform PEM * with the passphrase "wolfSSL" */ #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) const char* csrDsaFile = "./certs/csr.dsa.pem"; XFILE f; #endif BIO* bio = NULL; X509* req = NULL; EVP_PKEY *pub_key = NULL; { AssertNotNull(bio = BIO_new_file(csrFile, "rb")); AssertNotNull(d2i_X509_REQ_bio(bio, &req)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); X509_free(req); BIO_free(bio); EVP_PKEY_free(pub_key); } { #ifdef OPENSSL_ALL X509_ATTRIBUTE* attr; ASN1_TYPE *at; #endif AssertNotNull(bio = BIO_new_file(csrPopFile, "rb")); AssertNotNull(d2i_X509_REQ_bio(bio, &req)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); #ifdef OPENSSL_ALL /* * Obtain the challenge password from the CSR */ AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), NID_pkcs9_challengePassword); AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at->value.asn1_string); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+"); AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1); #endif X509_free(req); BIO_free(bio); EVP_PKEY_free(pub_key); } { #ifdef OPENSSL_ALL X509_ATTRIBUTE* attr; ASN1_TYPE *at; STACK_OF(X509_EXTENSION) *exts = NULL; #endif AssertNotNull(bio = BIO_new_file(csrExtFile, "rb")); /* This CSR contains an Extension Request attribute so * we test extension parsing in a CSR attribute here. */ AssertNotNull(d2i_X509_REQ_bio(bio, &req)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); #ifdef OPENSSL_ALL AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req)); AssertIntEQ(sk_X509_EXTENSION_num(exts), 2); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); /* * Obtain the challenge password from the CSR */ AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), NID_pkcs9_challengePassword); AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at->value.asn1_string); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo"); AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0); AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0); #endif X509_free(req); BIO_free(bio); EVP_PKEY_free(pub_key); } #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) { AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb")); AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); X509_free(req); BIO_free(bio); /* Run the same test, but with a file pointer instead of a BIO. * (PEM_read_X509_REQ)*/ AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE); AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL)); AssertIntEQ(X509_REQ_verify(req, pub_key), 1); X509_free(req); EVP_PKEY_free(pub_key); } #endif /* !NO_DSA && !HAVE_SELFTEST */ #endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */ } static void test_wolfSSL_PEM_read_X509(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) X509 *x509 = NULL; XFILE fp; printf(testingFmt, "wolfSSL_PEM_read_X509"); fp = XFOPEN(svrCertFile, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL)); X509_free(x509); XFCLOSE(fp); printf(resultFmt, passed); #endif } static void test_wolfSSL_PEM_read(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO) const char* filename = "./certs/server-keyEnc.pem"; XFILE fp; char* name = NULL; char* header = NULL; byte* data = NULL; long len; EVP_CIPHER_INFO cipher; WOLFSSL_BIO* bio; byte* fileData; size_t fileDataSz; byte* out; printf(testingFmt, "wolfSSL_PEM_read"); fp = XFOPEN(filename, "rb"); AssertTrue((fp != XBADFILE)); /* Fail cases. */ AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); AssertIntGT(XSTRLEN(header), 0); AssertIntGT(len, 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0); AssertIntGT((fileDataSz = XFTELL(fp)), 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); XFCLOSE(fp); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); /* Fail cases. */ AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0); AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0); AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0); AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0); AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); /* Fail cases. */ AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE); AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE); #ifndef NO_DES3 AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS); #endif /* Fail cases. */ AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack, (void*)"yassl123"), WOLFSSL_FAILURE); AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack, (void*)"yassl123"), WOLFSSL_FAILURE); AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL, (void*)"yassl123"), WOLFSSL_FAILURE); #if !defined(NO_DES3) && !defined(NO_MD5) AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, (void*)"yassl123"), WOLFSSL_SUCCESS); #endif BIO_free(bio); XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); name = NULL; header = NULL; data = NULL; fp = XFOPEN(svrKeyFile, "rb"); AssertTrue((fp != XBADFILE)); AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); AssertIntEQ(XSTRLEN(header), 0); AssertIntGT(len, 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0); AssertIntGT((fileDataSz = XFTELL(fp)), 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); XFCLOSE(fp); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); BIO_free(bio); XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); printf(resultFmt, passed); #endif } static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) const byte iv[12] = { 0 }; const byte key[16] = { 0 }; const byte cleartext[16] = { 0 }; const byte aad[] = { 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93, 0x4f }; byte out1Part[16]; byte outTag1Part[16]; byte out2Part[16]; byte outTag2Part[16]; byte decryptBuf[16]; int len; int tlen; EVP_CIPHER_CTX* ctx = NULL; printf(testingFmt, "wolfssl_EVP_aes_gcm_AAD_2_parts"); /* ENCRYPT */ /* Send AAD and data in 1 part */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, sizeof(cleartext)), 1); tlen += len; AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag1Part), 1); EVP_CIPHER_CTX_free(ctx); /* DECRYPT */ /* Send AAD and data in 1 part */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, sizeof(cleartext)), 1); tlen += len; AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); EVP_CIPHER_CTX_free(ctx); AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); /* ENCRYPT */ /* Send AAD and data in 2 parts */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1); tlen += len; AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1, sizeof(cleartext) - 1), 1); tlen += len; AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag2Part), 1); AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0); AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0); EVP_CIPHER_CTX_free(ctx); /* DECRYPT */ /* Send AAD and data in 2 parts */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1); tlen += len; AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1, sizeof(cleartext) - 1), 1); tlen += len; AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); /* Test AAD re-use */ EVP_CIPHER_CTX_free(ctx); printf(resultFmt, passed); #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) static void test_wolfssl_EVP_aes_gcm_zeroLen(void) { /* Zero length plain text */ byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; /* align */ byte iv[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; /* align */ byte plaintxt[1]; int ivSz = 12; int plaintxtSz = 0; unsigned char tag[16]; unsigned char tag_kat[] = {0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9, 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b}; byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; int ciphertxtSz = 0; int decryptedtxtSz = 0; int len = 0; EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, plaintxtSz)); AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); ciphertxtSz += len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); AssertIntEQ(0, ciphertxtSz); AssertIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); EVP_CIPHER_CTX_init(de); AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); decryptedtxtSz = len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); decryptedtxtSz += len; AssertIntEQ(0, decryptedtxtSz); EVP_CIPHER_CTX_free(en); EVP_CIPHER_CTX_free(de); } #endif static void test_wolfssl_EVP_aes_gcm(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) /* A 256 bit key, AES_128 will use the first 128 bit*/ byte *key = (byte*)"01234567890123456789012345678901"; /* A 128 bit IV */ byte *iv = (byte*)"0123456789012345"; int ivSz = AES_BLOCK_SIZE; /* Message to be encrypted */ byte *plaintxt = (byte*)"for things to change you have to change"; /* Additional non-confidential data */ byte *aad = (byte*)"Don't spend major time on minor things."; unsigned char tag[AES_BLOCK_SIZE] = {0}; int plaintxtSz = (int)XSTRLEN((char*)plaintxt); int aadSz = (int)XSTRLEN((char*)aad); byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; int ciphertxtSz = 0; int decryptedtxtSz = 0; int len = 0; int i = 0; EVP_CIPHER_CTX en[2]; EVP_CIPHER_CTX de[2]; printf(testingFmt, "wolfssl_EVP_aes_gcm"); for (i = 0; i < 2; i++) { EVP_CIPHER_CTX_init(&en[i]); if (i == 0) { /* Default uses 96-bits IV length */ #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv)); #endif } else { #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL)); #endif /* non-default must to set the IV length first */ AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); } AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz)); ciphertxtSz = len; AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); ciphertxtSz += len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); EVP_CIPHER_CTX_init(&de[i]); if (i == 0) { /* Default uses 96-bits IV length */ #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv)); #endif } else { #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL)); #endif /* non-default must to set the IV length first */ AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); } AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); decryptedtxtSz = len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)); AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); decryptedtxtSz += len; AssertIntEQ(ciphertxtSz, decryptedtxtSz); AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); /* modify tag*/ tag[AES_BLOCK_SIZE-1]+=0xBB; AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)); /* fail due to wrong tag */ AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); AssertIntEQ(0, len); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); } test_wolfssl_EVP_aes_gcm_zeroLen(); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ } #ifndef NO_BIO static void test_wolfSSL_PEM_X509_INFO_read_bio(void) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) BIO* bio; X509_INFO* info; STACK_OF(X509_INFO)* sk; char* subject; char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; printf(testingFmt, "wolfSSL_PEM_X509_INFO_read_bio"); AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); AssertIntEQ(sk_X509_INFO_num(sk), 2); /* using dereference to maintain testing for Apache port*/ AssertNotNull(info = sk_X509_INFO_pop(sk)); AssertNotNull(info->x_pkey); AssertNotNull(info->x_pkey->dec_pkey); AssertIntEQ(EVP_PKEY_bits(info->x_pkey->dec_pkey), 2048); AssertNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0)); AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); X509_INFO_free(info); AssertNotNull(info = sk_X509_INFO_pop(sk)); AssertNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0)); AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); X509_INFO_free(info); AssertNull(info = sk_X509_INFO_pop(sk)); sk_X509_INFO_pop_free(sk, X509_INFO_free); BIO_free(bio); printf(resultFmt, passed); #endif } #endif /* !NO_BIO */ static void test_wolfSSL_X509_NAME_ENTRY_get_object(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509 *x509; X509_NAME* name; int idx = 0; X509_NAME_ENTRY *ne; ASN1_OBJECT *object = NULL; printf(testingFmt, "wolfSSL_X509_NAME_ENTRY_get_object"); x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); name = X509_get_subject_name(x509); idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); AssertIntGE(idx, 0); ne = X509_NAME_get_entry(name, idx); AssertNotNull(ne); AssertNotNull(object = X509_NAME_ENTRY_get_object(ne)); X509_free(x509); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_INTEGER_get_set(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_INTEGER *a; long val; int ret; printf(testingFmt, "test_wolfSSL_ASN1_INTEGER_get_set"); a = ASN1_INTEGER_new(); val = 0; ret = ASN1_INTEGER_set(NULL, val); AssertIntEQ(ret, 0); ASN1_INTEGER_free(a); /* 0 */ a = ASN1_INTEGER_new(); val = 0; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* 40 */ a = ASN1_INTEGER_new(); val = 40; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* -40 */ a = ASN1_INTEGER_new(); val = -40; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* 128 */ a = ASN1_INTEGER_new(); val = 128; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* -128 */ a = ASN1_INTEGER_new(); val = -128; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* 200 */ a = ASN1_INTEGER_new(); val = 200; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* int max (2147483647) */ a = ASN1_INTEGER_new(); val = 2147483647; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* int min (-2147483648) */ a = ASN1_INTEGER_new(); val = -2147483647 - 1; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_STORE_get1_certs(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE_CTX *storeCtx; X509_STORE *store; X509 *caX509; X509 *svrX509; X509_NAME *subject; WOLF_STACK_OF(WOLFSSL_X509) *certs; printf(testingFmt, "wolfSSL_X509_STORE_get1_certs()"); AssertNotNull(caX509 = X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)); AssertNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertNotNull(storeCtx = X509_STORE_CTX_new()); AssertNotNull(store = X509_STORE_new()); AssertNotNull(subject = X509_get_subject_name(caX509)); /* Errors */ AssertNull(X509_STORE_get1_certs(storeCtx, subject)); AssertNull(X509_STORE_get1_certs(NULL, subject)); AssertNull(X509_STORE_get1_certs(storeCtx, NULL)); AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS); /* Should find the cert */ AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); AssertIntEQ(1, wolfSSL_sk_X509_num(certs)); sk_X509_pop_free(certs, NULL); /* Should not find the cert */ AssertNotNull(subject = X509_get_subject_name(svrX509)); AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); AssertIntEQ(0, wolfSSL_sk_X509_num(certs)); sk_X509_pop_free(certs, NULL); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(svrX509); X509_free(caX509); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ } /* Testing code used in dpp.c in hostap */ #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) typedef struct { /* AlgorithmIdentifier ecPublicKey with optional parameters present * as an OID identifying the curve */ X509_ALGOR *alg; /* Compressed format public key per ANSI X9.63 */ ASN1_BIT_STRING *pub_key; } DPP_BOOTSTRAPPING_KEY; ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = { ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR), ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY) IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY) #endif static void test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) { /* Testing code used in dpp.c in hostap */ #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) EC_KEY *eckey; EVP_PKEY *key; size_t len; unsigned char *der = NULL; DPP_BOOTSTRAPPING_KEY *bootstrap = NULL; const unsigned char *in = ecc_clikey_der_256; const EC_GROUP *group; const EC_POINT *point; int nid; AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key)); AssertNotNull(group = EC_KEY_get0_group(eckey)); AssertNotNull(point = EC_KEY_get0_public_key(eckey)); nid = EC_GROUP_get_curve_name(group); AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC), V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1); #ifdef HAVE_COMP_KEY AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL)), 0); #else AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)), 0); #endif AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1)); #ifdef HAVE_COMP_KEY AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, der, len, NULL), len); #else AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, der, len, NULL), len); #endif bootstrap->pub_key->data = der; bootstrap->pub_key->length = (int)len; /* Not actually used */ bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; der = NULL; AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); XFREE(der, NULL, DYNAMIC_TYPE_ASN1); EVP_PKEY_free(key); EC_KEY_free(eckey); DPP_BOOTSTRAPPING_KEY_free(bootstrap); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* WOLFSSL_WPAS && HAVE_ECC && USE_CERT_BUFFERS_256 */ } static void test_wolfSSL_i2c_ASN1_INTEGER(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_INTEGER *a; unsigned char *pp,*tpp; int ret; printf(testingFmt, "wolfSSL_i2c_ASN1_INTEGER"); a = wolfSSL_ASN1_INTEGER_new(); /* 40 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 40; ret = i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 40); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* 128 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 128; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 2); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*(pp--), 128); AssertIntEQ(*pp, 0); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -40 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 40; a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 216); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -128 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 128; a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 128); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -200 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 200; a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 2); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*(pp--), 56); AssertIntEQ(*pp, 255); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_ASN1_INTEGER_free(a); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !NO_ASN */ } #ifndef NO_INLINE #define WOLFSSL_MISC_INCLUDED #include #else #include #endif static int test_ForceZero(void) { unsigned char data[32]; unsigned int i, j, len; /* Test case with 0 length */ ForceZero(data, 0); /* Test ForceZero */ for (i = 0; i < sizeof(data); i++) { for (len = 1; len < sizeof(data) - i; len++) { for (j = 0; j < sizeof(data); j++) data[j] = j + 1; ForceZero(data + i, len); for (j = 0; j < sizeof(data); j++) { if (j < i || j >= i + len) { if (data[j] == 0x00) return -10200; } else if (data[j] != 0x00) return -10201; } } } return 0; } #ifndef NO_BIO static void test_wolfSSL_X509_print(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF) X509 *x509; BIO *bio; #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) const X509_ALGOR *cert_sig_alg; #endif printf(testingFmt, "wolfSSL_X509_print"); x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); /* print to memory */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); #if defined(WOLFSSL_QT) AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113); #else AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103); #endif BIO_free(bio); AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE)); #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) /* Print signature */ AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509)); AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS); #endif /* print to stdout */ #if !defined(NO_WOLFSSL_DIR) AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); #endif /* print again */ AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS); X509_free(x509); BIO_free(bio); printf(resultFmt, passed); #endif } static void test_wolfSSL_RSA_print(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(NO_BIO) BIO *bio; WOLFSSL_RSA* rsa = NULL; printf(testingFmt, "wolfSSL_RSA_print"); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE)); AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS); BIO_free(bio); RSA_free(rsa); printf(resultFmt, passed); #endif } static void test_wolfSSL_BIO_get_len(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) BIO *bio = NULL; const char txt[] = "Some example text to push to the BIO."; printf(testingFmt, "wolfSSL_BIO_get_len"); AssertIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt)); AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt)); BIO_free(bio); AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE)); AssertIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE); BIO_free(bio); printf(resultFmt, passed); #endif } static void test_wolfSSL_ASN1_STRING_print(void){ #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS) ASN1_STRING* asnStr = NULL; const char HELLO_DATA[]= \ {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'}; #define MAX_UNPRINTABLE_CHAR 32 #define MAX_BUF 255 unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)]; unsigned char expected[sizeof(unprintableData)+1]; unsigned char rbuf[MAX_BUF]; BIO *bio; int p_len, i; printf(testingFmt, "wolfSSL_ASN1_STRING_print()"); /* setup */ for (i = 0; i < (int)sizeof(HELLO_DATA); i++) { unprintableData[i] = HELLO_DATA[i]; expected[i] = HELLO_DATA[i]; } for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) { unprintableData[sizeof(HELLO_DATA)+i] = i; if (i == (int)'\n' || i == (int)'\r') expected[sizeof(HELLO_DATA)+i] = i; else expected[sizeof(HELLO_DATA)+i] = '.'; } unprintableData[sizeof(unprintableData)-1] = '\0'; expected[sizeof(expected)-1] = '\0'; XMEMSET(rbuf, 0, MAX_BUF); bio = BIO_new(BIO_s_mem()); BIO_set_write_buf_size(bio, MAX_BUF); asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(asnStr,(const void*)unprintableData, (int)sizeof(unprintableData)); /* test */ p_len = wolfSSL_ASN1_STRING_print(bio, asnStr); AssertIntEQ(p_len, 46); BIO_read(bio, (void*)rbuf, 46); AssertStrEQ((char*)rbuf, (const char*)expected); BIO_free(bio); ASN1_STRING_free(asnStr); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */ } #endif /* !NO_BIO */ static void test_wolfSSL_ASN1_get_object(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) const unsigned char* derBuf = cliecc_cert_der_256; int len = sizeof_cliecc_cert_der_256; long asnLen = 0; int tag = 0, cls = 0; ASN1_OBJECT *a; printf(testingFmt, "wolfSSL_ASN1_get_object()"); /* Read a couple TLV triplets and make sure they match the expected values */ AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0); AssertIntEQ(asnLen, 841); AssertIntEQ(tag, 0x10); AssertIntEQ(cls, 0); AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 750); AssertIntEQ(tag, 0x10); AssertIntEQ(cls, 0); AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 3); AssertIntEQ(tag, 0); AssertIntEQ(cls, 0x80); AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 1); AssertIntEQ(tag, 0x2); AssertIntEQ(cls, 0); derBuf += asnLen; AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 9); AssertIntEQ(tag, 0x2); AssertIntEQ(cls, 0); derBuf += asnLen; AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 10); AssertIntEQ(tag, 0x10); AssertIntEQ(cls, 0); /* Read an ASN OBJECT */ AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len)); ASN1_OBJECT_free(a); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */ } static void test_wolfSSL_RSA_verify(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \ !defined(NO_FILESYSTEM) && defined(HAVE_CRL) #ifndef NO_BIO XFILE fp; RSA *pKey, *pubKey; X509 *cert; const char *text = "Hello wolfSSL !"; unsigned char hash[SHA256_DIGEST_LENGTH]; unsigned char signature[2048/8]; unsigned int signatureLength; byte *buf; BIO *bio; SHA256_CTX c; EVP_PKEY *evpPkey, *evpPubkey; size_t sz; printf(testingFmt, "wolfSSL_RSA_verify"); /* generate hash */ SHA256_Init(&c); SHA256_Update(&c, text, strlen(text)); SHA256_Final(hash, &c); #ifdef WOLFSSL_SMALL_STACK_CACHE /* workaround for small stack cache case */ wc_Sha256Free((wc_Sha256*)&c); #endif /* read privete key file */ fp = XFOPEN(svrKeyFile, "rb"); AssertTrue((fp != XBADFILE)); XFSEEK(fp, 0, XSEEK_END); sz = XFTELL(fp); XREWIND(fp); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, fp), sz); XFCLOSE(fp); /* read private key and sign hash data */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)); AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey)); AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, &signatureLength, pKey), SSL_SUCCESS); /* read public key and verify signed data */ fp = XFOPEN(svrCertFile,"rb"); AssertTrue((fp != XBADFILE)); cert = PEM_read_X509(fp, 0, 0, 0 ); XFCLOSE(fp); evpPubkey = X509_get_pubkey(cert); pubKey = EVP_PKEY_get1_RSA(evpPubkey); AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, signatureLength, pubKey), SSL_SUCCESS); RSA_free(pKey); EVP_PKEY_free(evpPkey); RSA_free(pubKey); EVP_PKEY_free(evpPubkey); X509_free(cert); BIO_free(bio); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); printf(resultFmt, passed); #endif #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) static void test_openssl_make_self_signed_certificate(EVP_PKEY* pkey) { X509* x509 = NULL; BIGNUM* serial_number = NULL; X509_NAME* name = NULL; time_t epoch_off = 0; ASN1_INTEGER* asn1_serial_number; long not_before, not_after; AssertNotNull(x509 = X509_new()); AssertIntNE(X509_set_pubkey(x509, pkey), 0); AssertNotNull(serial_number = BN_new()); AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0); AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509)); AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number)); /* version 3 */ AssertIntNE(X509_set_version(x509, 2L), 0); AssertNotNull(name = X509_NAME_new()); AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8, (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0); AssertIntNE(X509_set_subject_name(x509, name), 0); AssertIntNE(X509_set_issuer_name(x509, name), 0); not_before = (long)XTIME(NULL); not_after = not_before + (365 * 24 * 60 * 60); AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off)); AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off)); AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0); BN_free(serial_number); X509_NAME_free(name); X509_free(x509); } #endif static void test_openssl_generate_key_and_cert(void) { #if defined(OPENSSL_EXTRA) #if !defined(NO_RSA) { EVP_PKEY* pkey = EVP_PKEY_new(); int key_length = 2048; BIGNUM* exponent = BN_new(); RSA* rsa = RSA_new(); AssertNotNull(pkey); AssertNotNull(exponent); AssertNotNull(rsa); AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0); #ifndef WOLFSSL_KEY_GEN AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), WOLFSSL_FAILURE); #if defined(USE_CERT_BUFFERS_1024) AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024, sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0); key_length = 1024; #elif defined(USE_CERT_BUFFERS_2048) AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0); #else RSA_free(rsa); rsa = NULL; #endif #else AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0); #endif if (rsa) { AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0); BN_free(exponent); #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) test_openssl_make_self_signed_certificate(pkey); #endif } EVP_PKEY_free(pkey); } #endif /* !NO_RSA */ #ifdef HAVE_ECC { EVP_PKEY* pkey = EVP_PKEY_new(); EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); AssertNotNull(pkey); AssertNotNull(ec_key); #ifndef NO_WOLFSSL_STUB EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE); #endif AssertIntNE(EC_KEY_generate_key(ec_key), 0); AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0); #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) test_openssl_make_self_signed_certificate(pkey); #endif EVP_PKEY_free(pkey); } #endif /* HAVE_ECC */ #endif /* OPENSSL_EXTRA */ } static void test_stubs_are_stubs(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) WOLFSSL_CTX* ctx = NULL; WOLFSSL_CTX* ctxN = NULL; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #elif !defined(NO_WOLFSSL_SERVER) ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else return; #endif #define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \ AssertIntEQ((int) x(z), 0) /* test logic, all stubs return same result regardless of ctx being NULL * as there are no sanity checks, it's just a stub! If at some * point a stub is not a stub it should begin to return BAD_FUNC_ARG * if invalid inputs are supplied. Test calling both * with and without valid inputs, if a stub functionality remains unchanged. */ CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN); wolfSSL_CTX_free(ctx); ctx = NULL; #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */ } static void test_CONF_modules_xxx(void) { #if defined(OPENSSL_EXTRA) CONF_modules_free(); AssertTrue(1); /* to confirm previous call gives no harm */ CONF_modules_unload(0); AssertTrue(1); CONF_modules_unload(1); AssertTrue(1); CONF_modules_unload(-1); AssertTrue(1); #endif /* OPENSSL_EXTRA */ } static void test_CRYPTO_set_dynlock_xxx(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "CRYPTO_set_dynlock_xxx()"); CRYPTO_set_dynlock_create_callback( (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL); CRYPTO_set_dynlock_create_callback( (struct CRYPTO_dynlock_value *(*)(const char*, int))1); CRYPTO_set_dynlock_destroy_callback( (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL); CRYPTO_set_dynlock_destroy_callback( (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1); CRYPTO_set_dynlock_lock_callback( (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL); CRYPTO_set_dynlock_lock_callback( (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1); AssertTrue(1); /* to confirm previous call gives no harm */ printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_CRYPTO_THREADID_xxx(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "CRYPTO_THREADID_xxx()"); CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL); CRYPTO_THREADID_current((CRYPTO_THREADID*)1); AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_ENGINE_cleanup(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "ENGINE_cleanup()"); ENGINE_cleanup(); AssertTrue(1); /* to confirm previous call gives no harm */ printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_CTX_LoadCRL(void) { #ifdef HAVE_CRL WOLFSSL_CTX* ctx = NULL; const char* badPath = "dummypath"; const char* validPath = "./certs/crl"; int derType = WOLFSSL_FILETYPE_ASN1; int pemType = WOLFSSL_FILETYPE_PEM; int monitor = WOLFSSL_CRL_MONITOR; #define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \ BAD_FUNC_ARG) #define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \ WOLFSSL_SUCCESS) FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #elif !defined(NO_WOLFSSL_SERVER) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else return; #endif SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor); SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor); SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor); wolfSSL_CTX_free(ctx); ctx = NULL; #endif } static void test_SetTmpEC_DHE_Sz(void) { #if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; WOLFSSL *ssl; ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif } static void test_wolfSSL_CTX_get0_privatekey(void) { #ifdef OPENSSL_ALL WOLFSSL_CTX* ctx = NULL; printf(testingFmt, "wolfSSL_CTX_get0_privatekey()"); #ifndef NO_RSA AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(SSL_CTX_get0_privatekey(ctx)); wolfSSL_CTX_free(ctx); #endif #ifdef HAVE_ECC AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(SSL_CTX_get0_privatekey(ctx)); wolfSSL_CTX_free(ctx); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_dtls_set_mtu(void) { #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \ defined(WOLFSSL_DTLS) WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; const char* testCertFile; const char* testKeyFile; AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); } AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); printf(testingFmt, "wolfSSL_dtls_set_mtu()"); printf(resultFmt, passed); #endif } #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) { printf("loading cert %s failed\n", certA); printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret)); return -1; } return 0; } static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { printf("could not verify the cert: %s\n", certA); printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret)); return -1; } else { printf("successfully verified: %s\n", certA); } return 0; } #define LOAD_ONE_CA(a, b, c, d) \ do { \ a = load_ca_into_cm(c, d); \ if (a != 0) \ return b; \ else \ b--; \ } while(0) #define VERIFY_ONE_CERT(a, b, c, d) \ do { \ a = verify_cert_with_cm(c, d); \ if (a != 0) \ return b; \ else \ b--; \ } while(0) static int test_chainG(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */ char chainGArr[9][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainG-ICA7-pathlen100.pem", "certs/test-pathlen/chainG-ICA6-pathlen10.pem", "certs/test-pathlen/chainG-ICA5-pathlen20.pem", "certs/test-pathlen/chainG-ICA4-pathlen5.pem", "certs/test-pathlen/chainG-ICA3-pathlen99.pem", "certs/test-pathlen/chainG-ICA2-pathlen1.pem", "certs/test-pathlen/chainG-ICA1-pathlen0.pem", "certs/test-pathlen/chainG-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */ /* test validating the entity twice, should have no effect on pathLen since * entity/leaf cert */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */ return ret; } static int test_chainH(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9: * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2) * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1) * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0) * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR) * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 */ char chainHArr[6][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainH-ICA4-pathlen2.pem", "certs/test-pathlen/chainH-ICA3-pathlen2.pem", "certs/test-pathlen/chainH-ICA2-pathlen2.pem", "certs/test-pathlen/chainH-ICA1-pathlen0.pem", "certs/test-pathlen/chainH-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */ return ret; } static int test_chainI(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain I is a valid chain per RFC5280 section 4.2.1.9: * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2) * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1) * ICA1-no_pathlen signing entity (reduce maxPathLen to 0) * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 */ char chainIArr[5][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainI-ICA3-pathlen2.pem", "certs/test-pathlen/chainI-ICA2-no_pathlen.pem", "certs/test-pathlen/chainI-ICA1-no_pathlen.pem", "certs/test-pathlen/chainI-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */ return ret; } static int test_chainJ(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9: * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2) * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1) * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0) * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert) */ char chainJArr[6][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainJ-ICA4-pathlen2.pem", "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem", "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem", "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem", "certs/test-pathlen/chainJ-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */ return ret; } static int test_various_pathlen_chains(void) { int ret; WOLFSSL_CERT_MANAGER* cm; /* Test chain G (large chain with varying pathLens) */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { printf("cert manager new failed\n"); return -1; } AssertIntEQ(test_chainG(cm), 0); ret = wolfSSL_CertManagerUnloadCAs(cm); if (ret != WOLFSSL_SUCCESS) return -1; wolfSSL_CertManagerFree(cm); /* end test chain G */ /* Test chain H (5 chain with same pathLens) */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { printf("cert manager new failed\n"); return -1; } AssertIntLT(test_chainH(cm), 0); wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); if ((cm = wolfSSL_CertManagerNew()) == NULL) { printf("cert manager new failed\n"); return -1; } ret = wolfSSL_CertManagerUnloadCAs(cm); if (ret != WOLFSSL_SUCCESS) return -1; wolfSSL_CertManagerFree(cm); /* end test chain H */ /* Test chain I (only first ICA has pathLen set and it's set to 2, * followed by 2 ICA's, should pass) */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { printf("cert manager new failed\n"); return -1; } AssertIntEQ(test_chainI(cm), 0); wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); if ((cm = wolfSSL_CertManagerNew()) == NULL) { printf("cert manager new failed\n"); return -1; } ret = wolfSSL_CertManagerUnloadCAs(cm); if (ret != WOLFSSL_SUCCESS) return -1; wolfSSL_CertManagerFree(cm); /* Test chain J (Again only first ICA has pathLen set and it's set to 2, * this time followed by 3 ICA's, should fail */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { printf("cert manager new failed\n"); return -1; } AssertIntLT(test_chainJ(cm), 0); wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); if ((cm = wolfSSL_CertManagerNew()) == NULL) { printf("cert manager new failed\n"); return -1; } ret = wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); return ret; } #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */ #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl) { byte ekm[100] = {0}; (void)ctx; /* Succes Cases */ AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1); /* Use some random context */ AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1); /* Failure cases */ AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "extended master secret", XSTR_SIZEOF("extended master secret"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0); return 0; } static void test_export_keying_material_ssl_cb(WOLFSSL* ssl) { wolfSSL_KeepArrays(ssl); } static void test_export_keying_material(void) { #ifndef SINGLE_THREADED tcp_ready ready; callback_functions clientCb; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&clientCb, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; clientCb.ssl_ready = test_export_keying_material_ssl_cb; client_args.callbacks = &clientCb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, test_export_keying_material_cb); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif #endif /* !SINGLE_THREADED */ } #endif /* HAVE_KEYING_MATERIAL */ static int test_wolfSSL_THREADID_hash(void) { int ret = 0; unsigned long res; #if defined(OPENSSL_EXTRA) CRYPTO_THREADID id; printf(testingFmt, "wolfSSL_THREADID_hash"); CRYPTO_THREADID_current(NULL); AssertTrue(1); res = CRYPTO_THREADID_hash(NULL); AssertTrue( res == 0UL); XMEMSET(&id, 0, sizeof(id)); res = CRYPTO_THREADID_hash(&id); AssertTrue( res == 0UL); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ (void)res; return ret; } static int test_wolfSSL_CTX_set_ecdh_auto(void) { int ret = 0; WOLFSSL_CTX* ctx = NULL; #if defined(OPENSSL_EXTRA) printf(testingFmt, "SSL_CTX_set_ecdh_auto"); AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1); AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1); AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1); AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ (void)ctx; return ret; } #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args) { callback_functions* callbacks = NULL; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int ret, err; if (!args) return 0; ((func_args*)args)->return_code = TEST_FAIL; callbacks = ((func_args*)args)->callbacks; ctx = wolfSSL_CTX_new(callbacks->method()); #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #else /* Let tcp_listen assign port */ port = 0; #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* listen and accept */ tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sfd); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); do { err = 0; /* Reset error */ ret = wolfSSL_accept(ssl); if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); } } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_FAIL; return 0; } /* read and write data */ XMEMSET( input, 0, sizeof(input)); while (1) { ret = wolfSSL_read(ssl, input, sizeof(input)); if (ret > 0) { break; } else { err = wolfSSL_get_error(ssl,ret); if (err == WOLFSSL_ERROR_WANT_READ) { continue; } break; } } if (err == WOLFSSL_ERROR_ZERO_RETURN) { do { ret = wolfSSL_write(ssl, msg, len); if (ret > 0) { break; } } while (ret < 0); } /* bidirectional shutdown */ while ((ret = wolfSSL_shutdown(ssl)) != WOLFSSL_SUCCESS) { continue; } /* wait for the peer to disconnect the tcp connection */ do { ret = wolfSSL_read(ssl, input, sizeof(input)); err = wolfSSL_get_error(ssl, ret); } while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN); /* detect TCP disconnect */ AssertIntLE(ret,WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN); ((func_args*)args)->return_code = TEST_SUCCESS; wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); return 0; } static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args) { callback_functions* callbacks = NULL; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; int ret, err; if (!args) return 0; ((func_args*)args)->return_code = TEST_FAIL; callbacks = ((func_args*)args)->callbacks; ctx = wolfSSL_CTX_new(callbacks->method()); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull((ssl = wolfSSL_new(ctx))); tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd)); do { err = 0; /* Reset error */ ret = wolfSSL_connect(ssl); if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); } } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); ret = wolfSSL_write(ssl, msg, len); if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; } ret = wolfSSL_shutdown(ssl); if ( ret == WOLFSSL_SHUTDOWN_NOT_DONE) { ret = wolfSSL_shutdown(ssl); } AssertIntEQ(ret, WOLFSSL_SUCCESS); ((func_args*)args)->return_code = TEST_SUCCESS; wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sfd); return 0; } #endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL */ /* This test is to check wolfSSL_read behaves as same as * openSSL when it is called after SSL_shutdown completes. */ static int test_wolfSSL_read_detect_TCP_disconnect(void) { int ret = 0; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; THREAD_TYPE clientThread; callback_functions server_cbf; callback_functions client_cbf; printf(testingFmt, "wolfSSL_read_detect_TCP_disconnect()"); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_2_server_method; client_cbf.method = wolfTLSv1_2_client_method; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; server_args.signal = &ready; client_args.signal = &ready; start_thread(SSL_read_test_server_thread, &server_args, &serverThread); wait_tcp_ready(&server_args); start_thread(SSL_read_test_client_thread, &client_args, &clientThread); join_thread(clientThread); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); printf(resultFmt, passed); #endif return ret; } static void test_wolfSSL_CTX_get_min_proto_version(void) { #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) WOLFSSL_CTX *ctx; (void)ctx; printf(testingFmt, "wolfSSL_CTX_get_min_proto_version()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALLOW_SSLV3 AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION); #else AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION); #endif wolfSSL_CTX_free(ctx); #ifdef WOLFSSL_ALLOW_TLSV10 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); #endif AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALLOW_TLSV10 AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION); #else AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION); #endif wolfSSL_CTX_free(ctx); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), WOLFSSL_SUCCESS); #ifndef NO_OLD_TLS AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION); #else AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION); #endif wolfSSL_CTX_free(ctx); #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); wolfSSL_CTX_free(ctx); #endif #ifdef WOLFSSL_TLS13 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION); wolfSSL_CTX_free(ctx); #endif printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */ } static void test_wolfSSL_security_level(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "test_wolfSSL_security_level()"); SSL_CTX *ctx; #ifdef WOLFSSL_TLS13 #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif SSL_CTX_set_security_level(ctx, 1); AssertTrue(1); AssertIntEQ(SSL_CTX_get_security_level(ctx), 0); SSL_CTX_free(ctx); #else (void)ctx; #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_SSL_in_init(void) { #if defined(OPENSSL_ALL) && !defined(NO_BIO) printf(testingFmt, "test_wolfSSL_SSL_in_init()"); SSL_CTX* ctx; SSL* ssl; const char* testCertFile; const char* testKeyFile; #ifdef WOLFSSL_TLS13 #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else testCertFile = NULL; testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, SSL_FILETYPE_PEM)); } ssl = SSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(SSL_in_init(ssl), 1); SSL_CTX_free(ctx); SSL_free(ssl); #else (void)ctx; (void)ssl; (void)testCertFile; (void)testKeyFile; #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_EC_curve(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) printf(testingFmt, "test_wolfSSL_EC_curve()"); int nid = NID_secp160k1; const char* nid_name; AssertNotNull(nid_name = EC_curve_nid2nist(nid)); AssertIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0); AssertIntEQ(EC_curve_nist2nid(nid_name), nid); printf(resultFmt, passed); #endif } static void test_wolfSSL_CTX_set_timeout(void) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE) int timeout; (void)timeout; printf(testingFmt, "test_wolfSSL_CTX_set_timeout()"); WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard, * wolfSSL_CTX_set_timeout returns previous timeout value on success. */ AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG); /* giving 0 as timeout value sets default timeout */ timeout = wolfSSL_CTX_set_timeout(ctx, 0); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20); #else AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1); #endif wolfSSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/ } static void test_wolfSSL_OpenSSL_version(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "test_wolfSSL_OpenSSL_version()"); const char* ver; #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L AssertNotNull(ver = OpenSSL_version(0)); #else AssertNotNull(ver = OpenSSL_version()); #endif AssertIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); printf(resultFmt, passed); #endif } static void test_CONF_CTX_CMDLINE(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "test_CONF_CTX_CMDLINE"); SSL_CTX* ctx = NULL; SSL_CONF_CTX* cctx = NULL; AssertNotNull(cctx = SSL_CONF_CTX_new()); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); AssertTrue(1); /* set flags */ AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE), WOLFSSL_CONF_FLAG_CMDLINE); AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE); /* cmd invalid command */ AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); /* cmd Certificate and Private Key*/ { #if !defined(NO_CERTS) && !defined(NO_RSA) const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd curves */ { #if defined(HAVE_ECC) const char* curve = "secp256r1"; AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd CipherString */ { char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); } /* cmd DH parameter */ { #if !defined(NO_DH) && !defined(NO_BIO) const char* ourdhcert = "./certs/dh2048.pem"; AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } SSL_CTX_free(ctx); SSL_CONF_CTX_free(cctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_CONF_CTX_FILE(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "test_CONF_CTX_FILE"); SSL_CTX* ctx = NULL; SSL_CONF_CTX* cctx = NULL; AssertNotNull(cctx = SSL_CONF_CTX_new()); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); AssertTrue(1); /* set flags */ AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), WOLFSSL_CONF_FLAG_FILE); AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); /* sanity check */ AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); /* cmd Certificate and Private Key*/ { #if !defined(NO_CERTS) && !defined(NO_RSA) const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd curves */ { #if defined(HAVE_ECC) const char* curve = "secp256r1"; AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd CipherString */ { char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); } /* cmd DH parameter */ { #if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072) const char* ourdhcert = "./certs/dh3072.pem"; AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } SSL_CTX_free(ctx); SSL_CONF_CTX_free(cctx); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_CRYPTO_get_ex_new_index(void) { #ifdef HAVE_EX_DATA int idx1,idx2; printf(testingFmt, "test_wolfSSL_CRYPTO_get_ex_new_index()"); /* test for unsupported flass index */ AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1); /* test for supported class index */ idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0,NULL, NULL, NULL, NULL ); idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0,NULL, NULL, NULL, NULL ); AssertIntNE(idx1, -1); AssertIntNE(idx2, -1); AssertIntNE(idx1, idx2); idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, 0,NULL, NULL, NULL, NULL ); idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, 0,NULL, NULL, NULL, NULL ); AssertIntNE(idx1, -1); AssertIntNE(idx2, -1); AssertIntNE(idx1, idx2); idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, 0,NULL, NULL, NULL, NULL ); idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, 0,NULL, NULL, NULL, NULL ); AssertIntNE(idx1, -1); AssertIntNE(idx2, -1); AssertIntNE(idx1, idx2); printf(resultFmt, "passed"); #endif /* HAVE_EX_DATA */ } static void test_wolfSSL_set_psk_use_session_callback(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) printf(testingFmt, "test_wolfSSL_set_psk_use_session_callback()"); SSL_CTX* ctx; SSL* ssl; const char* testCertFile; const char* testKeyFile; #ifdef WOLFSSL_TLS13 #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else testCertFile = NULL; testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, SSL_FILETYPE_PEM)); } ssl = SSL_new(ctx); AssertNotNull(ssl); SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb); AssertTrue(1); SSL_CTX_free(ctx); SSL_free(ssl); #else (void)ctx; (void)ssl; (void)testCertFile; (void)testKeyFile; #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_DH(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DH) DH *dh = NULL; BIGNUM* p; BIGNUM* q; BIGNUM* g; BIGNUM* pub; BIGNUM* priv; (void)dh; (void)p; (void)q; (void)g; (void)pub; (void)priv; #if defined(OPENSSL_ALL) && defined(WOLFSSL_KEY_GEN) #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) FILE* f = NULL; unsigned char buf[268]; const unsigned char* pt = buf; long len = 0; dh = NULL; XMEMSET(buf, 0, sizeof(buf)); /* Test 2048 bit parameters */ f = XFOPEN("./certs/dh2048.der", "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); AssertNotNull(dh = d2i_DHparams(NULL, &pt, len)); AssertNotNull(dh->p); AssertNotNull(dh->g); AssertTrue(pt != buf); AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); DH_get0_pqg(dh, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**) &g); AssertPtrEq(p, dh->p); AssertPtrEq(q, dh->q); AssertPtrEq(g, dh->g); DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv); AssertPtrEq(pub, dh->pub_key); AssertPtrEq(priv, dh->priv_key); AssertNotNull(pub = BN_new()); AssertNotNull(priv = BN_new()); AssertIntEQ(DH_set0_key(dh, pub, priv), 1); AssertPtrEq(pub, dh->pub_key); AssertPtrEq(priv, dh->priv_key); DH_free(dh); AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL)); DH_free(dh); #endif #endif printf(testingFmt, "test_wolfSSL_DH"); dh = wolfSSL_DH_new(); AssertNotNull(dh); /* invalid parameters test */ DH_get0_pqg(NULL, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**)&g); DH_get0_pqg(dh, NULL, (const BIGNUM**)&q, (const BIGNUM**)&g); DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g); DH_get0_pqg(dh, NULL, NULL, NULL); AssertTrue(1); DH_get0_pqg(dh, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**)&g); AssertPtrEq(p, NULL); AssertPtrEq(q, NULL); AssertPtrEq(g, NULL); DH_free(dh); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && !NO_DH */ } static void test_wolfSSL_ERR_strings(void) { const char* err1 = "unsupported cipher suite"; const char* err2 = "wolfSSL PEM routines"; const char* err = NULL; (void)err; (void)err1; (void)err2; #if !defined(NO_ERROR_STRINGS) printf(testingFmt, "test_wolfSSL_ERR_strings"); #if defined(OPENSSL_EXTRA) err = ERR_reason_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); err = ERR_func_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ((*err == '\0'), 1); err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD); AssertTrue(err != NULL); AssertIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0); #else err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ((*err == '\0'), 1); /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */ err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2); AssertTrue(err != NULL); AssertIntEQ((*err == '\0'), 1); #endif printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_shake128(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ defined(WOLFSSL_SHAKE128) printf(testingFmt, "test_wolfSSL_EVP_shake128"); const EVP_MD* md = NULL; md = EVP_shake128(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0); printf(resultFmt, passed); #endif } static void test_wolfSSL_EVP_shake256(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ defined(WOLFSSL_SHAKE256) printf(testingFmt, "test_wolfSSL_EVP_shake256"); const EVP_MD* md = NULL; md = EVP_shake256(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0); printf(resultFmt, passed); #endif } static void test_EVP_blake2(void) { #if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)) printf(testingFmt, "test_EVP_blake2"); const EVP_MD* md = NULL; (void)md; #if defined(HAVE_BLAKE2) md = EVP_blake2b512(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0); #endif #if defined(HAVE_BLAKE2S) md = EVP_blake2s256(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0); #endif printf(resultFmt, passed); #endif } #if defined(OPENSSL_EXTRA) static void list_md_fn(const EVP_MD* m, const char* from, const char* to, void* arg) { const char* mn; BIO *bio; (void) from; (void) to; (void) arg; (void) mn; (void) bio; if (!m) { /* alias */ AssertNull(m); AssertNotNull(to); } else { AssertNotNull(m); AssertNull(to); } AssertNotNull(from); #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) mn = EVP_get_digestbyname(from); /* print to stdout */ AssertNotNull(arg); bio = BIO_new(BIO_s_file()); BIO_set_fp(bio, arg, BIO_NOCLOSE); BIO_printf(bio, "Use %s message digest algorithm\n", mn); BIO_free(bio); #endif } #endif static void test_EVP_MD_do_all(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "test_EVP_MD_do_all"); EVP_MD_do_all(NULL, stdout); /* to confirm previous call gives no harm */ AssertTrue(1); EVP_MD_do_all(list_md_fn, stdout); /* to confirm previous call gives no harm */ AssertTrue(1); printf(resultFmt, passed); #endif } #if defined(OPENSSL_EXTRA) static void obj_name_t(const OBJ_NAME* nm, void* arg) { (void)arg; (void)nm; AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF); #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) /* print to stdout */ AssertNotNull(arg); bio = BIO_new(BIO_s_file()); BIO_set_fp(bio, arg, BIO_NOCLOSE); BIO_printf(bio, "%s\n", mn); BIO_free(bio); #endif } #endif static void test_OBJ_NAME_do_all(void) { #if defined(OPENSSL_EXTRA) printf(testingFmt, "test_OBJ_NAME_do_all"); OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL); /* to confirm previous call gives no harm */ AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stdout); /* to confirm previous call gives no harm */ AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stdout); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stdout); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stdout); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stdout); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stdout); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stdout); AssertTrue(1); OBJ_NAME_do_all(-1, obj_name_t, stdout); AssertTrue(1); printf(resultFmt, passed); #endif } static void test_SSL_CIPHER_get_xxx(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) printf(testingFmt, "test_SSL_CIPHER_get_xxx"); const SSL_CIPHER* cipher = NULL; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; int i, numCiphers = 0; SSL_CTX* ctx = NULL; SSL* ssl = NULL; const char* testCertFile; const char* testKeyFile; char buf[256] = {0}; const char* cipher_id = NULL; int expect_nid1 = NID_undef; int expect_nid2 = NID_undef; int expect_nid3 = NID_undef; int expect_nid4 = NID_undef; int expect_nid5 = 0; const char* cipher_id2 = NULL; int expect_nid21 = NID_undef; int expect_nid22 = NID_undef; int expect_nid23 = NID_undef; int expect_nid24 = NID_undef; int expect_nid25 = 0; (void)cipher; (void)supportedCiphers; (void)i; (void)numCiphers; (void)ctx; (void)ssl; (void)testCertFile; (void)testKeyFile; #if defined(WOLFSSL_TLS13) cipher_id = "TLS13-AES128-GCM-SHA256"; expect_nid1 = NID_auth_rsa; expect_nid2 = NID_aes_128_gcm; expect_nid3 = NID_sha256; expect_nid4 = NID_kx_any; expect_nid5 = 1; #if !defined(WOLFSSL_NO_TLS12) cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384"; expect_nid21 = NID_auth_rsa; expect_nid22 = NID_aes_256_gcm; expect_nid23 = NID_sha384; expect_nid24 = NID_kx_ecdhe; expect_nid25 = 1; #endif #endif #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif if (cipher_id) { #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else testCertFile = NULL; testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, SSL_FILETYPE_PEM)); } ssl = SSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(SSL_in_init(ssl), 1); supportedCiphers = SSL_get_ciphers(ssl); numCiphers = sk_num(supportedCiphers); for (i = 0; i < numCiphers; ++i) { if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { SSL_CIPHER_description(cipher, buf, sizeof(buf)); } if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) { break; } } /* test case for */ if (i != numCiphers) { AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1); AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2); AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3); AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4); AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5); } if (cipher_id2) { for (i = 0; i < numCiphers; ++i) { if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { SSL_CIPHER_description(cipher, buf, sizeof(buf)); } if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) { break; } } /* test case for */ if (i != numCiphers) { AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21); AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22); AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23); AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24); AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25); } } } if (ctx) SSL_CTX_free(ctx); if(ssl) SSL_free(ssl); printf(resultFmt, passed); #endif } #if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES) static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer, int* keyFormat) { int ret; byte* key_buf = NULL; size_t key_sz = 0; EncryptedInfo encInfo; XMEMSET(&encInfo, 0, sizeof(encInfo)); ret = load_file(privKeyFile, &key_buf, &key_sz); if (ret == 0) { ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer, NULL, &encInfo, keyFormat); } if (key_buf != NULL) { free(key_buf); key_buf = NULL; } (void)encInfo; /* not used in this test */ #ifdef DEBUG_WOLFSSL printf("%s (%d): Loading PEM %s (len %d) to DER (len %d)\n", (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz, (*pDer)->length); #endif return ret; } static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) { int ret = CRYPTOCB_UNAVAILABLE; const char* privKeyFile = (const char*)ctx; DerBuffer* pDer = NULL; int keyFormat = 0; if (info->algo_type == WC_ALGO_TYPE_PK) { #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: Pk Type %d\n", info->pk.type); #endif #ifndef NO_RSA if (info->pk.type == WC_PK_TYPE_RSA) { switch (info->pk.rsa.type) { case RSA_PUBLIC_ENCRYPT: case RSA_PUBLIC_DECRYPT: /* perform software based RSA public op */ ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */ break; case RSA_PRIVATE_ENCRYPT: case RSA_PRIVATE_DECRYPT: { RsaKey key; /* perform software based RSA private op */ #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: RSA Priv\n"); #endif ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); if (ret != 0) { return ret; } ret = wc_InitRsaKey(&key, NULL); if (ret == 0) { word32 keyIdx = 0; /* load RSA private key and perform private transform */ ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { ret = wc_RsaFunction( info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, info->pk.rsa.outLen, info->pk.rsa.type, &key, info->pk.rsa.rng); } else { /* if decode fails, then fall-back to software based crypto */ printf("test_CryptoCb_Func: RSA private key decode " "failed %d, falling back to software\n", ret); ret = CRYPTOCB_UNAVAILABLE; } wc_FreeRsaKey(&key); } wc_FreeDer(&pDer); pDer = NULL; break; } } #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n", info->pk.rsa.type, ret, *info->pk.rsa.outLen); #endif } #endif /* !NO_RSA */ #ifdef HAVE_ECC if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { /* mark this key as ephemeral */ if (info->pk.eckg.key != NULL) { XSTRNCPY(info->pk.eckg.key->label, "ephemeral", sizeof(info->pk.eckg.key->label)); info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label); } } else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { ecc_key key; /* perform software based ECC sign */ #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: ECC Sign\n"); #endif if (info->pk.eccsign.key != NULL && XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) { /* this is an empheral key */ #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: skipping signing op on ephemeral key\n"); #endif return CRYPTOCB_UNAVAILABLE; } ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); if (ret != 0) { return ret; } ret = wc_ecc_init(&key); if (ret == 0) { word32 keyIdx = 0; /* load ECC private key and perform private transform */ ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { ret = wc_ecc_sign_hash( info->pk.eccsign.in, info->pk.eccsign.inlen, info->pk.eccsign.out, info->pk.eccsign.outlen, info->pk.eccsign.rng, &key); } else { /* if decode fails, then fall-back to software based crypto */ printf("test_CryptoCb_Func: ECC private key decode " "failed %d, falling back to software\n", ret); ret = CRYPTOCB_UNAVAILABLE; } wc_ecc_free(&key); } wc_FreeDer(&pDer); pDer = NULL; #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: ECC Ret %d, Out %d\n", ret, *info->pk.eccsign.outlen); #endif } #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) { ed25519_key key; /* perform software based ED25519 sign */ #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: ED25519 Sign\n"); #endif ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret == 0) { word32 keyIdx = 0; /* load ED25519 private key and perform private transform */ ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { /* calculate public key */ ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); if (ret == 0) { key.pubKeySet = 1; ret = wc_ed25519_sign_msg_ex( info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, &key, info->pk.ed25519sign.type, info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen); } } else { /* if decode fails, then fall-back to software based crypto */ printf("test_CryptoCb_Func: ED25519 private key decode " "failed %d, falling back to software\n", ret); ret = CRYPTOCB_UNAVAILABLE; } wc_ed25519_free(&key); } wc_FreeDer(&pDer); pDer = NULL; #ifdef DEBUG_WOLFSSL printf("test_CryptoCb_Func: ED25519 Ret %d, Out %d\n", ret, *info->pk.ed25519sign.outLen); #endif } #endif /* HAVE_ED25519 */ } (void)thisDevId; (void)keyFormat; return ret; } /* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ static void test_wc_CryptoCb_TLS(int tlsVer, const char* cliCaPemFile, const char* cliCertPemFile, const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile, const char* svrCaPemFile, const char* svrCertPemFile, const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile) { callback_functions client_cbf; callback_functions server_cbf; XMEMSET(&client_cbf, 0, sizeof(client_cbf)); XMEMSET(&server_cbf, 0, sizeof(server_cbf)); if (tlsVer == WOLFSSL_TLSV1_3) { #ifdef WOLFSSL_TLS13 server_cbf.method = wolfTLSv1_3_server_method; client_cbf.method = wolfTLSv1_3_client_method; #endif } else if (tlsVer == WOLFSSL_TLSV1_2) { #ifndef WOLFSSL_NO_TLS12 server_cbf.method = wolfTLSv1_2_server_method; client_cbf.method = wolfTLSv1_2_client_method; #endif } else if (tlsVer == WOLFSSL_TLSV1_1) { #ifndef NO_OLD_TLS server_cbf.method = wolfTLSv1_1_server_method; client_cbf.method = wolfTLSv1_1_client_method; #endif } else if (tlsVer == WOLFSSL_TLSV1) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) server_cbf.method = wolfTLSv1_server_method; client_cbf.method = wolfTLSv1_client_method; #endif } else if (tlsVer == WOLFSSL_SSLV3) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \ defined(WOLFSSL_STATIC_RSA) server_cbf.method = wolfSSLv3_server_method; client_cbf.method = wolfSSLv3_client_method; #endif } else if (tlsVer == WOLFSSL_DTLSV1_2) { #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) server_cbf.method = wolfDTLSv1_2_server_method; client_cbf.method = wolfDTLSv1_2_client_method; #endif } else if (tlsVer == WOLFSSL_DTLSV1) { #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS) server_cbf.method = wolfDTLSv1_server_method; client_cbf.method = wolfDTLSv1_client_method; #endif } if (server_cbf.method == NULL) { /* not enabled */ return; } /* Setup the keys for the TLS test */ client_cbf.certPemFile = cliCertPemFile; client_cbf.keyPemFile = cliPubKeyPemFile; client_cbf.caPemFile = cliCaPemFile; server_cbf.certPemFile = svrCertPemFile; server_cbf.keyPemFile = svrPubKeyPemFile; server_cbf.caPemFile = svrCaPemFile; /* Setup a crypto callback with pointer to private key file for testing */ client_cbf.devId = 1; wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func, (void*)cliPrivKeyPemFile); server_cbf.devId = 2; wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func, (void*)svrPrivKeyPemFile); /* Perform TLS server and client test */ /* First test is at WOLFSSL_CTX level */ test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); /* Second test is a WOLFSSL object level */ client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1; test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); /* Un register the devId's */ wc_CryptoCb_UnRegisterDevice(client_cbf.devId); client_cbf.devId = INVALID_DEVID; wc_CryptoCb_UnRegisterDevice(server_cbf.devId); server_cbf.devId = INVALID_DEVID; } #endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */ static void test_wc_CryptoCb(void) { #ifdef WOLF_CRYPTO_CB /* TODO: Add crypto callback API tests */ #ifdef HAVE_IO_TESTS_DEPENDENCIES #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) int tlsVer; #endif #ifndef NO_RSA for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wc_CryptoCb_TLS(tlsVer, svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile, cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile); } #endif #ifdef HAVE_ECC for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wc_CryptoCb_TLS(tlsVer, caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile, cliEccCertFile, eccCertFile, eccKeyFile, eccKeyPubFile); } #endif #ifdef HAVE_ED25519 for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) { if (tlsVer == WOLFSSL_DTLSV1) continue; test_wc_CryptoCb_TLS(tlsVer, caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile, cliEdCertFile, edCertFile, edKeyFile, edKeyPubFile); } #endif #endif /* HAVE_IO_TESTS_DEPENDENCIES */ #endif /* WOLF_CRYPTO_CB */ } #if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES) /* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer, const char* cliCaPemFile, const char* cliCertPemFile, const char* cliPrivKeyPemFile, const char* svrCaPemFile, const char* svrCertPemFile, const char* svrPrivKeyPemFile, byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz) { callback_functions client_cbf; callback_functions server_cbf; XMEMSET(&client_cbf, 0, sizeof(client_cbf)); XMEMSET(&server_cbf, 0, sizeof(server_cbf)); if (tlsVer == WOLFSSL_TLSV1_3) { #ifdef WOLFSSL_TLS13 server_cbf.method_ex = wolfTLSv1_3_server_method_ex; client_cbf.method_ex = wolfTLSv1_3_client_method_ex; #endif } else if (tlsVer == WOLFSSL_TLSV1_2) { #ifndef WOLFSSL_NO_TLS12 server_cbf.method_ex = wolfTLSv1_2_server_method_ex; client_cbf.method_ex = wolfTLSv1_2_client_method_ex; #endif } else if (tlsVer == WOLFSSL_TLSV1_1) { #ifndef NO_OLD_TLS server_cbf.method_ex = wolfTLSv1_1_server_method_ex; client_cbf.method_ex = wolfTLSv1_1_client_method_ex; #endif } else if (tlsVer == WOLFSSL_TLSV1) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) server_cbf.method_ex = wolfTLSv1_server_method_ex; client_cbf.method_ex = wolfTLSv1_client_method_ex; #endif } else if (tlsVer == WOLFSSL_SSLV3) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \ defined(WOLFSSL_STATIC_RSA) server_cbf.method_ex = wolfSSLv3_server_method_ex; client_cbf.method_ex = wolfSSLv3_client_method_ex; #endif } else if (tlsVer == WOLFSSL_DTLSV1_2) { #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) server_cbf.method_ex = wolfDTLSv1_2_server_method_ex; client_cbf.method_ex = wolfDTLSv1_2_client_method_ex; #endif } else if (tlsVer == WOLFSSL_DTLSV1) { #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS) server_cbf.method_ex = wolfDTLSv1_server_method_ex; client_cbf.method_ex = wolfDTLSv1_client_method_ex; #endif } if (server_cbf.method_ex == NULL) { /* not enabled */ return; } /* Setup the keys for the TLS test */ client_cbf.certPemFile = cliCertPemFile; client_cbf.keyPemFile = cliPrivKeyPemFile; client_cbf.caPemFile = cliCaPemFile; server_cbf.certPemFile = svrCertPemFile; server_cbf.keyPemFile = svrPrivKeyPemFile; server_cbf.caPemFile = svrCaPemFile; client_cbf.mem = cliMem; client_cbf.memSz = cliMemSz; server_cbf.mem = svrMem; server_cbf.memSz = svrMemSz; client_cbf.devId = INVALID_DEVID; server_cbf.devId = INVALID_DEVID; /* Perform TLS server and client test */ /* First test is at WOLFSSL_CTX level */ test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); /* Second test is a WOLFSSL object level */ client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1; test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); } #endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */ #ifdef WOLFSSL_STATIC_MEMORY #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ defined(SESSION_CERTS) #ifdef OPENSSL_EXTRA #define TEST_TLS_STATIC_MEMSZ (400000) #else #define TEST_TLS_STATIC_MEMSZ (320000) #endif #else #define TEST_TLS_STATIC_MEMSZ (80000) #endif static void test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) { WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL; WOLFSSL_MEM_STATS mem_stats; WOLFSSL_MEM_CONN_STATS ssl_stats; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #endif AssertNotNull((ssl1 = wolfSSL_new(ctx))); AssertNotNull((ssl2 = wolfSSL_new(ctx))); /* this should fail because kMaxCtxClients == 2 */ AssertNull((ssl3 = wolfSSL_new(ctx))); if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) { #ifdef DEBUG_WOLFSSL wolfSSL_PrintStatsConn(&ssl_stats); #endif (void)ssl_stats; } /* display collected statistics */ if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) { #ifdef DEBUG_WOLFSSL wolfSSL_PrintStats(&mem_stats); #endif (void)mem_stats; } wolfSSL_free(ssl1); wolfSSL_free(ssl2); } #endif /* WOLFSSL_STATIC_MEMORY */ static void test_wolfSSL_CTX_StaticMemory(void) { #ifdef WOLFSSL_STATIC_MEMORY wolfSSL_method_func method_func; WOLFSSL_CTX* ctx; const int kMaxCtxClients = 2; #ifdef HAVE_IO_TESTS_DEPENDENCIES #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) int tlsVer; byte cliMem[TEST_TLS_STATIC_MEMSZ]; #endif #endif byte svrMem[TEST_TLS_STATIC_MEMSZ]; printf(testingFmt, "test_wolfSSL_CTX_StaticMemory()"); #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 method_func = wolfTLSv1_2_server_method_ex; #else method_func = wolfTLSv1_3_server_method_ex; #endif #else #ifndef WOLFSSL_NO_TLS12 method_func = wolfTLSv1_2_client_method_ex; #else method_func = wolfTLSv1_3_client_method_ex; #endif #endif /* Test creating CTX directly from static memory pool */ ctx = NULL; AssertIntEQ(wolfSSL_CTX_load_static_memory( &ctx, method_func, svrMem, sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS); test_wolfSSL_CTX_StaticMemory_SSL(ctx); wolfSSL_CTX_free(ctx); ctx = NULL; /* Test for heap allocated CTX, then assigning static pool to it */ AssertNotNull(ctx = wolfSSL_CTX_new(method_func(NULL))); AssertIntEQ(wolfSSL_CTX_load_static_memory(&ctx, NULL, svrMem, sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS); test_wolfSSL_CTX_StaticMemory_SSL(ctx); wolfSSL_CTX_free(ctx); /* TLS Level Tests using static memory */ #ifdef HAVE_IO_TESTS_DEPENDENCIES #ifndef NO_RSA for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, svrCertFile, cliCertFile, cliKeyFile, cliCertFile, svrCertFile, svrKeyFile, cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)); } #endif #ifdef HAVE_ECC for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccCertFile, eccCertFile, eccKeyFile, cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)); } #endif #ifdef HAVE_ED25519 for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) { if (tlsVer == WOLFSSL_DTLSV1) continue; test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdCertFile, edCertFile, edKeyFile, cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)); } #endif #endif /* HAVE_IO_TESTS_DEPENDENCIES */ printf(resultFmt, passed); #endif } /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ void ApiTest(void) { printf("\n-----------------Porting tests------------------\n"); AssertTrue(test_fileAccess()); printf(" Begin API Tests\n"); AssertIntEQ(test_wolfSSL_Init(), WOLFSSL_SUCCESS); /* wolfcrypt initialization tests */ test_wolfSSL_Method_Allocators(); #ifndef NO_WOLFSSL_SERVER test_wolfSSL_CTX_new(wolfSSLv23_server_method()); #endif #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) test_for_double_Free(); #endif #ifdef HAVE_IO_TESTS_DEPENDENCIES test_wolfSSL_get_finished(); #endif test_SSL_CIPHER_get_xxx(); test_wolfSSL_ERR_strings(); test_wolfSSL_EVP_shake128(); test_wolfSSL_EVP_shake256(); test_EVP_blake2(); test_EVP_MD_do_all(); test_OBJ_NAME_do_all(); test_wolfSSL_CTX_use_certificate_file(); AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS); test_wolfSSL_CTX_use_PrivateKey_file(); test_wolfSSL_CTX_load_verify_locations(); test_wolfSSL_CertManagerCheckOCSPResponse(); test_wolfSSL_CertManagerLoadCABuffer(); test_wolfSSL_CertManagerGetCerts(); test_wolfSSL_CertManagerSetVerify(); test_wolfSSL_CertManagerNameConstraint(); test_wolfSSL_CertManagerNameConstraint2(); test_wolfSSL_CertManagerNameConstraint3(); test_wolfSSL_CertManagerNameConstraint4(); test_wolfSSL_CertManagerNameConstraint5(); test_wolfSSL_CertManagerCRL(); test_wolfSSL_CTX_load_verify_locations_ex(); test_wolfSSL_CTX_load_verify_buffer_ex(); test_wolfSSL_CTX_load_verify_chain_buffer_format(); test_wolfSSL_CTX_add1_chain_cert(); test_wolfSSL_CTX_use_certificate_chain_file_format(); test_wolfSSL_CTX_trust_peer_cert(); test_wolfSSL_CTX_SetTmpDH_file(); test_wolfSSL_CTX_SetTmpDH_buffer(); test_wolfSSL_CTX_SetMinMaxDhKey_Sz(); test_wolfSSL_CTX_der_load_verify_locations(); test_wolfSSL_CTX_enable_disable(); test_wolfSSL_CTX_ticket_API(); test_server_wolfSSL_new(); test_client_wolfSSL_new(); test_wolfSSL_SetTmpDH_file(); test_wolfSSL_SetTmpDH_buffer(); test_wolfSSL_SetMinMaxDhKey_Sz(); test_SetTmpEC_DHE_Sz(); test_wolfSSL_CTX_get0_privatekey(); test_wolfSSL_dtls_set_mtu(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) test_wolfSSL_read_write(); #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) test_wolfSSL_reuse_WOLFSSLobj(); #endif test_wolfSSL_CTX_verifyDepth_ServerClient(); test_wolfSSL_dtls_export(); test_wolfSSL_tls_export(); #endif AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS); AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS); /* TLS extensions tests */ #ifdef HAVE_IO_TESTS_DEPENDENCIES test_wolfSSL_UseSNI(); #endif test_wolfSSL_UseTrustedCA(); test_wolfSSL_UseMaxFragment(); test_wolfSSL_UseTruncatedHMAC(); test_wolfSSL_UseSupportedCurve(); test_wolfSSL_UseALPN(); test_wolfSSL_DisableExtendedMasterSecret(); test_wolfSSL_wolfSSL_UseSecureRenegotiation(); /* X509 tests */ test_wolfSSL_X509_NAME_get_entry(); test_wolfSSL_PKCS12(); test_wolfSSL_no_password_cb(); test_wolfSSL_PKCS8(); test_wolfSSL_PKCS8_ED25519(); test_wolfSSL_PKCS8_ED448(); test_wolfSSL_PKCS5(); test_wolfSSL_URI(); test_wolfSSL_TBS(); test_wolfSSL_X509_verify(); test_wolfSSL_X509_TLS_version(); test_wc_PemToDer(); test_wc_AllocDer(); test_wc_CertPemToDer(); test_wc_PubKeyPemToDer(); test_wc_PemPubKeyToDer(); /*OCSP Stapling. */ AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS); AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), WOLFSSL_SUCCESS); /* Multicast */ test_wolfSSL_mcast(); /* compatibility tests */ test_wolfSSL_lhash(); test_wolfSSL_X509_NAME(); test_wolfSSL_X509_NAME_hash(); #ifndef NO_BIO test_wolfSSL_X509_INFO(); #endif test_wolfSSL_X509_subject_name_hash(); test_wolfSSL_X509_issuer_name_hash(); test_wolfSSL_X509_check_host(); test_wolfSSL_X509_check_email(); test_wolfSSL_DES(); test_wolfSSL_certs(); test_wolfSSL_X509_check_private_key(); test_wolfSSL_ASN1_TIME_print(); test_wolfSSL_ASN1_UTCTIME_print(); test_wolfSSL_ASN1_TIME_diff(); test_wolfSSL_ASN1_GENERALIZEDTIME_free(); test_wolfSSL_private_keys(); test_wolfSSL_PEM_read_PrivateKey(); test_wolfSSL_PEM_PrivateKey(); #ifndef NO_BIO test_wolfSSL_PEM_bio_RSAKey(); test_wolfSSL_PEM_bio_DSAKey(); test_wolfSSL_PEM_bio_ECKey(); test_wolfSSL_PEM_RSAPrivateKey(); test_wolfSSL_PEM_PUBKEY(); #endif test_DSA_do_sign_verify(); test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); test_wolfSSL_EVP_MD_size(); test_wolfSSL_EVP_MD_pkey_type(); test_wolfSSL_EVP_Digest(); test_wolfSSL_EVP_Digest_all(); test_wolfSSL_EVP_PKEY_new_mac_key(); test_wolfSSL_EVP_MD_hmac_signing(); test_wolfSSL_EVP_MD_rsa_signing(); test_wolfSSL_EVP_MD_ecc_signing(); test_wolfSSL_EVP_PKEY_print_public(); test_wolfSSL_EVP_ENCODE_CTX_new(); test_wolfSSL_EVP_ENCODE_CTX_free(); test_wolfSSL_EVP_EncodeInit(); test_wolfSSL_EVP_EncodeUpdate(); test_wolfSSL_EVP_EncodeFinal(); test_wolfSSL_EVP_DecodeInit(); test_wolfSSL_EVP_DecodeUpdate(); test_wolfSSL_EVP_DecodeFinal(); test_wolfSSL_CTX_add_extra_chain_cert(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_ERR_peek_last_error_line(); #endif #ifndef NO_BIO test_wolfSSL_ERR_print_errors_cb(); AssertFalse(test_wolfSSL_GetLoggingCb()); AssertFalse(test_WOLFSSL_ERROR_MSG()); AssertFalse(test_wc_ERR_remove_state()); AssertFalse(test_wc_ERR_print_errors_fp()); #endif test_wolfSSL_set_options(); test_wolfSSL_sk_SSL_CIPHER(); test_wolfSSL_set1_curves_list(); test_wolfSSL_set1_sigalgs_list(); test_wolfSSL_PKCS7_certs(); test_wolfSSL_X509_STORE_CTX(); test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(); test_wolfSSL_X509_STORE_CTX_get0_current_issuer(); test_wolfSSL_msgCb(); test_wolfSSL_either_side(); test_wolfSSL_DTLS_either_side(); test_generate_cookie(); test_wolfSSL_X509_STORE_set_flags(); test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_Name_canon(); test_wolfSSL_X509_LOOKUP_ctrl_file(); test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(); test_wolfSSL_X509_NID(); test_wolfSSL_X509_STORE_CTX_set_time(); test_wolfSSL_get0_param(); test_wolfSSL_X509_VERIFY_PARAM_set1_host(); test_wolfSSL_X509_VERIFY_PARAM_set1_ip(); test_wolfSSL_X509_STORE_CTX_get0_store(); test_wolfSSL_X509_STORE(); test_wolfSSL_X509_STORE_load_locations(); test_X509_STORE_get0_objects(); test_wolfSSL_X509_load_crl_file(); test_wolfSSL_BN(); test_wolfSSL_CTX_get0_set1_param(); #ifndef NO_BIO test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); #endif test_wolfSSL_ASN1_STRING(); test_wolfSSL_ASN1_BIT_STRING(); test_wolfSSL_a2i_ASN1_INTEGER(); test_wolfSSL_a2i_IPADDRESS(); test_wolfSSL_X509(); test_wolfSSL_X509_VERIFY_PARAM(); test_wolfSSL_X509_sign(); test_wolfSSL_X509_sign2(); test_wolfSSL_X509_get0_tbs_sigalg(); test_wolfSSL_X509_ALGOR_get0(); test_wolfSSL_X509_get_X509_PUBKEY(); test_wolfSSL_X509_PUBKEY_RSA(); test_wolfSSL_X509_PUBKEY_EC(); test_wolfSSL_X509_PUBKEY_DSA(); test_wolfSSL_RAND(); test_wolfSSL_BUF(); test_wolfSSL_set_tlsext_status_type(); test_wolfSSL_ASN1_TIME_adj(); test_wolfSSL_ASN1_TIME_to_tm(); test_wolfSSL_X509_cmp_time(); test_wolfSSL_X509_time_adj(); test_wolfSSL_CTX_set_client_CA_list(); test_wolfSSL_CTX_add_client_CA(); test_wolfSSL_CTX_set_srp_username(); test_wolfSSL_CTX_set_srp_password(); test_wolfSSL_CTX_set_keylog_callback(); test_wolfSSL_CTX_get_keylog_callback(); test_wolfSSL_Tls12_Key_Logging_test(); test_wolfSSL_Tls13_Key_Logging_test(); test_wolfSSL_Tls13_postauth(); test_wolfSSL_CTX_set_ecdh_auto(); test_wolfSSL_set_minmax_proto_version(); test_wolfSSL_THREADID_hash(); test_wolfSSL_RAND_set_rand_method(); test_wolfSSL_RAND_bytes(); test_wolfSSL_BN_rand(); test_wolfSSL_pseudo_rand(); test_wolfSSL_PKCS8_Compat(); test_wolfSSL_PKCS8_d2i(); test_error_queue_per_thread(); test_wolfSSL_ERR_put_error(); #ifndef NO_BIO test_wolfSSL_ERR_print_errors(); #endif test_wolfSSL_HMAC(); test_wolfSSL_CMAC(); test_wolfSSL_OBJ(); test_wolfSSL_i2a_ASN1_OBJECT(); test_wolfSSL_OBJ_cmp(); test_wolfSSL_OBJ_txt2nid(); test_wolfSSL_OBJ_txt2obj(); test_wolfSSL_i2t_ASN1_OBJECT(); test_wolfSSL_PEM_write_bio_X509(); test_wolfSSL_X509_NAME_ENTRY(); test_wolfSSL_X509_set_name(); test_wolfSSL_X509_set_notAfter(); test_wolfSSL_X509_set_notBefore(); test_wolfSSL_X509_set_version(); #ifndef NO_BIO test_wolfSSL_BIO_gets(); test_wolfSSL_BIO_puts(); test_wolfSSL_BIO_should_retry(); test_wolfSSL_d2i_PUBKEY(); test_wolfSSL_BIO_write(); test_wolfSSL_BIO_connect(); test_wolfSSL_BIO_accept(); test_wolfSSL_BIO_printf(); test_wolfSSL_BIO_f_md(); test_wolfSSL_BIO_up_ref(); #endif test_wolfSSL_cert_cb(); test_wolfSSL_SESSION(); test_wolfSSL_ticket_keys(); test_wolfSSL_DES_ecb_encrypt(); test_wolfSSL_sk_GENERAL_NAME(); test_wolfSSL_GENERAL_NAME_print(); test_wolfSSL_sk_DIST_POINT(); test_wolfSSL_MD4(); test_wolfSSL_RSA(); test_wolfSSL_RSA_DER(); test_wolfSSL_RSA_get0_key(); test_wolfSSL_RSA_meth(); test_wolfSSL_verify_mode(); test_wolfSSL_verify_depth(); test_wolfSSL_HMAC_CTX(); test_wolfSSL_msg_callback(); test_wolfSSL_SHA(); test_wolfSSL_DH_1536_prime(); test_wolfSSL_PEM_write_DHparams(); test_wolfSSL_PEM_read_DHparams(); test_wolfSSL_AES_ecb_encrypt(); test_wolfSSL_MD5(); test_wolfSSL_MD5_Transform(); test_wolfSSL_SHA_Transform(); test_wolfSSL_SHA256(); test_wolfSSL_SHA256_Transform(); test_wolfSSL_SHA224(); test_wolfSSL_SHA512_Transform(); test_wolfSSL_X509_get_serialNumber(); test_wolfSSL_X509_CRL(); test_wolfSSL_d2i_X509_REQ(); test_wolfSSL_PEM_read_X509(); test_wolfSSL_PEM_read(); #ifndef NO_BIO test_wolfSSL_PEM_X509_INFO_read_bio(); test_wolfSSL_PEM_read_bio_ECPKParameters(); #endif test_wolfSSL_X509_STORE_get1_certs(); test_wolfSSL_X509_NAME_ENTRY_get_object(); test_wolfSSL_OpenSSL_add_all_algorithms(); test_wolfSSL_OPENSSL_hexstr2buf(); test_wolfSSL_ASN1_STRING_print_ex(); test_wolfSSL_ASN1_TIME_to_generalizedtime(); test_wolfSSL_ASN1_INTEGER_get_set(); test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(); test_wolfSSL_i2c_ASN1_INTEGER(); test_wolfSSL_X509_check_ca(); test_wolfSSL_X509_check_ip_asc(); test_wolfSSL_DC_cert(); test_wolfSSL_DES_ncbc(); test_wolfSSL_AES_cbc_encrypt(); test_wolfssl_EVP_aes_gcm_AAD_2_parts(); test_wolfssl_EVP_aes_gcm(); test_wolfSSL_PKEY_up_ref(); test_wolfSSL_EVP_Cipher_extra(); test_wolfSSL_d2i_and_i2d_PublicKey(); test_wolfSSL_d2i_and_i2d_DSAparams(); test_wolfSSL_i2d_PrivateKey(); test_wolfSSL_OCSP_id_get0_info(); test_wolfSSL_i2d_OCSP_CERTID(); test_wolfSSL_OCSP_id_cmp(); test_wolfSSL_OCSP_SINGLERESP_get0_id(); test_wolfSSL_OCSP_single_get0_status(); test_wolfSSL_OCSP_resp_count(); test_wolfSSL_OCSP_resp_get0(); test_wolfSSL_EVP_PKEY_derive(); test_wolfSSL_EVP_PBE_scrypt(); #ifndef NO_RSA test_wolfSSL_RSA_padding_add_PKCS1_PSS(); #endif test_wolfSSL_RSA_sign_sha3(); test_CONF_modules_xxx(); test_CRYPTO_set_dynlock_xxx(); test_CRYPTO_THREADID_xxx(); test_ENGINE_cleanup(); test_wolfSSL_EC_KEY_set_group(); #if defined(OPENSSL_ALL) test_wolfSSL_X509_PUBKEY_get(); test_wolfSSL_sk_CIPHER_description(); test_wolfSSL_get_ciphers_compat(); test_wolfSSL_d2i_DHparams(); test_wolfSSL_i2d_DHparams(); test_wolfSSL_ASN1_STRING_to_UTF8(); test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(); test_wolfSSL_EC_KEY_dup(); test_wolfSSL_EVP_PKEY_set1_get1_DSA(); test_wolfSSL_DSA_SIG(); test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY(); test_wolfSSL_EVP_PKEY_set1_get1_DH(); test_wolfSSL_CTX_ctrl(); test_wolfSSL_DH_check(); test_wolfSSL_EVP_PKEY_assign(); test_wolfSSL_EVP_PKEY_base_id(); test_wolfSSL_EVP_PKEY_id(); test_wolfSSL_EVP_PKEY_keygen(); test_wolfSSL_EVP_PKEY_keygen_init(); test_wolfSSL_EVP_PKEY_missing_parameters(); test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(); test_wolfSSL_EVP_CIPHER_CTX_iv_length(); test_wolfSSL_EVP_CIPHER_CTX_key_length(); test_wolfSSL_EVP_CIPHER_CTX_set_key_length(); test_wolfSSL_EVP_CIPHER_CTX_set_iv(); test_wolfSSL_EVP_PKEY_CTX_new_id(); test_wolfSSL_EVP_rc4(); test_wolfSSL_EVP_enc_null(); test_wolfSSL_EVP_rc2_cbc(); test_wolfSSL_EVP_mdc2(); test_wolfSSL_EVP_md4(); test_wolfSSL_EVP_aes_256_gcm(); test_wolfSSL_EVP_aes_192_gcm(); test_wolfSSL_EVP_ripemd160(); test_wolfSSL_EVP_get_digestbynid(); test_wolfSSL_EVP_MD_nid(); test_wolfSSL_EVP_PKEY_get0_EC_KEY(); test_wolfSSL_EVP_X_STATE(); test_wolfSSL_EVP_X_STATE_LEN(); test_wolfSSL_EVP_CIPHER_block_size(); test_wolfSSL_EVP_CIPHER_iv_length(); test_wolfSSL_EVP_SignInit_ex(); test_wolfSSL_EVP_DigestFinal_ex(); test_wolfSSL_EVP_PKEY_assign_DH(); test_wolfSSL_EVP_BytesToKey(); test_wolfSSL_EVP_PKEY_param_check(); test_wolfSSL_QT_EVP_PKEY_CTX_free(); test_IncCtr(); test_wolfSSL_OBJ_ln(); test_wolfSSL_OBJ_sn(); test_wolfSSL_TXT_DB(); test_wolfSSL_NCONF(); #endif /* OPENSSL_ALL */ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); #ifndef NO_BIO test_wolfSSL_d2i_PrivateKeys_bio(); #endif #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ test_wolfSSL_X509_CA_num(); test_wolfSSL_X509_get_version(); #ifndef NO_BIO test_wolfSSL_X509_print(); test_wolfSSL_BIO_get_len(); #endif test_wolfSSL_RSA_verify(); test_wolfSSL_X509V3_EXT_get(); test_wolfSSL_X509V3_EXT_nconf(); test_wolfSSL_X509V3_EXT(); test_wolfSSL_X509_get_extension_flags(); test_wolfSSL_X509_get_ext(); test_wolfSSL_X509_get_ext_by_NID(); test_wolfSSL_X509_get_ext_subj_alt_name(); test_wolfSSL_X509_get_ext_count(); test_wolfSSL_X509_EXTENSION_new(); test_wolfSSL_X509_EXTENSION_get_object(); test_wolfSSL_X509_EXTENSION_get_data(); test_wolfSSL_X509_EXTENSION_get_critical(); test_wolfSSL_X509V3_EXT_print(); test_wolfSSL_X509_cmp(); #ifndef NO_BIO test_wolfSSL_RSA_print(); test_wolfSSL_ASN1_STRING_print(); #endif test_wolfSSL_ASN1_get_object(); test_openssl_generate_key_and_cert(); test_wolfSSL_EC_get_builtin_curves(); test_wolfSSL_CRYPTO_memcmp(); test_wolfSSL_read_detect_TCP_disconnect(); /* test the no op functions for compatibility */ test_no_op_functions(); /* OpenSSL EVP_PKEY API tests */ test_EVP_PKEY_rsa(); test_wolfSSL_EVP_PKEY_encrypt(); test_wolfSSL_EVP_PKEY_sign(); test_EVP_PKEY_ec(); test_EVP_PKEY_cmp(); /* OpenSSL error API tests */ test_ERR_load_crypto_strings(); /* OpenSSL sk_X509 API test */ test_sk_X509(); /* OpenSSL X509 API test */ test_X509_get_signature_nid(); /* OpenSSL X509 REQ API test */ test_X509_REQ(); /* OpenSSL PKCS7 API test */ test_wolfssl_PKCS7(); test_wolfSSL_PKCS7_SIGNED_new(); #ifndef NO_BIO test_wolfSSL_PEM_write_bio_PKCS7(); #ifdef HAVE_SMIME test_wolfSSL_SMIME_read_PKCS7(); #endif #endif /* wolfCrypt ASN tests */ test_wc_CreateEncryptedPKCS8Key(); test_wc_GetPkcs8TraditionalOffset(); test_wc_SetSubjectRaw(); test_wc_GetSubjectRaw(); test_wc_SetIssuerRaw(); test_wc_SetIssueBuffer(); test_wc_SetSubjectKeyId(); test_wc_SetSubject(); test_CheckCertSignature(); /* wolfCrypt ECC tests */ test_wc_ecc_get_curve_size_from_name(); test_wc_ecc_get_curve_id_from_name(); test_wc_ecc_get_curve_id_from_params(); #ifdef WOLFSSL_TLS13 /* TLS v1.3 API tests */ test_tls13_apis(); #endif #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */ /* Bad certificate signature tests */ AssertIntEQ(test_EccSigFailure_cm(), ASN_SIG_CONFIRM_E); AssertIntEQ(test_RsaSigFailure_cm(), ASN_SIG_CONFIRM_E); #endif /* NO_CERTS */ #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \ !defined(NO_OLD_TLS)) /* public key callback tests */ test_DhCallbacks(); #endif #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES) test_export_keying_material(); #endif /* HAVE_KEYING_MATERIAL */ test_wolfSSL_CTX_get_min_proto_version(); test_wolfSSL_security_level(); test_wolfSSL_SSL_in_init(); test_wolfSSL_EC_curve(); test_wolfSSL_CTX_set_timeout(); test_wolfSSL_OpenSSL_version(); test_wolfSSL_set_psk_use_session_callback(); test_CONF_CTX_FILE(); test_CONF_CTX_CMDLINE(); test_wolfSSL_CRYPTO_get_ex_new_index(); test_wolfSSL_DH(); /*wolfcrypt */ printf("\n-----------------wolfcrypt unit tests------------------\n"); AssertFalse(test_wolfCrypt_Init()); AssertFalse(test_wc_InitMd5()); AssertFalse(test_wc_Md5Update()); AssertFalse(test_wc_Md5Final()); AssertFalse(test_wc_InitSha()); AssertFalse(test_wc_ShaUpdate()); AssertFalse(test_wc_ShaFinal()); AssertFalse(test_wc_InitSha256()); AssertFalse(test_wc_Sha256Update()); AssertFalse(test_wc_Sha256Final()); AssertFalse(test_wc_Sha256FinalRaw()); AssertFalse(test_wc_Sha256GetFlags()); AssertFalse(test_wc_Sha256Free()); AssertFalse(test_wc_Sha256GetHash()); AssertFalse(test_wc_Sha256Copy()); AssertFalse(test_wc_InitSha512()); AssertFalse(test_wc_Sha512Update()); AssertFalse(test_wc_Sha512Final()); AssertFalse(test_wc_Sha512GetFlags()); AssertFalse(test_wc_Sha512FinalRaw()); AssertFalse(test_wc_Sha512Free()); AssertFalse(test_wc_Sha512GetHash()); AssertFalse(test_wc_Sha512Copy()); AssertFalse(test_wc_InitSha512_224()); AssertFalse(test_wc_Sha512_224Update()); AssertFalse(test_wc_Sha512_224Final()); AssertFalse(test_wc_Sha512_224GetFlags()); AssertFalse(test_wc_Sha512_224FinalRaw()); AssertFalse(test_wc_Sha512_224Free()); AssertFalse(test_wc_Sha512_224GetHash()); AssertFalse(test_wc_Sha512_224Copy()); AssertFalse(test_wc_InitSha512_256()); AssertFalse(test_wc_Sha512_256Update()); AssertFalse(test_wc_Sha512_256Final()); AssertFalse(test_wc_Sha512_256GetFlags()); AssertFalse(test_wc_Sha512_256FinalRaw()); AssertFalse(test_wc_Sha512_256Free()); AssertFalse(test_wc_Sha512_256GetHash()); AssertFalse(test_wc_Sha512_256Copy()); AssertFalse(test_wc_InitSha384()); AssertFalse(test_wc_Sha384Update()); AssertFalse(test_wc_Sha384Final()); AssertFalse(test_wc_Sha384GetFlags()); AssertFalse(test_wc_Sha384FinalRaw()); AssertFalse(test_wc_Sha384Free()); AssertFalse(test_wc_Sha384GetHash()); AssertFalse(test_wc_Sha384Copy()); AssertFalse(test_wc_InitSha224()); AssertFalse(test_wc_Sha224Update()); AssertFalse(test_wc_Sha224Final()); AssertFalse(test_wc_Sha224SetFlags()); AssertFalse(test_wc_Sha224GetFlags()); AssertFalse(test_wc_Sha224Free()); AssertFalse(test_wc_Sha224GetHash()); AssertFalse(test_wc_Sha224Copy()); AssertFalse(test_wc_InitBlake2b()); AssertFalse(test_wc_InitBlake2b_WithKey()); AssertFalse(test_wc_InitBlake2s_WithKey()); AssertFalse(test_wc_InitRipeMd()); AssertFalse(test_wc_RipeMdUpdate()); AssertFalse(test_wc_RipeMdFinal()); AssertIntEQ(test_wc_InitSha3(), 0); AssertIntEQ(testing_wc_Sha3_Update(), 0); AssertIntEQ(test_wc_Sha3_224_Final(), 0); AssertIntEQ(test_wc_Sha3_256_Final(), 0); AssertIntEQ(test_wc_Sha3_384_Final(), 0); AssertIntEQ(test_wc_Sha3_512_Final(), 0); AssertIntEQ(test_wc_Sha3_224_Copy(), 0); AssertIntEQ(test_wc_Sha3_256_Copy(), 0); AssertIntEQ(test_wc_Sha3_384_Copy(), 0); AssertIntEQ(test_wc_Sha3_512_Copy(), 0); AssertIntEQ(test_wc_Sha3_GetFlags(), 0); AssertIntEQ(test_wc_InitShake256(), 0); AssertIntEQ(testing_wc_Shake256_Update(), 0); AssertIntEQ(test_wc_Shake256_Final(), 0); AssertIntEQ(test_wc_Shake256_Copy(), 0); AssertIntEQ(test_wc_Shake256Hash(), 0); AssertFalse(test_wc_Md5HmacSetKey()); AssertFalse(test_wc_Md5HmacUpdate()); AssertFalse(test_wc_Md5HmacFinal()); AssertFalse(test_wc_ShaHmacSetKey()); AssertFalse(test_wc_ShaHmacUpdate()); AssertFalse(test_wc_ShaHmacFinal()); AssertFalse(test_wc_Sha224HmacSetKey()); AssertFalse(test_wc_Sha224HmacUpdate()); AssertFalse(test_wc_Sha224HmacFinal()); AssertFalse(test_wc_Sha256HmacSetKey()); AssertFalse(test_wc_Sha256HmacUpdate()); AssertFalse(test_wc_Sha256HmacFinal()); AssertFalse(test_wc_Sha384HmacSetKey()); AssertFalse(test_wc_Sha384HmacUpdate()); AssertFalse(test_wc_Sha384HmacFinal()); AssertIntEQ(test_wc_HashInit(), 0); AssertIntEQ(test_wc_HashSetFlags(), 0); AssertIntEQ(test_wc_HashGetFlags(), 0); AssertIntEQ(test_wc_InitCmac(), 0); AssertIntEQ(test_wc_CmacUpdate(), 0); AssertIntEQ(test_wc_CmacFinal(), 0); AssertIntEQ(test_wc_AesCmacGenerate(), 0); AssertIntEQ(test_wc_AesGcmStream(), 0); AssertIntEQ(test_wc_Des3_SetIV(), 0); AssertIntEQ(test_wc_Des3_SetKey(), 0); AssertIntEQ(test_wc_Des3_CbcEncryptDecrypt(), 0); AssertIntEQ(test_wc_Des3_CbcEncryptDecryptWithKey(), 0); AssertIntEQ(test_wc_Des3_EcbEncrypt(), 0); AssertIntEQ(test_wc_IdeaSetKey(), 0); AssertIntEQ(test_wc_IdeaSetIV(), 0); AssertIntEQ(test_wc_IdeaCipher(), 0); AssertIntEQ(test_wc_IdeaCbcEncyptDecrypt(), 0); AssertIntEQ(test_wc_Chacha_SetKey(), 0); AssertIntEQ(test_wc_Chacha_Process(), 0); AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0); AssertIntEQ(test_wc_Poly1305SetKey(), 0); AssertIntEQ(test_wc_CamelliaSetKey(), 0); AssertIntEQ(test_wc_CamelliaSetIV(), 0); AssertIntEQ(test_wc_CamelliaEncryptDecryptDirect(), 0); AssertIntEQ(test_wc_CamelliaCbcEncryptDecrypt(), 0); AssertIntEQ(test_wc_RabbitSetKey(), 0); AssertIntEQ(test_wc_RabbitProcess(), 0); AssertIntEQ(test_wc_Arc4SetKey(), 0); AssertIntEQ(test_wc_Arc4Process(), 0); AssertIntEQ(test_wc_Rc2SetKey(), 0); AssertIntEQ(test_wc_Rc2SetIV(), 0); AssertIntEQ(test_wc_Rc2EcbEncryptDecrypt(), 0); AssertIntEQ(test_wc_Rc2CbcEncryptDecrypt(), 0); AssertIntEQ(test_wc_AesSetKey(), 0); AssertIntEQ(test_wc_AesSetIV(), 0); AssertIntEQ(test_wc_AesCbcEncryptDecrypt(), 0); AssertIntEQ(test_wc_AesCtrEncryptDecrypt(), 0); AssertIntEQ(test_wc_AesGcmSetKey(), 0); AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0); AssertIntEQ(test_wc_GmacSetKey(), 0); AssertIntEQ(test_wc_GmacUpdate(), 0); AssertIntEQ(test_wc_InitRsaKey(), 0); AssertIntEQ(test_wc_RsaPrivateKeyDecode(), 0); AssertIntEQ(test_wc_RsaPublicKeyDecode(), 0); AssertIntEQ(test_wc_RsaPublicKeyDecodeRaw(), 0); AssertIntEQ(test_wc_MakeRsaKey(), 0); AssertIntEQ(test_wc_SetKeyUsage (), 0); AssertIntEQ(test_wc_CheckProbablePrime (), 0); AssertIntEQ(test_wc_RsaPSS_Verify (), 0); AssertIntEQ(test_wc_RsaPSS_VerifyCheck (), 0); AssertIntEQ(test_wc_RsaPSS_VerifyCheckInline (), 0); AssertIntEQ(test_wc_SetMutexCb(), 0); AssertIntEQ(test_wc_LockMutex_ex(), 0); AssertIntEQ(test_wc_RsaKeyToDer(), 0); AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0); AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0); AssertIntEQ(test_wc_RsaPublicEncryptDecrypt_ex(), 0); AssertIntEQ(test_wc_RsaEncryptSize(), 0); AssertIntEQ(test_wc_RsaSSL_SignVerify(), 0); AssertIntEQ(test_wc_RsaFlattenPublicKey(), 0); AssertIntEQ(test_RsaDecryptBoundsCheck(), 0); AssertIntEQ(test_wc_AesCcmSetKey(), 0); AssertIntEQ(test_wc_AesCcmEncryptDecrypt(), 0); AssertIntEQ(test_wc_Hc128_SetKey(), 0); AssertIntEQ(test_wc_Hc128_Process(), 0); AssertIntEQ(test_wc_InitDsaKey(), 0); AssertIntEQ(test_wc_DsaSignVerify(), 0); AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0); AssertIntEQ(test_wc_MakeDsaKey(), 0); AssertIntEQ(test_wc_DsaKeyToDer(), 0); AssertIntEQ(test_wc_DsaKeyToPublicDer(), 0); AssertIntEQ(test_wc_DsaImportParamsRaw(), 0); AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0); AssertIntEQ(test_wc_DsaExportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportKeyRaw(), 0); AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0); AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0); wolfCrypt_Cleanup(); #ifdef OPENSSL_EXTRA /*wolfSSL_EVP_get_cipherbynid test*/ test_wolfSSL_EVP_get_cipherbynid(); test_wolfSSL_EVP_CIPHER_CTX(); #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) test_wolfSSL_EC(); #endif test_wolfSSL_ECDSA_SIG(); test_ECDSA_size_sign(); test_ED25519(); test_ED448(); test_EC_i2d(); #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \ !defined(HAVE_SELFTEST) && \ !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)) test_wc_ecc_get_curve_id_from_dp_params(); #endif #ifdef HAVE_HASHDRBG #ifdef TEST_RESEED_INTERVAL AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0); #endif AssertIntEQ(test_wc_RNG_GenerateBlock(), 0); #endif AssertIntEQ(test_get_rand_digit(), 0); AssertIntEQ(test_get_digit_count(), 0); AssertIntEQ(test_mp_cond_copy(), 0); AssertIntEQ(test_mp_rand(), 0); AssertIntEQ(test_get_digit(), 0); AssertIntEQ(test_wc_export_int(), 0); AssertIntEQ(test_wc_InitRngNonce(), 0); AssertIntEQ(test_wc_InitRngNonce_ex(), 0); AssertIntEQ(test_wc_ed25519_make_key(), 0); AssertIntEQ(test_wc_ed25519_init(), 0); AssertIntEQ(test_wc_ed25519_sign_msg(), 0); AssertIntEQ(test_wc_ed25519_import_public(), 0); AssertIntEQ(test_wc_ed25519_import_private_key(), 0); AssertIntEQ(test_wc_ed25519_export(), 0); AssertIntEQ(test_wc_ed25519_size(), 0); AssertIntEQ(test_wc_ed25519_exportKey(), 0); AssertIntEQ(test_wc_Ed25519PublicKeyToDer(), 0); AssertIntEQ(test_wc_curve25519_init(), 0); AssertIntEQ(test_wc_curve25519_size(), 0); AssertIntEQ(test_wc_curve25519_export_key_raw(), 0); AssertIntEQ(test_wc_curve25519_export_key_raw_ex(), 0); AssertIntEQ(test_wc_curve25519_size (), 0); AssertIntEQ(test_wc_curve25519_make_key (), 0); AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0); AssertIntEQ(test_wc_curve25519_make_pub (), 0); AssertIntEQ(test_wc_curve25519_export_public_ex (), 0); AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0); AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0); AssertIntEQ(test_wc_curve25519_import_private (), 0); AssertIntEQ(test_wc_ed448_make_key(), 0); AssertIntEQ(test_wc_ed448_init(), 0); AssertIntEQ(test_wc_ed448_sign_msg(), 0); AssertIntEQ(test_wc_ed448_import_public(), 0); AssertIntEQ(test_wc_ed448_import_private_key(), 0); AssertIntEQ(test_wc_ed448_export(), 0); AssertIntEQ(test_wc_ed448_size(), 0); AssertIntEQ(test_wc_ed448_exportKey(), 0); AssertIntEQ(test_wc_Ed448PublicKeyToDer(), 0); AssertIntEQ(test_wc_curve448_make_key (), 0); AssertIntEQ(test_wc_curve448_shared_secret_ex (), 0); AssertIntEQ(test_wc_curve448_export_public_ex (), 0); AssertIntEQ(test_wc_curve448_export_private_raw_ex (), 0); AssertIntEQ(test_wc_curve448_export_key_raw (), 0); AssertIntEQ(test_wc_curve448_import_private_raw_ex (), 0); AssertIntEQ(test_wc_curve448_import_private (), 0); AssertIntEQ(test_wc_curve448_init(), 0); AssertIntEQ(test_wc_curve448_size (), 0); AssertIntEQ(test_wc_ecc_make_key(), 0); AssertIntEQ(test_wc_ecc_init(), 0); AssertIntEQ(test_wc_ecc_check_key(), 0); AssertIntEQ(test_wc_ecc_get_generator(), 0); AssertIntEQ(test_wc_ecc_size(), 0); test_wc_ecc_params(); AssertIntEQ(test_wc_ecc_signVerify_hash(), 0); PRIVATE_KEY_UNLOCK(); AssertIntEQ(test_wc_ecc_shared_secret(), 0); AssertIntEQ(test_wc_ecc_export_x963(), 0); PRIVATE_KEY_LOCK(); AssertIntEQ(test_wc_ecc_export_x963_ex(), 0); AssertIntEQ(test_wc_ecc_import_x963(), 0); AssertIntEQ(ecc_import_private_key(), 0); AssertIntEQ(test_wc_ecc_export_private_only(), 0); AssertIntEQ(test_wc_ecc_rs_to_sig(), 0); AssertIntEQ(test_wc_ecc_import_raw(), 0); AssertIntEQ(test_wc_ecc_import_unsigned(), 0); AssertIntEQ(test_wc_ecc_sig_size(), 0); AssertIntEQ(test_wc_ecc_ctx_new(), 0); AssertIntEQ(test_wc_ecc_ctx_reset(), 0); AssertIntEQ(test_wc_ecc_ctx_set_peer_salt(), 0); AssertIntEQ(test_wc_ecc_ctx_set_info(), 0); AssertIntEQ(test_wc_ecc_encryptDecrypt(), 0); AssertIntEQ(test_wc_ecc_del_point(), 0); AssertIntEQ(test_wc_ecc_pointFns(), 0); AssertIntEQ(test_wc_ecc_shared_secret_ssh(), 0); AssertIntEQ(test_wc_ecc_verify_hash_ex(), 0); AssertIntEQ(test_wc_ecc_mulmod(), 0); AssertIntEQ(test_wc_ecc_is_valid_idx(), 0); AssertIntEQ(test_wc_ecc_get_curve_id_from_oid(), 0); AssertIntEQ(test_wc_ecc_sig_size_calc(), 0); AssertIntEQ(test_ToTraditional(), 0); AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0); AssertIntEQ(test_wc_DhPublicKeyDecode(), 0); AssertIntEQ(test_wc_Ed25519KeyToDer(), 0); AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0); AssertIntEQ(test_wc_Ed448KeyToDer(), 0); AssertIntEQ(test_wc_Ed448PrivateKeyToDer(), 0); AssertIntEQ(test_wc_SetAuthKeyIdFromPublicKey_ex(), 0); AssertIntEQ(test_wc_SetSubjectBuffer(), 0); AssertIntEQ(test_wc_SetSubjectKeyIdFromPublicKey_ex(), 0); test_wc_PKCS7_New(); test_wc_PKCS7_Init(); test_wc_PKCS7_InitWithCert(); test_wc_PKCS7_EncodeData(); test_wc_PKCS7_EncodeSignedData(); test_wc_PKCS7_EncodeSignedData_ex(); test_wc_PKCS7_VerifySignedData(); test_wc_PKCS7_EncodeDecodeEnvelopedData(); test_wc_PKCS7_EncodeEncryptedData(); test_wc_PKCS7_Degenerate(); test_wc_PKCS7_BER(); test_PKCS7_signed_enveloped(); test_wc_PKCS7_NoDefaultSignedAttribs(); test_wc_PKCS7_SetOriEncryptCtx(); test_wc_PKCS7_SetOriDecryptCtx(); test_wc_PKCS7_DecodeCompressedData(); test_wc_i2d_PKCS12(); test_wolfSSL_CTX_LoadCRL(); test_wc_CryptoCb(); test_wolfSSL_CTX_StaticMemory(); AssertIntEQ(test_ForceZero(), 0); AssertIntEQ(test_wolfSSL_Cleanup(), WOLFSSL_SUCCESS); #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) AssertIntEQ(test_various_pathlen_chains(), WOLFSSL_SUCCESS); #endif /* If at some point a stub get implemented this test should fail indicating * a need to implement a new test case */ test_stubs_are_stubs(); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE)) wc_ecc_fp_free(); /* free per thread cache */ #endif wolfSSL_Cleanup(); (void)devId; printf(" End API Tests\n"); }